Newrouge CTF

Backdoor Machine(10.10.11.125) Info: This was an easy machine from hackthebox where we had to enumerate PIDs to find gdbserver to get foothold and attaching root's screen session to get root. I learned about async programming due to this machine. Thanks to 0xdf and HTB for this machine. Recon: starting with port scan, first let's discover open ports then run nmap on them. rustscan -a 10.10.11.125 -u 5000 . Rustscan sometime misses thing due to speed it's a good idea to run nmap full port scan in background nmap -p- -T4 10.10.11.125 . PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack Apache httpd 2.4.41 ((Ubuntu)) |_http-generator: WordPress 5.8.1 | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.41 (Ubuntu) |_http-title: Backdoor – Real-Life 1337/tcp open tcpwrapped syn-ack Service Info: OS:...

Toby Machine (10.10.11.121) Info: As always hackthebox bring so much learninng with insane machines, i learned so many new things like how proxychains work, how different network tools like ifconfig and ip work and how http proxy is different from socks proxy. This box was a insane linux machine where user was already attacked and we had to follow the path of attacker to get foothold and root on machine. PS: I did this box after it retired and i read 0xdf blog and watched ippsec video before doing this. Recon: Starting with port scan we get 4 open ports rustscan -a 10.10.11.121 -u 5000 PORT STATE SERVICE REASON 22/tcp open ssh syn-ack 80/tcp open http syn-ack 10022/tcp open unknown syn-ack 10080/tcp open amanda syn-ack Although rustscan finds four open ports only 22 & 80 works. Rest gives connection reset error in browser. Anyway guessing at it 10080 is should be a webserver and 10022 a ssh server. Reading about port 10080 amanda . It is a...