Pegasus Timbeeeeer!!!! Walkthrough!

Hello everyone this is pegasus VM walkthrough for practising and having fun 😀
greetings to everyone for creating this great challenge

I started by running nmap to check all the services that pegasus has on it!

root@Tesla:~# nmap 192.168.7.138 -p- -A

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-11-05 17:51 EET
Nmap scan report for 192.168.7.138 (192.168.7.138)
Host is up (0.00016s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 1024 77:89:5b:52:ed:a5:58:6e:8e:09:f3:9e:f1:b0:d9:98 (DSA)
| 2048 d6:62:f5:12:31:36:ed:08:2c:1a:5e:9f:3c:aa:1f:d2 (RSA)
|_ 256 c5:f0:be:e5:c0:9c:28:6e:23:5c:48:38:8b:4a:c4:43 (ECDSA)
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100024 1 36231/udp status
|_ 100024 1 42084/tcp status
8088/tcp open http nginx 1.1.19
42084/tcp open status 1 (RPC #100024)
MAC Address: 00:0C:29:EA:73:26 (VMware)
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2 - 3.19
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Continue reading

Advertisements

Nullbyte %0 walkthrough

Hey everyone this is the nullbyte VM walkthrough from vulnhub that was created by ly0n.
So we started with an nmap scan to check the open ports see their banners…

root@Tesla:~# nmap 192.168.7.133 -p- -A

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-31 14:35 EET
Nmap scan report for 192.168.7.133 (192.168.7.133)
Host is up (0.00017s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.10 ((Debian))
|_http-server-header: Apache/2.4.10 (Debian)
|_http-title: Null Byte 00 - level 1
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100024 1 34114/tcp status
|_ 100024 1 40102/udp status
777/tcp open ssh OpenSSH 6.7p1 Debian 5 (protocol 2.0)
| ssh-hostkey:
| 1024 16:30:13:d9:d5:55:36:e8:1b:b7:d9:ba:55:2f:d7:44 (DSA)
| 2048 29:aa:7d:2e:60:8b:a6:a1:c2:bd:7c:c8:bd:3c:f4:f2 (RSA)
|_ 256 60:06:e3:64:8f:8a:6f:a7:74:5a:8b:3f:e1:24:93:96 (ECDSA)
34114/tcp open status 1 (RPC #100024)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100024 1 34114/tcp status
|_ 100024 1 40102/udp status
MAC Address: 00:0C:29:AD:C8:3A (VMware)
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2 - 3.19
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

i tried to connect on the ssh first but there was no clue there so i moved into the http enumeration
null1
i downloaded that illuminati cursed symbol picture file(btw i have nothing to do with illuminati and all that weird crap if u saw that triangled at the top of my website 😛 ) and checked it out for some steg style
Continue reading