7.1 Technical Journal - Foren-Ken/tech-journal GitHub Wiki

In this lab, the following topics were utilized: FTP Misconfiguration and FTP Vulnerabilities HTTP Misconfiguration MySQL Traversing

I had not interacted with FTP servers in past, this lab required me to learn how it works:

1. put is a command which allows items to be uploaded to a server
2. pull is the opposite of put, it takes a copy from the server.
3. ls is to list items in a directory.
4. cd is to change directories.

In this lab, the FTP Misconfiguration allowed for anonymous users. If configured properly, this wouldn't be the cause of the penetration, but this FTP was configured to allow a person to explore more than what should have been allowed. This allowed us to access documents with:

1. Passwords written in plaintext for PHP script.
2. Permission to upload to the root of the HTTP server.

With these issues, the HTTP connection allowed PHP scripts to be ran, allowing us to provide a simple backdoor to execute commands on the server via HTTP. With this and the static password, we were able to access the server and the MySQL service. This eventually ended in using hashcat on the hash "Pippin" utilizing the hash code "12100" to solve. The following command was used: hashcat -m 12100 -a 0 -o solvedPippin.txt wikihashPippin possible.txt where “solvedPippin.txt” is the location the cracked hash would go, “wikihashPippin” is the uncracked hash, and “possible.txt” is the wordlist.