Gloin penetration test - Robertsegee/SEC335 GitHub Wiki

In this lab, we were tasked with breaking into a machine that we had very little information. The lack of information was initially very intimidating due to not being given a clear path as to what to do. The first step I took was to find out the IP address of the machine. This was done by running a DNS resolver script which I had used previously in an earlier lab which gave me the information about all machines on the network. After running the script I was able to identify the IP and move on to identifying vulnerabilities. This was done through running an NMAP version and OS scan against the machine which gave me some information such as the OS being Windows 7 and that it was running an HTTPS service. After getting some guidance I was directed to the site and found out that you could input data. I then used the SQL injection: 1’ or 1=1 --, which then gave me access to the site. After exploring Exploit Database I found some injections which I was able to use to leverage the admin hash and admin login. Once I had the hash I ran it through an online hash cracker which then returned a password to me. My next step was to then try and use that password in an attempt to log into the machine. I first attempted to run it against some of the user accounts but found that the password belonged to the admin account. After that it was smooth sailing with finding all the user and root flags.