Posts

Showing posts from February, 2019

[Vulnhub] - W34kn3ss Walkthrough

Image
So it's been a long time since I published any walkthroughs and also vulnhub started publishing new machines from yesterday so I thought why not solve and write about them. The first machine I did is this one -  W34kn3ss  and below is my walkthrough for the same. The target machine's IP address is 192.168.0.122 so I did a quick nmap scan on it. In the above screenshot we can see some open ports like 22, 80 and 443. Nmap's default script scan on port 443 also revealed a domain name "weakness.jth" so I added this domain name on my /etc/hosts and checked the web service running on that domain.  Nothing really interesting here except that ASCII art of a rabbit and text "n30". Maybe n30 is an username which maybe used later? So, I saved it in my notes and started bruting files/dirs with dirsearch. Dirsearch revealed this interesting directory /private so I visited this dir on browser and found two files; mykey.pub and notes.txt. ...