Pentest
TryhackmeHackthebox
  • 🐧Linux
    • Lateral Movement
    • PrivilageEsc Linux 👑
  • 🪟Windows
    • Lateral Movement
    • PrivilageEsc Windows 👑
    • Active Directory / SMB
  • ☁️Cloud
    • AWS
    • Docker
    • Azure AD
    • Kubernetes
  • 🛠️Tools
    • File Transfers
    • Shells / Payloads
    • Pivoting / Forwarding
    • Network Enumeration
    • Cracking / Fuzzing / Brute-force
  • 🚐TCP
    • 21 ) FTP
    • 22 ) SSH
    • 25 ) SMTP
    • 53 ) DNS
    • 79 ) Finger
    • 110 ) POP3
    • 143, 993 ) IMAP
    • 389 ) LDAP
    • 443 ) HTTPS
    • 2049 /111 ) NFS /RPC
    • 3128 ) Squid Proxy
    • 3690 ) Subversion
    • 6379 ) Redis
    • 9200 ) Elasticsearch
    • 11211 ) Memcached
    • 24007 & 49152) Gluster
  • 🚎UDP
    • 69 ) TFTP
    • 161 ) SNMP
    • 500, 4500 ) IPsec IKE
    • 623) IPMI
  • 🔟OWASP 10
    • SQLi
    • NoSQLi
    • LFI / XXE
    • Command Injection
    • XSS / HTMLi / (S/C)SRF / SSTI
  • 📚Database
    • Oracle SQL | 1521
    • MSSQL / MYSQL / PSQL
  • 🔗Binary Exploitation
    • Linux
    • Windows
  • 👨‍🚒Red team
    • Reconnaissance
    • Initial Access
    • Persistence Techniques
    • AV Evasion Techniques
  • 🐰Bug Bounty
    • Search Engine
    • Index.html
  • ⌚Links
    • Passwords 1
    • Default Passwords
    • Default passwords 2
  • 🔄Other
    • Git
    • HackerGPT
    • Curl
    • Hints!!
    • Log4j
    • Mobile Sec
    • BookMarks
    • Steganography
    • CMS / Servers / Others
    • Deserialization
    • Tryhackme
  • 🤖Mobile Android Pentest
    • Mobile Sec
    • Drozer
  • Group 1
    • 📦HackTheBox — Writeups
      • 🏴‍☠️HTB - Devvortex
Powered by GitBook
On this page
  • Forensics
  • Default configuration paths
  • File Upload
  • Others
  1. Other

Hints!!

PreviousCurlNextLog4j

Last updated 2 years ago

Forensics

  • eicar string

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
  • Default ****

ls -la sudoers
# Default file size is 755
-rw-r--r-- 1 root root 755 Jul  3 13:55 sudoers
  • When the server was build ?

ls -la /etc/ssh/

# Check following file's date
-rw-------   1 root root    505 Jun  5 19:11 ssh_host_ecdsa_key
-rw-r--r--   1 root root    174 Jun  5 19:11 ssh_host_ecdsa_key.pub
-rw-------   1 root root    399 Jun  5 19:11 ssh_host_ed25519_key
-rw-r--r--   1 root root     94 Jun  5 19:11 ssh_host_ed25519_key.pub
-rw-------   1 root root   2602 Jun  5 19:11 ssh_host_rsa_key
-rw-r--r--   1 root root    566 Jun  5 19:11 ssh_host_rsa_key.pub

Default configuration paths

  • Tomcat

# Default path
/opt/tomcat/conf/tomcat-users.xml

# if not; if you have access to shell
ps -ef | less -S #then press '/' to search and type tomcat hit enter.
# or you can visit env variables
env
  • Windows SAM file

/Windows/System32/config/SAM
/Windows/System32/config/SYSTEM

File Upload

  • HTAccess file

# Now png file execute as php
echo "RewriteEngine off" > .htaccess
echo "AddType application/x-httpd-php .png" >> .htaccess
## Use double extensions: 
.jpg.php 
## Use reverse double extension:
.php.jpg
## Mix uppercase and lowercase:
.pHp, .pHP5, .PhAr
## Null byte:
.php%00.png, .php\x00.png
## Multiple dots:
file.php......
## Whitespace characters:
file.php%20
## Mime type, change Content-Type :
application/x-php
#or, 
Content-Type : application/octet-stream to Content-Type : image/gif
# Set the Content-Type twice:

Others

  • Extract plain text from .doc & .docx files

unzip -p ftp-details.docx word/document.xml | sed -e 's/<[^>]\{1,\}>//g; s/[^[:print:]]\{1,\}//g'    

docx2txt < input.docx > output.txt 
🔄
**Sudoers **