Pages

Sunday, May 31, 2020

Tryhackme : Dav

Hi All

I m trying to do Dav box in Tryhackme so here s my note during
the process of pentesting :

after a scan with nmap i found http port 80 with apache server V2.4.18
so let s look if their s a vuln related to this version: nothing found
so let s bruteforce directory with wfuzz :
wfuzz -u http://10.10.187.183/FUZZ -w /usr/share/wordlists/wfuzz/general/common.txt --hc 404


********************************************************
* Wfuzz 2.2.11 - The Web Fuzzer                        *
********************************************************

Target: http://10.10.187.183/FUZZ
Total requests: 950

==================================================================
ID      Response   Lines      Word         Chars          Payload
==================================================================

000905:  C=401     14 L       54 W          460 Ch        "webdav"

Total time: 14.05000
Processed Requests: 950
Filtered Requests: 949
Requests/sec.: 67.61562

i have found this webdav i don't know  what this so i m going to spend some time to read about and
understand how it work: it s an extension to add more option to http function  that can be activated in webserver
when i try to acces the directory i have some sort of authentication so i have two path
find a way to bypass the authentication or bruteforce login before starting this process i want
to try enumerate more files in this directory to see if i m going to find something else
nothing found for directory so i was stuck with this login pop up thinking directly to bruteforce
is not the ideal approche so first we have to think if their s any default cred and that
the step that make me move on (so before any login bruteforce let's look at page code and also
if their s any default credentiel)
after that it was easy to get shell with Davtest and cadever as www-data user next step to get
user flag it was also easy :by default after getting shell the first command that i execute is
sudo -l and i get what i need for user flag and root flag

It s done see you next time

at
Location: Nassim, Casablanca, Morocco

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Offensive Lab : simple Format string challenge

 Hi All  Today i will write about a very easy challenge from Offensive LAB where you can solve it through using reverse engineering techniq...

  • Tryhackme : Dav
    Hi All I m trying to do Dav box in Tryhackme so here s my note during the process of pentesting : after a scan with nmap i found http port 8...
  • TryHackme : Boiler CTF
    HI All Lets play another box in tryhackme and learn something new today it will be Boiler CTF room I used to start any box  enumeration wi...