what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Monday, February 27, 2012

hackbattle proofnon00b part 2, let the games begin


Okey guys, so, so far we know who is Jennifer Kimari via the tool Maltego, and all we know she was found in Facebook. So lets go ahead and add her as my friend, and figure out what she says, what she does and some other info about her.


And we should be here, http://www.facebook.com/jennifer.kimari and on the page, we can see that she is talking about a blog in, http://109.228.10.136/?p=18.

So now we know about the server we need to get to. So lets go ahead and send some ICPM packets.











So we actually know those, we get them where? "iptables." This gives us an overview that this administrator has actually thought of ways to protect this box. So lets go ahead and nmap this server, non-intrusive manner and scan all the ports as below.

nmap -sV -PN 109.228.10.136 -p1-65355

Nmap scan report for hb (109.228.10.136)
Host is up (0.19s latency).
---------------------------
---------------------------
---------------------------
PORT STATE SERVICE VERSION
25/tcp filtered smtp
42/tcp filtered nameserver
80/tcp open http Apache httpd
113/tcp filtered auth
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
646/tcp filtered ldp
45000/tcp open ssh OpenSSH 4.3 (protocol 2.0)

From the nmap report, we have port 80 open, and port 45000, which means httpd and sshd are open.









So lets go ahead and find more intel on the servers website, which certainly looks like a blog, and so to confirm that, we try CTRL+U to read the source code, as below.



So with that we know we are behind wordpress 3.1.3. which can be found at http://wordpress.org/, an opensource CMS. So lets go ahead and fire some nikto and check if there are some vulnerabilities we can use against this CMS (Content Management). See below;














So we will continue with this next week, and see what else we will discover against this CMS.

Cheers all, keep tuned,

./Chucks

2 comments:

jack weru said...

So what switches did you use for Nikto?

chuksjonia said...

normal nikto command: nikto -h xxx.xxx.xxx.xxx