top of page

Crocodile


Enumeration


As usual, let's start with nmap:

nmap -sV -sC IP

Replace IP by the IP of the target machine (Crocodile)

Note: The IP of our target machine will change all the time, make sure your replace IP in the command below by the target machine's IP. You can find the target's IP directly from your hack the box account.

Port 21 is open which is FTP (File Transfer Protocol)


Notice the line ftp-anom: Anonymous FTP login allowed (FTP code 230)

Anonymous FTP login allowed means that we should be able to login with the username anonymous. When the anonymous login is allowed, the system will not check the password you provide, meaning that you can provide any password you like and still get in!

Let's try it!

ftp 10.129.203.194

Type

anonymous

Press enter

It worked! We are in as anonymous! And we were not even asked for a password!


Type ls to list the files

We can see we have 2 files that seem interesting.

Let's download these files onto our machine by using the get command:

get allowed.userlist

get allowed.userlist.passwd

Now if you open your home folder, you will see these 2 files have been downloaded on your machine:

Let's open allowed.userslist :

Looks like a list of usernames!


Let's open allowed.userlist.paswd

Looks like these are the password for all the allowed users found in the first file!


So it looks like we now have the password for the account admin !

The password is rKXM59ESxesUFHAd


When we did our nmap earlier, we noticed that port 80 is open. From our VM, let's open our browser, and type the IP for our target machine (Crocodile) into our url search bar and press enter:


Now let's use gobuster to find any hidden directories:

gobuster dir -u 10.129.203.194 -w /usr/share/dirb/wordlists/common.txt -x .php

-x .php is added at the end to look for any files with .php extension too

Gobuster found /login.php

That's interesting, we might be able to use the credentials we just found.


Open your browser again and type the following in the url bar:

10.129.203.194/login.php

We get a login page:

Let's try to login with the username and password we just found

username : admin

password: rKXM59ESxesUFHAd


The flag is right there!


Congratulations! You got your flag!

12,255 views0 comments

Recent Posts

See All

Comentários

Avaliado com 0 de 5 estrelas.
Ainda sem avaliações

Adicione uma avaliação
bottom of page