In preperation for the OSCP I decided to pick a random box on HTB and try to crack it without using any writeups. Let's see how long I can last...
Issue -
Immediately I am having issues with the box remaining online and pingable.
Hypothesis -
Regenerating my SSH connection keys and redownloading the VPN connection file will solve the connection issue.
Result -
I am still experiencing connection issues to the machine.
Hypothesis -
I will reboot my pc to see if that helps with stability.
Result -
Rebooting seems to have helped the problem.
With the connection issue out of the way lets enurate the box and see what's open. We'll start with an nmap scan:
nmap -sV -A -v -p- 10.10.10.37
nmap shows that ports 21, 22, 80, and a few others are open;
PORT STATE SERVICE VERSION
Ports scanned: TCP(65535;1-65535) UDP(0;) SCTP(0;) PROTOCOLS(0;)
Host: 10.10.10.37 () Status: Up
Host: 10.10.10.37 () Ports: 21/open/tcp//ftp//ProFTPD 1.3.5a/, 22/open/tcp//ssh//OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)/, 80/open/tcp//http//Apache httpd 2.4.18 ((Ubuntu))/, 8192/closed/tcp//sophos///, 25565/open/tcp//minecraft//Minecraft 1.11.2 (Protocol: 127, Message: A Minecraft Server, Users: 0|20)/ Ignored State: filtered (65530)
Running wpscan reveals:
- Apache 2.4.18 (Ubuntu)
- WP Version: 4.8(insecure)
- Theme: twentyseventeen (outdated)
- Upload Directory Listing is enabled
- Username: notch
Next I will run dirb on the host as nothing immediately stands out.
Dirbuster turned up phpmyadmin and I am currently trying to get hydra to brute force the notch user on phpmyadmin and the WP admin login.