Challenge 001:
We outset past times using 'netdiscover' every bit a method to abide by the IP address of the 'server'.
We together with then maintain amongst a quick 'nmap' scan of the 192.168.2.148 IP address, which yields:
root@kali: # nmap -sT -p- -T4 192.168.2.148
Nmap scan study for 192.168.2.148
Host is upwards (0.00055s latency).
Not shown: 65530 shut ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
35867/tcp open unknown
After scanning the site amongst 'nikto' together with 'dirbuster' together with browse the industrial plant life directories, piece leaving BurpSuite inwards passive mode, nosotros notice that BurpSuite industrial plant life a mails file, which contains the following:
##########
Everyone is here... xexexe!
----------------------------------------
Crazy Alice Alice@InWonderland.com
Nebu Chadnezzar NebuChadnezzar@OldKing.edu
Jo Raimontilinekergrobelar ShortName@badmail.com
Web Killer WebMurder@killer.ever.com
Don Quixote windmill@mail.spain
Crazy priest Exorcist@hotmail.com
Jasson Killer Friday13@JasonLives.com
Everything All AllweSaid@mail.com
Thiseas Sparrow Pirates@mail.gr
Black Dreamer SupaHacka@mail.com
Bond James MyNameIsBond@JamesBond.com
Poor Boy Millionaire@fmail.com
Blind Lynxeyed Linxblind@siou.com
Earl Dracula CarpathianServers@Blood.com
Tea Coffee sugar@dring.com
Whisky Vodka drink@drunk.com
###########
- from the data given, for the challenge nosotros read:
"The exclusively matter nosotros recall is that he was hired on Fri the 13th!".
- hence nosotros are looking for a user that has an e-mail the is somehow connected amongst this 1 information:
Jasson Killer Friday13@JasonLives.com
- piece browsing the site together with trying unlike logons, which failed, nosotros notice something on the site, under:
</span>white, rabbit</font>
- nosotros guide the text on the principal page, exclusively to abide by white, rabbit as a hidden text!
Moral: always hold off at the code together with wrap the long lines!
- nosotros endeavor to logon amongst the username:white together with the password:rabbit, together with nosotros are allowed to logon. Yay!
Browsing the site, nosotros larn to:
http://192.168.2.148/Hackademic_Challenges/ch001/main/Diaxirisths.php
- based on the description of the challenge, nosotros accept to ship an email:
"You accept to abide by his e-mail address together with ship it to us past times using the key communication panel of the company's site."
I together with then received the message "Congratulations!" inwards green! :)
We outset past times using 'netdiscover' every bit a method to abide by the IP address of the 'server'.
We together with then maintain amongst a quick 'nmap' scan of the 192.168.2.148 IP address, which yields:
root@kali: # nmap -sT -p- -T4 192.168.2.148
Nmap scan study for 192.168.2.148
Host is upwards (0.00055s latency).
Not shown: 65530 shut ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
35867/tcp open unknown
After scanning the site amongst 'nikto' together with 'dirbuster' together with browse the industrial plant life directories, piece leaving BurpSuite inwards passive mode, nosotros notice that BurpSuite industrial plant life a mails file, which contains the following:
##########
Everyone is here... xexexe!
----------------------------------------
Crazy Alice Alice@InWonderland.com
Nebu Chadnezzar NebuChadnezzar@OldKing.edu
Jo Raimontilinekergrobelar ShortName@badmail.com
Web Killer WebMurder@killer.ever.com
Don Quixote windmill@mail.spain
Crazy priest Exorcist@hotmail.com
Jasson Killer Friday13@JasonLives.com
Everything All AllweSaid@mail.com
Thiseas Sparrow Pirates@mail.gr
Black Dreamer SupaHacka@mail.com
Bond James MyNameIsBond@JamesBond.com
Poor Boy Millionaire@fmail.com
Blind Lynxeyed Linxblind@siou.com
Earl Dracula CarpathianServers@Blood.com
Tea Coffee sugar@dring.com
Whisky Vodka drink@drunk.com
###########
- from the data given, for the challenge nosotros read:
"The exclusively matter nosotros recall is that he was hired on Fri the 13th!".
- hence nosotros are looking for a user that has an e-mail the is somehow connected amongst this 1 information:
Jasson Killer Friday13@JasonLives.com
- piece browsing the site together with trying unlike logons, which failed, nosotros notice something on the site, under:
</span>white, rabbit</font>
- nosotros guide the text on the principal page, exclusively to abide by white, rabbit as a hidden text!
Moral: always hold off at the code together with wrap the long lines!
- nosotros endeavor to logon amongst the username:white together with the password:rabbit, together with nosotros are allowed to logon. Yay!
Browsing the site, nosotros larn to:
http://192.168.2.148/Hackademic_Challenges/ch001/main/Diaxirisths.php
- based on the description of the challenge, nosotros accept to ship an email:
"You accept to abide by his e-mail address together with ship it to us past times using the key communication panel of the company's site."
I together with then received the message "Congratulations!" inwards green! :)
