ZacFran/Dry_Run.md

## Dry_Run.md

      
    Raw
  

              Dry_Run.md
            
          
    Box one


Nmap Scan first box
Run nmap scripts
check for robots.txt
SSH tunnel to web port

IN the browser

Enum all files!!!!

FILE TO Read - dircetory triverl


etc/passwd -take not of users
etc/host - network enum
etc/networks - network enum
etc/groups - group infomation

UPLOAD FILE - Malish file


must beable to access upload location

Login Page - SQL injection


prep a loggin
hit F12, look in the network
loggin
Copy RAW into the search bar to perform GET injection
open browser source code.

SSH Tunnel to Box run

SSH to box one
Enum

sudo -l 
crontab
find / -type -f -perm /4000 -ls 2> /dev/null

Box Two


Ping sweep enummed nework
for i in {1..254}; do ( ping -c 1 <targetnetwork>.$i | grep "bytes from" &); done


Nmap scan found boxes


Nmap Scripts to enum


Tunnel to web port


IN Broswer

multiple choice tab - SQL injection


click around to understated SQL works.


IN search bar perform GET sql injection
UNION select table_schema,column_name,table_naem from information_Schema.columns;
UNION SELECT table_name,1,column_name FROM information_schema.columns;
@@version


SSH tunnel to box two

ssh into box two
Box three

SSH tunnel to box three

SSH into box - use all known creds
  Bash 
  ls /etc/passwd
  cat /etc/host
  sudo -l 
  find / -type -f -perm /4000 -ls 2> /dev/null
  arp -a
  for i in {1..254}; do ( ping -c 1 <targetnetwork>.$i | grep "bytes from" &); done

dynamic tunnel to box three

nmap box four
nmap scripts
Box Four

tunnel to box on access port

xfreerdp -windows box with port 3389
  net group 
  net users
  whoami 
  net localgroup 
  ### gui ### 
  reg edit
    run 
    runonce
  services 
  sch tasks