host: 10.10.50.94 login: boris password: >ġ of 1 target successfully completed, 1 valid password found max 16 tasks per 1 server, overall 16 tasks, 222 login tries (l:1/p:222), ~14 tries per task (use option -I to skip waiting)) from a previous session found, to prevent overwriting. Restorefile (you have 10 seconds to abort. several providers have implemented cracking protection, check with a small wordlist first - and stay legal! Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. ![]() Normaly I would use rockyou.txt however after around 30 minutes I had no hits so swapped to the much smaller wordlist fasttrack and got a hit after a minute or so. Using Hydra I was able to brute force boris’s password. Port 55007 POP3 does allow authentication, I tried to login using the credentials found for boris but they didnt work. Reviewing the nmap output, port 25 SMTP allows the VRFY command however not AUTH. Its now time to turn attention to the smtp/pop3 ports. Remember, since security by obscurity is very effective, we have configured our pop3 service to run on a very high non-default port Please email a qualified GNO supervisor to receive the online GoldenEye Operators Training to become an Administrator of the GoldenEye system Since you have access you definitely hold a Top Secret clearance and qualify to be a certified GoldenEye Network Operator (GNO) GoldenEye is a Top Secret Soviet oribtal weapons project. Using the the username ‘boris’ and password from cyberchef I can now login to the webpage. Using the magic function the string is decoded from HTLM Entity to clear text. I went to Cyber Chef to decode the password. Var allElements = document.getElementsB圜lassName("typeing") įew things to note in here, we have 2 names (boris, natalya) and an encoded password. BTW Natalya says she can break your codes Be on the lookout for any suspicious network traffic. My sources say MI6 maybe planning to infiltrate. Boris, make sure you update your default password. GoldenEyeText: "Severnaya Auxiliary Control Station****TOP SECRET ACCESS****Accessing Server IdentityServer Name.GOLDENEYEUser: UNKNOWNNaviagate to /sev-home/ to login" Not a great deal in there but there is a javascript file. ![]() I checked the source code for the webpage. The webpage tells us to go to /sev-home/ however the page is password protected and currently I have no usernames or password. Nmap done: 1 IP address (1 host up) scanned in 109.38 seconds |_pop3-capabilities: UIDL USER RESP-CODES AUTH-RESP-CODE SASL(PLAIN) CAPA STLS PIPELINING TOP ![]() I then completed a targeted scan against the 4 ports. I ran a full port scan and found 2 more ports. Nmap done: 1 IP address (1 host up) scanned in 42.44 seconds |_http-title: GoldenEye Primary Admin Server |_http-server-header: Apache/2.4.7 (Ubuntu) |_ssl-date: TLS randomness does not represent timeĨ0/tcp open http Apache httpd 2.4.7 ((Ubuntu)) |_smtp-commands: ubuntu, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, I deployed the machine and started a NMAP scan to check the available ports. The machine was pretty easy, it just needed good enumeration. Goldeneye is a medium rated CTF room on TryHackMe.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |