ReconForce-01.1

in VULNHUB

Recon Force (V1.1) is an easy to intermediate level challenge box. It is designed by Rahul Gehlaut. It is a web application that has a login page and a ping scan page. The goal is to find the hidden directory and exploit the web application.

Today we are doing hackNos: Recon Force (V1.1) VM from Vulnhub. It was designed by Rahul Gehlaut of hackNos series. It is Easy to Intermediate Box. Let’s start.

1. Scanning

To see what services are running in the box we use “nmap” to find out.

nmap -sV -sC -oA scan 192.168.0.7

nmap scan

So we got 3 open ports and It’s running on Ubuntu. We decided to start from 80 ports.

2 Enumeration

We browse the IP address in the browser and Find a Web page. There is a troubleshooting button. that bring login popup. ip list

3 Hidden Directory

To find out the hidden folder we use dirb, this tool gets the hidden folder and files name from the server with status code.

dirb http://192.168.0.7

dirb scan

4 Playing with Login Page

We Try default username and password in troubleshooting login option. Like “admin:: admin”, ”admin::1234567”. But we can’t login by the default credential.

login pages

5 FTP Server

Now we move our focus on the “FTP” server. In the “Nmap” output we see that anonymous FTP login is allowed. Let’s try poking with FTP.

ftp info

We can’t find any file in an anonymous user. But When we try to log in an interesting String is leaked.Security@hackNos.We think it can have some password. So we try to login with this password in the Web login portal.

password pages

We successfully log in and find a ping scan where we can ping hosts.So Now We try to find a way to execute command in that input field .

© 2019. All rights reserved.

Powered by NightHawk