MoneyBox

Scan the Network to find the vulnerable machine and the ports available to exploit using Nmap.
- Port 21 for FTP
- Port 22 for ssh
- Port 80 for http
With this recon data, try to access the FTP server using the tool FTP.
- trytofind.jpg
Let's try to fuzz the [[Web application]] using WFUZZ tool.
- Pages: blogs
Search for information in the Blogs page.
- Secret Key: 3xtr4ctd4t4
Using the Secret Key found, find the data inside of the JPG file using Steghide
- User: renu
With the user found as renu, try to find the Password of that user. We can use Hydra for cracking the password based on SSH.
- Password: 987654321
SSH into the machine with the user renu's credentials.
- Found the 1st Flag: us3r1{F14g:0ku74tbd3777y4}
- Found a user: lily
- Found the 2nd Flag: us3r{F14g:tr5827r5wu6nklao}
- Found the 3rd Flag: r00t{H4ckth3p14n3t}

Flags

Flag 1: us3r1{F14g:0ku74tbd3777y4}; Flag 2: us3r{F14g:tr5827r5wu6nklao}; Flag 3: r00t{H4ckth3p14n3t};

Name		Name	Last commit message	Last commit date
Latest commit History 21 Commits
Blogs.md		Blogs.md
FTP.md		FTP.md
Hydra.md		Hydra.md
Nmap.md		Nmap.md
README.md		README.md
SSH.md		SSH.md
Steghide.md		Steghide.md
WFUZZ.md		WFUZZ.md
Web Application.md		Web Application.md