hackNos:ReconForce(v1.1) walk-through

hackNos:recnoforce v1.1 is an easy to intermediate level machine. You can downlaod it from vulnhub here :- “https://www.vulnhub.com/entry/hacknos-reconforce-v11,416/”

Let’s start with network scanning or host discovery by nmap ->

“nmap -sn 192.168.43.1/24"

We found our target -> 192.168.43.152

Services and version detection by nmap ->

“nmap -sV -sT -p- 192.168.43.152”

Web enumeration :- First we’ve visited that site and we found a “Trouble Shoot” button which redirects to “/5ecure” folder, but that folder is secured with http-authentication. It requires a username and a password.

Now we move further for another service to enumerate.

ftp enumeration -> “ftp 192.168.43.152 ”

In ftp ,anonymous login is successful but we cannot put some file in it and we also didn’t found some files, but wait we can see “Security@hackNos” written on the top as the ftp banner.

It’s time to use it as a password. We just try user as “admin” and password as “Security@hackNos” and we successfully bypassed that “http-authentication” with simple enumeration.

We can see that their is text box asking us to enter an IP address to ping ,which we can use for command execution.

Now most of you try for nc(netcat) reverse connection, but i was failed in gaining reverse connection from netcat, so i tried another way to penetrate in the box.

I simply opened a passwd file and we got a user “recon”, so I try to connect to ssh by this user and the above password (“Security@hackNos”)

See we are in, and we successfully found the “user.txt” flag

So I have to proceed for root privilege now -> “sudo -i”

I’am root now and I have the final root flag. This was an amazing machine ,which I’ve successfully rooted .