Scribd
Upload
18 views12 pages

Report

The document outlines a step-by-step guide for setting up and exploiting the DEATHNOTE virtual machine using tools like Nmap, Dirb, and Hydra. It details the process of network scanning, web enumeration, and brute-force attacks to gain access to the system. The guide culminates in switching to the root user and accessing sensitive files within the system.

Uploaded by

wayseaofficial
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views12 pages

Report

The document outlines a step-by-step guide for setting up and exploiting the DEATHNOTE virtual machine using tools like Nmap, Dirb, and Hydra. It details the process of network scanning, web enumeration, and brute-force attacks to gain access to the system. The guide culminates in switching to the root user and accessing sensitive files within the system.

Uploaded by

wayseaofficial
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

DeathNote

Initial Setup

1. Virtual Machine Configuration


• Download DEATHNOTE: 1 VM from VulnHub and configure it on your virtual
environment, such as VirtualBox or VMware.
• Ensure both your attacking machine (Kali Linux or Parrot OS) and DEATHNOTE VM
are on the same network (usually in NAT or Host-Only mode).
Step 1: Network Scanning and Enumeration
Objective : Identify the IP address of the target VM and open services.

1. Identify the Target IP

• Run the netdiscover tool to list live hosts in your network.

bash
Copy code
sudo netdiscover -r <your network range>

• Note the IP address assigned to the DEATHNOTE VM.

We initiate a Nmap scan of the target IP Address using the command


nmap -Pn -v 10.10.10.2
Scan for Open Ports and Services

• Use nmap to conduct a detailed scan:

bash
Copy code
nmap -sS -sV -A -T4 <Target-IP>

• Analyze the results for open ports and services. Example:


arduino
Copy code
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4
80/tcp open http Apache httpd 2.4.29

Screenshot of nmap results:

From the results of the scan above, we discover that ports 80(HTTP) and
22(SSH) are open.

>We open the website using our browser. We type in 10.10.10.2 ( If an error
shows up, add the ip address to the hosts file in /etc). We find a hint
button. Let’s click on that.
Step 2: Web Enumeration
Objective : Investigate the web service for potential vulnerabilities.

1. Access the Web Application

• Visit http://<Target-IP> in your browser and explore the available content.


• Use Dirb or Gobuster to enumerate directories.

dirb http://<Target-IP> /usr/share/wordlists/dirb/common.txt

It is asking us to locate a notes.txt file. Let’s see if we can find something


out by viewing the pages source code.

We find a directory /wordpress/wp-content/uploads/2021/07


we found the Notes.txt file already! There is also a user.txt file.
Let’s look into their contents.
Looks like a list of usernames. We can use this later to attack the login
page.

>Looking into robots.txt to see if there is any details regarding restricted


directories.

Light’s Dad added a hint in the important.jpg file

We use curl to return the data from the image.


This confirms that user.txt can be used as a wordlist for usernames and notes.txt
can be used for passwords.

Exploit Vulnerabilities Using Hydra


Objective : Use Hydra to perform a brute-force attack on a login form (SSH, web form, etc.) to gain
access.

1. Identify the Target Service for Brute-Forcing

• If you find SSH (port 22) open, Hydra can be used to attempt a brute-force attack on
SSH credentials. Alternatively, you could target a web login form if it is vulnerable.
2. Hydra Command for SSH Brute-Force Attack

• To use Hydra for brute-forcing SSH credentials:


bash
Copy code
hydra -l <username> -P /path/to/wordlist.txt ssh://<Target-IP>

• Explanation :
• -l <username> : Specify the username to try.
• -P /path/to/wordlist.txt : Path to the password wordlist.
• ssh://<Target-IP> : The target service (SSH) and IP address.

Example :
bash
Copy code
hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.100

3. Hydra Command for HTTP Form Brute-Force

• If you need to brute-force a web login form:


bash
Copy code
hydra -l <username> -P /path/to/wordlist.txt <Target-IP> http-post-
form "/path/to/login:username=^USER^&password=^PASS^:F=incorrect"

• Explanation :
• /path/to/login : Path to the login page.
• username=^USER^&password=^PASS^ : Replace with actual field names
of the login form.
• F=incorrect : The response that indicates a failed login attempt.

Example :
bash
Copy code
hydra -l admin -P /usr/share/wordlists/rockyou.txt 192.168.1.100 http-post-
formm "/admin/login:username=^USER^&password=^PASS^:F=Invalid login

We find the credentials user : l password: death4me.

>SSH login using the found credentials


Lets dig deeper to see if we can find some useful information.

2 Directories were found in /opt/L.


There seems to be a hash code found in the case.wav file and a hint saying use
cyberchef.

Looks like a hex code. Lets use cyberchef to break it down for us.
On converting the hash from hex and from base64 , it reveals the password is
kiraisevil.

>switching user to kira

we find a kira.txt file.

we use cyberchef again to decipher the code.

The following message is revealed:


please protect one of the following
1. L (/opt)
2. Misa (/var)
Interesting. As we already explored the /opt directory we explore the /var directory
now.

After exploring the var directory, we learn that misa cannot be saved.

>Switching to root.

We use the sudo /bin/bash to switch to root.

We then find a root.txt file in the root folder.

You might also like