Pivoting VIII

overview

In this pivoting challenge, the network architecture is as shown below:

Kali -----------> Target A -------------> Target B

A webapp is running on Target A. You have managed to get the following credentials for this webapp by using phishing.

  • Username : robert

  • Password : password1

  • Login URL : http:///?/admin

Your mission is to get the flags kept in flagX.txt file on both Target A and Target B

Instructions:

  • This lab is dedicated to you! No other users are on this network :)

  • Once you start the lab, you will have access to a Kali GUI instance

  • Your Kali has an interface with IP address 192.X.Y.Z. Run "ip addr" to know the values of X and Y.

  • The Target A should be located at the IP address 192.X.Y.3.

  • Once you compromise Target A, you should be able to use that as a pivot to exploit Target B

  • Do not attack the gateway located at IP address 192.X.Y.1

  • postgresql is not running by default so Metasploit may give you an error about this when starting

How to solve this?

  • Metasploit is installed on the Kali instance you will get access to

  • All exploitation can happen using manual exploitation methods, Hydra and third party tools

  • You are free to use other tools line Nmap for enumeration

solutions

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-150.pdf

PreviousPivoting VINextAD Enumeration: AD- Password Spraying

Last updated