Get a Kali Linux box, and go to Offensive Security’s Proving Grounds here:
Get a free VPN account and try to hack the boxes there.
You can get Kali Linux here. Just download and burn a copy to USB with PenDriveLinux.
Super easy box because it runs a vulnerable version of Nagios network monitoring software.
1. nmap scan for open ports, find a ton of them:
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
389/tcp open ldap OpenLDAP 2.2.X – 2.3.X
443/tcp open ssl/http Apache httpd 2.4.18 ((Ubuntu))
5667/tcp open tcpwrapped
2. Open up the target in a web browser at https://1.2.3.4 (or whatever the real target IP is.)
3. You’ll see the nagios login page. Google and search for Nagios default admin account and you’ll find nagiosadmin as the default user name.
As always, try some default passwords like admin, password, toor but you’ll find that ‘admin’ works lolfail.
4. Anyhow, log in and find the version number. The specific version I saw was Nagiox XI 5.6.0, sooooo. Hop on metasploit!
5. msf6 > search nagios XI remote command execution and you’ll see 8 returns, one of which we’ll use.
6. Enter ‘use 5’ (or whatever it is for you in msfconsole) and enter show options to see what all options you can set. Some are mandatory, marked as Yes/No under Required.
7. Enter all required options with set lhosts, set rhosts. set targetURI etc. Ensure all required are entered or it will fail.
8. Once done, enter ‘run’ and you’ll be dumped to a meterpreter prompt. Enter shell to get a root shell.
9. #cat /root/proof.txt to reveal the flag.
That was a bit easy but it’s good practice.
That was a ton of ports to go play around with though.
Spend time investigating the info you can draw out of them with relevant tools.