See below:ĭo not forget to run your osquery, or else once inside the Fleet management console, your osquery install will appear offline. You should then be able to navigate to your fleet server either on localhost or using the server IP address if you have managed to set it up within your network of osquery hosts. This is a unique, randomly generated key that you will need to provide before the application can be served. Notice that for every instance that you serve the application, you will be required to provide a unique –auth_jwt_key. Traffic streaming from served application The output below shows traffic as the application is being run.įigure 6. Once the server is running, you should be able to see the following on your terminal where you started the server from. Generating the server.cert fileĪfter you are done with the above steps, you can now serve the application using the command shown below: The command and output are shown below:įigure 4. In this step we are generating the signed certificate. The command and output are shown below:įigure 3. In the step below, we generate a certificate signing request file. The command used and output is shown below:įigure 2. In this step, we are generating the private key to the certificate. Once complete, you should get a message reading “Migrations Completed.” We, however, need to generate some self-signed certificates by following the three steps given below: This can be done using the command “fleet prepare db” as shown below: Running the Fleetīefore you can run Kolide, you need to ensure that you have prepared the database. For instance, just like in SQL, osquery allows you to perform joins, limits and aggregates within your queries. The extensiveness of the queries that you can use depend on how conversant and comfortable you are using SQL. The web interface makes it very easy to use Kolide if you already understand SQL syntax and have interacted with osquery. The following are some of the things that you can be able to query: With Kolide, you can manage your fleet of osquery hosts more easily through a web interface. We can also create query packs and build schedules. Using Fleet, we can be able to query multiple hosts on-demand. There is one directory called ‘/inc’ which was listing files and folder of the website.Kolide Fleet is a flexible control server that can be used to manage osquery fleets. $gobuster dir -u $IP/content/ -w /usr/share/wordlists/dirbuster/ = Gobuster v3.1.0 by OJ Reeves & Christian Mehlmauer = Url: Method: GET Threads: 10 Wordlist: /usr/share/wordlists/dirbuster/ Negative Status codes: 404 User Agent: gobuster/3.1.0 Timeout: 10s = 4 13:49:53 Starting gobuster in directory enumeration mode = /images (Status: 301) /js (Status: 301) /inc (Status: 301) /as (Status: 301) /_themes (Status: 301) /attachment (Status: 301) Now let us again run the gobuster on this endpoint to see what we can find further. It was running was running CMS of Sweetrice. So now we know HTTP website is running on the system so let’s take a look Here we found out that there are 2 ports open i.e 80 and 22 which is also for HTTP and SSH. Rustscan -a $IP -b 1000 -r 0–65535 -t 5000 -A Open $IP:22 Open $IP:80 Starting Script(s) Script to be run Some("nmap -vvv -p ") PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux protocol 2.0) | ssh-hostkey: | 2048 49:7c:f7:41:10:43:73:da:2c:e6:38:95:86:f8:e0:f0 (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo0a0DBybd2oCUPGjhXN1BQrAhbKKJhN/PW2OCccDm6KB/+sH/2UWH圓kE1XDgWO2W3EEHVd6vf7SdrCt7sWhJSno/q1ICO6ZnHBCjyWcRMxojBvVtS4kOlzungcirIpPDxiDChZoy+ZdlC3hgnzS5ih/RstPbIy0uG7QI/K7wFzW7dqMlYw62CupjNHt/O16DlokjkzSdq9eyYwzef/CDRb5QnpkTX5iQcxyKiPzZVdX/W8pfP3VfLyd/cxBqvbtQcl3iT1n+QwL8+QArh01boMgWs6oIDxvPxvXoJ0Ts0pEQ2BFC9u7CgdvQz1p+VtuxdH6mu9YztRymXmXPKJfB | 256 2f:d7:c4:4c:e8:1b:5a:90:44:df:c0:63:8c:72:ae:55 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC8TzxsGQ1Xtyg+XwisNmDmdsHKumQYqiUbxqVd+E0E0TdRaeIkSGov/GKoXY00EX2izJSImiJtn0j988XBOTFE= | 256 61:84:62:27:c6:c3:29:17:dd:27:45:9e:29:cb:90:5e (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILe/TbqqjC/bQMfBM29kV2xApQbhUXLFwFJPU14Y9/Nm 80/tcp open http syn-ack Apache httpd 2.4.18 ((Ubuntu)) | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: Apache2 Ubuntu Default Page: It works Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernelĪfter the execution of command, we get the following result. I used to rustscan and forward the result to Nmap We start to gather information by scanning open ports in the system. Hello People, In this write up I have covered a walkthrough for the Tryhackme box called Lazy Admin.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |