22 ssh OpenSSH 5.9.p1 5ubuntu1.10
80 http Apache 2.2.22
443 https Apache 2.2.22
Vulnerabilities related with heartbleed has been detected, better zommed screen-shot:
Links mentioned by nmap:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://www.openssl.org/news/secadv_20140407.txt
http://cvedetails.com/cve/2014-0160/
Now I am sure that this site is vulnerable to heart bleed. I need to find a way to make use of it
Amazing website with simple explanation of it security things:
It means if someone requests for word: HAT, answer outputs HAT and next data which is after HAT(depending on how many letters user requested).
I have run a few times this script and then I notice a change in the output:
Since then password for ssh key has not been cracked, so I decided to try use this string as a password
There is an available tmux session, which is accessible by my user, because it belongs to group hype and I have read/write perm.
Thanks to this I can attach to the session with root privileges
