Some constructive feedback:
* Hacking other sites on the same server and / or the Registrar is illegal unless you have explicit permission to hack any of these.
* The: "nmap -O" command will only make a "best guess" on what the target is running, and this highly depends on 1) The NMAP version, 2) The open ports, 3) Services
* Example: scanme.nmap.org can be anything from Windows to Linux, depending on if you use NMAP or Xprobe2, and of course also which version of NMAP. (This is just an example out of context.)
* About the hash(es) that were cracked, here's some notes.
All of these three hashes, is "admin" in cleartext:
$P$BknpJUI2S.F6oD9bsAjRgZKBrQ2ct60
$P$BOOqZK9L94G3iXsjBlWLO5RbMSsLqW/
$P$Bc/LbIyetpQ1O21TcSJIq7zHr22Eiz.
(Note: Wordpress version 3.3.1)
These three hashes are also "admin" in cleartext:
$P$BBZNzh4ejzux/Q1XJeYa4bMoXVbE0o1
$P$BHbYY6iira4PZGTbnQGj52DPaqfn3t0
$P$BXqXvkYvNkAM1b.N3qZXY6K5Y/mkj90
(Note: Wordpress version 2.8.4)
In case you wonder, $P$ comes from class_phpass.php:
$output = '$P$'; in the function gensalt_private($input); function.
* When an attacker comes across a kernel version like this: 2.6.31.5-127.fc12.1686, the last number (127) is often the distribution specific patch number. (Meaning security patches could've been applied nullifying known vulnerabilities for 2.6.31.5)
No offense intended of course, there's just a few loose ends
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
