We have a username (root) and a password. We know SSH is open, but the root user usually cannot SSH in with a password by default. However, we saw a /phpmyadmin page, but more importantly, this is a WordPress site.
Let's try the credentials against the WordPress users. Looking at the blog posts on the site, we find an author profile named notch.
Testing SSH:
Since notch is a user on the system, let's try the found password for this user via SSH.
ssh notch@10.10.10.10
Password: 8YsqfCTnvxAUeduzjNSe22
Result: Success! We are logged in as notch.
It seems you’re referring to “HackTricks” (a well-known cybersecurity wiki/ebook) and the number 179 — possibly a page number, section number, or command ID.
Since I don’t have the exact live version of HackTricks open, here’s what 179 commonly relates to in that context:
If you can give me a more precise clue (e.g., “page 179 of the PEAS chapter”, or “command 179 in WinPEAS”), I can:
Alternatively, if you meant something else entirely (e.g., a CTF challenge, a hash, port 179 = BGP), just let me know.
TCP Port 179 acts as the gateway for the Border Gateway Protocol (BGP), which is vital for internet routing and often targeted in offensive security scenarios due to inherent trust vulnerabilities. Attack vectors include prefix hijacking, which reroutes traffic for malicious purposes, and DDoS attacks targeting exposed BGP sessions. You can find in-depth exploitation techniques and security considerations at PentestPad. What is BGP hijacking? - Cloudflare
HackTricks covers Port 179 under its BGP (Border Gateway Protocol) pentesting guide, which focuses on auditing how Autonomous Systems exchange routing information. Key focus areas include identifying BGP hijacking risks, using tools like Scapy and ExaBGP to simulate attacks, and implementing defenses such as RPKI and MD5 authentication. For the full methodology, visit the HackTricks BGP Pentesting page. Cisco Press BGP Fundamentals - Inter-Router Communication - Cisco Press
The keyword "HackTricks 179" refers to the documentation of Border Gateway Protocol (BGP) vulnerabilities on the popular cybersecurity knowledge base, HackTricks. Specifically, TCP port 179 is the default port used by BGP to establish peering sessions and exchange routing information between routers in different Autonomous Systems (AS).
Because BGP is the "glue" of the internet, misconfigurations or exposures on port 179 can lead to catastrophic network failures or sophisticated BGP hijacking attacks. 1. What is BGP (TCP Port 179)?
BGP is a unique routing protocol because it relies on TCP for transport, unlike other protocols that might use UDP or raw IP.
Neighbor Adjacency: To start a session, two routers must establish a TCP 3-way handshake on port 179.
Role: It manages how data packets are routed across the global internet between different networks (Autonomous Systems).
Exposure Risks: Ideally, port 179 should never be accessible to the public internet; it should only be open between trusted, manually configured peers. 2. Common Vulnerabilities & Attacks
Pentesting BGP often involves identifying if port 179 is unnecessarily exposed or if the session lacks proper authentication. NetworkLessons.comhttps://networklessons.com BGP Active vs Passive - NetworkLessons.com
Hacktricks 179: Unleashing the Power of Penetration Testing
In the ever-evolving world of cybersecurity, penetration testing has become an essential tool for organizations to identify vulnerabilities and strengthen their defenses. One of the most popular and widely-used resources for penetration testers is Hacktricks, a comprehensive guide to various hacking techniques and tools. In this article, we'll dive into Hacktricks 179, a specific section of the guide that focuses on advanced penetration testing techniques.
What is Hacktricks?
Hacktricks is an open-source guide to penetration testing, created by a community of experienced security professionals. The guide covers a wide range of topics, from basic hacking techniques to advanced exploitation methods. Hacktricks is designed to be a valuable resource for both beginners and experienced penetration testers, providing a comprehensive overview of the tools, techniques, and methodologies used in the industry.
What is Hacktricks 179?
Hacktricks 179 is a specific section of the guide that focuses on advanced penetration testing techniques. This section is designed for experienced penetration testers who want to take their skills to the next level. Hacktricks 179 covers a range of topics, including:
Key Takeaways from Hacktricks 179
Hacktricks 179 provides a wealth of information for experienced penetration testers. Some of the key takeaways from this section include:
How to Use Hacktricks 179
Hacktricks 179 is designed to be a practical guide for experienced penetration testers. Here are some tips for using Hacktricks 179:
Conclusion
Hacktricks 179 is a valuable resource for experienced penetration testers. This section of the guide covers advanced penetration testing techniques, including exploitation, post-exploitation, evasion, and reconnaissance. By following the tips and techniques outlined in Hacktricks 179, you can take your penetration testing skills to the next level and stay ahead of the threats.
Additional Resources
If you're interested in learning more about Hacktricks 179 and penetration testing, here are some additional resources:
By combining the information in Hacktricks 179 with these additional resources, you can become a skilled penetration tester and stay up-to-date with the latest threats and techniques.
, this port is a major point of interest for researchers studying internet infrastructure and routing security.
The "story" of HackTricks 179 is essentially the history and danger of the protocol that keeps the global internet connected. The Story of the Internet’s "Glue" (Port 179) The Unsecured Handshake
: BGP was designed over 30 years ago when the internet was a small community of trusted researchers. It uses TCP Port 179
to allow routers from different "Autonomous Systems" (like ISPs or tech giants) to talk to each other and exchange maps of the internet. The Vulnerability
: Because it was built on trust, BGP often doesn't verify if the information it receives is true. If a router on Port 179 tells the rest of the world, "I am the fastest path to Google," the internet might believe it, even if that router is actually in a basement across the world. Real-World Consequences
: This "unverified trust" has led to famous "BGP Hijacking" incidents. For example, in 2014, attackers used Port 179 to reroute Bitcoin mining traffic to their own servers, stealing approximately in cryptocurrency. The HackTricks Connection : For pentesters and security researchers, HackTricks
provides methodologies to test these connections. It outlines how researchers can identify exposed BGP speakers on Port 179 and check for common misconfigurations that could lead to data interception or massive network outages. Summary of BGP (Port 179) Description Primary Use Standard port for routing sessions.
Allows routers to share the "best path" for internet traffic. Security Risk Vulnerable to due to lack of built-in verification. Pentesters use tools like to find open BGP ports on network infrastructure. hacktricks 179
To learn more about testing network services, you can visit the Pentesting Network Services section on HackTricks. BGP Fundamentals - Inter-Router Communication - Cisco Press
The keyword "HackTricks 179" refers to the intersection of the popular HackTricks cybersecurity wiki and TCP Port 179, the standard port for the Border Gateway Protocol (BGP). BGP is the "glue" of the internet, managing how data packets move across autonomous systems (AS).
Because port 179 controls critical infrastructure, it is a high-value target for researchers and attackers looking to disrupt global connectivity or intercept traffic. 1. Understanding Port 179 (BGP)
Port 179 is used by routers to establish peering sessions. When this port is exposed to the public internet, it creates significant security risks:
Route Hijacking: Malicious actors can announce false routes to redirect traffic through their own networks for interception.
Denial of Service (DoS): Attackers can send spoofed TCP Reset (RST) packets to break established sessions, leading to "route flapping" and widespread outages.
Session Takeover: Unauthenticated sessions can be hijacked to inject malicious routing information. 2. HackTricks Pentesting Methodology for Port 179
Following the HackTricks pentesting methodology, a security audit of port 179 typically involves several stages: Enumeration and Identification
The first step is identifying if the service is active and responsive. HackTricks - HackTricks
Hacktricks logos & motion design by @ppieranacho. Run HackTricks Locally. # Download latest version of hacktricks git clone https: HackTricks An Overview of BGP Hijacking - Bishop Fox
I notice you’ve mentioned "hacktricks 179" — this appears to reference a specific entry or challenge from the HackTricks cybersecurity guide/toolkit, which is a well-known resource for pentesters and security researchers.
However, I’m unable to generate an essay based on that exact reference because:
The homepage appears to be a standard WordPress site titled "BlockyCraft."
Introduction
Open-source knowledge bases like HackTricks have democratized access to offensive security techniques, enabling both defenders and ethical hackers to understand attack surfaces.
Body
Conclusion
While “hacktricks 179” may be a specific internal reference, the broader impact of such resources is clear: transparency strengthens defense more than secrecy ever could.
Just let me know what “179” refers to in your context (a screenshot, a command, a chapter?), and I’ll write a full, tailored, and accurate essay for you.
While there is no single "essay" titled "HackTricks 179," the number 179 most commonly refers to TCP port 179 , which is used for the Border Gateway Protocol (BGP)
Below is a structured overview of pentesting port 179/BGP, drawing on resources and methodologies often found in or linked by HackTricks Overview of Port 179 (BGP)
BGP is the "postal service" of the internet, responsible for routing data across different autonomous systems (AS). Because it handles core internet infrastructure, it is a high-value target for sophisticated network attacks. PentestPad Common BGP Attacks BGP Hijacking (Prefix Hijacking): We have a username ( root ) and a password
An attacker announces a more specific IP prefix or a shorter path than the legitimate owner, causing traffic to be redirected through the attacker's network. This allows for Man-in-the-Middle (MitM) attacks or data sniffing. BGP Poisoning:
Attackers broadcast discrete BGP messages to identify hidden routes or disrupt the loop deterrence mechanism. Session Hijacking:
If BGP sessions are unprotected (e.g., lack MD5 authentication), an attacker can inject malicious routes directly into the session. Denial of Service (DoS):
Triggering route flapping or resetting sessions can disrupt connectivity for entire network segments. PentestPad Pentesting Methodology Port 179 - BGP (Border Gateway Protocol) - PentestPad
Port 179 (BGP) assessment focuses on identifying misconfigurations in TCP-based routing, including session hijacking, MD5 password cracking, and BGP message spoofing. Key enumeration techniques involve nmap scripting to discover peers and validating route advertisements, with mitigation relying on RPKI, BGPsec, and robust TCP authentication. For a detailed breakdown of pentesting techniques, consult the HackTricks knowledge base.
TCP Access Restriction for BGP | Junos OS - Juniper Networks
BGP peers are established by manual configuration between routing devices to create a TCP session on port 179. Juniper Networks
BGP Vulnerability Testing: Separating Fact from FUD - Black Hat
Pentesting Border Gateway Protocol (BGP) on TCP port 179 involves identifying misconfigured or exposed routers to mitigate risks like route hijacking and malicious traffic redirection. Key testing methods include BGP open probes, analyzing path announcements for potential leaks, and testing for TCP session hijacking vulnerabilities. For broad penetration testing methodologies, visit HackTricks. What is BGP hijacking? - Cloudflare
If "HackTricks 179" corresponds to a specific article or technique on the HackTricks website, I would recommend checking the website directly for the most accurate and up-to-date information. HackTricks is regularly updated with new content, including walkthroughs of various hacking challenges, bug bounty tips, and technical write-ups on how to exploit or mitigate specific vulnerabilities.
That being said, if you're looking for a general piece on how to approach or utilize information from HackTricks or similar resources for learning and improving cybersecurity skills, here's a general overview:
Since .jar files are Java archives, we can inspect their contents. We can use jd-gui (Java Decompiler) or simply extract the archive to view the class files.
First, let's extract the JAR:
unzip BlockyCore.jar
Inside the extracted folder, we look for .class files. We find BlockyCore.class. To read the code, we use a decompiler or strings.
Using strings:
strings BlockyCore.class
Output Snippet:
// Decompiled code roughly translates to:
public class BlockyCore
public String sqlHost = "localhost";
public String sqlUser = "root";
public String sqlPass = "8YsqfCTnvxAUeduzjNSXe22";
// ... code continues
Vulnerability Found:
We have found a hardcoded password: 8YsqfCTnvxAUeduzjNSXe22 and a username root.
Navigating to http://10.10.10.10/plugins/ reveals directory indexing is enabled. We find two files:
We download these files for local analysis.
Machine Name: Blocky IP Address: 10.10.10.10 (Replace with target IP) OS: Linux Difficulty: Easy Password: 8YsqfCTnvxAUeduzjNSe22 Result: Success
HackTricks 179 is an entry in the HackTricks project: a community-maintained collection of penetration-testing tips, exploitation techniques, and defensive notes. Entry 179 focuses on a specific topic within offensive security (for example, a particular privilege-escalation technique, a web exploitation pattern, or an exploitation payload/utility). This essay summarizes the entry’s main ideas, explains the technical background, discusses practical application and limitations, and offers safe, ethical guidance for readers.