Preignition

Task 1: Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.

  • Quick google search shows it to be "dir busting"

Task 2: What switch do we use for nmap's scan to specify that we want to perform version detection

  • -sV

Task 3: What does Nmap report is the service identified as running on port 80/tcp?

  • Run a quick nmap scan shows http as running on port 80 which is the typical service running on that port.

Task 4: What server name and version of service is running on port 80/tcp?

  • an nmap version scan shows that nginx 1.14.2

Task 5: What switch do we use to specify to Gobuster we want to perform dir busting specifically?

  • A quick look up in the write up for this machine shows that the switch utilized is "dir"

Task 6: When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?

  • Look up in the write up shows a "-x" flag for searching for specific file extensions which can be used with the php file type.

Task 7: What page is found during our dir busting activities?

  • Run the following to get the only .php page "admin.php"

gobuster dir -u http://[IP]:[PORT]/ -w /usr/share/dirb/wordlists/common.txt

Task 8: What is the HTTP status code reported by Gobuster for the discovered page?

  • View the output from the command above. It shows a code of 200 for the page.

Submit Root Flag:

  • Go to your web browser and input http://[IP] and it will open a login page.

  • Utilize the login credentials admin:admin which were given in the machine write up doc.

  • The Flag is "6483bee07c1c1d57f14e5b0717503c73"

Last updated