Preignition
Last updated
Last updated
Task 1: Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.
Quick google search shows it to be "dir busting"
Task 2: What switch do we use for nmap's scan to specify that we want to perform version detection
-sV
Task 3: What does Nmap report is the service identified as running on port 80/tcp?
Run a quick nmap scan shows http as running on port 80 which is the typical service running on that port.
Task 4: What server name and version of service is running on port 80/tcp?
an nmap version scan shows that nginx 1.14.2
Task 5: What switch do we use to specify to Gobuster we want to perform dir busting specifically?
A quick look up in the write up for this machine shows that the switch utilized is "dir"
Task 6: When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?
Look up in the write up shows a "-x" flag for searching for specific file extensions which can be used with the php file type.
Task 7: What page is found during our dir busting activities?
Run the following to get the only .php page "admin.php"
Task 8: What is the HTTP status code reported by Gobuster for the discovered page?
View the output from the command above. It shows a code of 200 for the page.
Submit Root Flag:
Go to your web browser and input http://[IP] and it will open a login page.
Utilize the login credentials admin:admin which were given in the machine write up doc.
The Flag is "6483bee07c1c1d57f14e5b0717503c73"