💡
Task 1

Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.

dir busting

💡
Task 2

What switch do we use for nmap’s scan to specify that we want to perform version detection

-sV

💡
Task 3

What does Nmap report is the service identified as running on port 80/tcp?

http

nmap -sV IP_ADDRESS
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-12 18:12 EEST
Nmap scan report for IP_ADDRESS
Host is up (0.069s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.14.2

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.05 seconds
💡
Task 4

What server name and version of service is running on port 80/tcp?

nginx 1.14.2

Installing gobuster

sudo apt install golang-go
go install github.com/OJ/gobuster/v3@latest
# If the above fails try the following...
sudo git clone https://github.com/OJ/gobuster.git
cd gobuster
go get && go build
go install

Now, we will use gobuster to scan the target website for directories using a wordlist.

# If you are using Kali Linux
sudo gobuster dir -w /usr/share/wordlists/dirb/common.txt -u IP_ADDRESS
# If you are using Ubuntu
wget https://raw.githubusercontent.com/v0re/dirb/master/wordlists/common.txt
sudo gobuster -w /common.txt -u IP_ADDRESS
=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : IP_ADDRESS
[+] Threads      : 10
[+] Wordlist     : /common.txt
[+] Status codes : 200,204,301,302,307,403
[+] Timeout      : 10s
=====================================================
2023/06/12 18:25:21 Starting gobuster
=====================================================
/admin.php (Status: 200)
=====================================================
2023/06/12 18:25:55 Finished
=====================================================
💡
Task 5

What switch do we use to specify to Gobuster we want to perform dir busting specifically?

dir

💡
Task 6

When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?

-x php

💡
Task 7

What page is found during our dir busting activities?

admin.php

💡
Task 8

What is the HTTP status code reported by Gobuster for the discovered page?

200

💡
Submit Flag

Now, navigate to IP_ADDRESS/admin.php and enter the following credentials.

admin
admin

Nice one, you’ve got the flag!

Tagged in:

HackTheBox CTF