Vulnversity

Reconnaissance

s1: run an nmap scan | nmap -A -sC -p- -oN vulnersity.nmap 10.10.26.152

-A : aggresive scan, -sC : nmap script scan, -p- : scan all ports, -oN : save results

Scan the box; how many ports are open? | 6

What version of the squid proxy is running on the machine? | 3.5.12

How many ports will Nmap scan if the flag -p-400 was used? | 400

What is the most likely operating system this machine is running? | ubuntu

What port is the web server running on? | 3333

Locating directories using Gobuster

To get started, you will need a wordlist for Gobuster (which will be used to quickly go through the wordlist to identify if a public directory is available. If you are using Kali Linux, you can find many wordlists under /usr/share/wordlists. You can also use the wordlist for directories located at /usr/share/wordlists/dirbuster/directory-list-1.0.txt in the AttackBox.

gobuster dir -u http://10.10.26.152:3333 -w '/usr/share/wordlists/dirbuster/directory-list-1.0.txt'

directory listing found

/images (Status: 301) /css (Status: 301) /js (Status: 301) /internal

visit webpage | http://10.10.26.152:3333/

What is the directory that has an upload form page?

visit http://10.10.26.152:3333/internal