πŸ•ΈοΈ
Th4ntis CyberSec
  • πŸ•·οΈ>whoami_
  • πŸ–₯️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • πŸ’»Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • πŸͺŸWindows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • πŸ”ŽOSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • πŸ› οΈTools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • πŸ“”Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • πŸ“•Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • πŸ““Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • πŸ“¦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • Initial Scan
  • Task 1
  • Task 2
  • Task 3
  • Task 4
  • Task 5
  • Task 6
  • Task 7
  • Task 8
Edit on GitHub
  1. HackTheBox
  2. Starting Point
  3. Tier 0

Preignition

Initial Scan

sudo nmap -p- -sT -sV -T4 -v 10.129.16.210
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-07 21:16 EDT
NSE: Loaded 45 scripts for scanning.
Initiating Ping Scan at 21:16
Scanning 10.129.16.210 [4 ports]
Completed Ping Scan at 21:16, 0.08s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:16
Completed Parallel DNS resolution of 1 host. at 21:16, 0.10s elapsed
Initiating Connect Scan at 21:16
Scanning 10.129.16.210 [65535 ports]
Discovered open port 80/tcp on 10.129.16.210
Completed Connect Scan at 21:17, 51.35s elapsed (65535 total ports)
Initiating Service scan at 21:17
Scanning 1 service on 10.129.16.210
Completed Service scan at 21:17, 6.11s elapsed (1 service on 1 host)
NSE: Script scanning 10.129.16.210.
Initiating NSE at 21:17
Completed NSE at 21:17, 0.27s elapsed
Initiating NSE at 21:17
Completed NSE at 21:17, 0.23s elapsed
Nmap scan report for 10.129.16.210
Host is up (0.055s latency).
Not shown: 65534 closed ports
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.14.2

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 58.48 seconds
           Raw packets sent: 4 (152B) | Rcvd: 1 (40B)

Task 1

What is considered to be one of the most essential skills to possess as a Penetration Tester?

Answer: Dir busting

Task 2

What switch do we use for nmap's scan to specify that we want to perform version detection

nmap --help

Answer: -sV

Task 3

What does Nmap report is the service identified as running on port 80/tcp?

Found in initial scan

Answer: http

Task 4

What server name and version of service is running on port 80/tcp?

Found in initial scan

Answer: nginx 1.14.2

Task 5

What switch do we use to specify to Gobuster we want to perform dir busting specifically?

Answer: dir

Task 6

What page is found during our dir busting activities?

Answer: admin.php

Task 7

What is the HTTP status code reported by Gobuster for the discovered page?

Previous screenshot

Answer: 200

Task 8

Submit root flag

When browsing to (IP)/admin.php

Took a stab in the dark with admin:admin

Answer: 6483bee07c1c1d57f14e5b0717503c73

Last updated 2 years ago

πŸ“¦
Gobuster man page