Enumeration
As usual let's start with the nmap command
nmap -sV IPReplace IP by the IP of the target machine (Preignition)
The IP of our target machine will change all the time, make sure your replace IP in the command below by the target machine's IP. You can find the target's IP directly from your hack the box account.
We can see that port 80 is open on the target machine. Port 80 is associated with http service so let's check what the website looks like.
From your VM, open your browser and in the URL search bar, type:
http://10.129.229.193
The website doesn't have much on it.
Now let's use a tool called Gobuster to scan the web service and potentially find any hidden directories that could be interesting! We need to provide Gobuster with a wordlist that contains common potentially hidden web directory names.
I like to use the pre-installed wordlist on Parrot called common.txt
Let's locate the list first using:
locate common.txt
Let's use the wordlist /usr/share/dirb/wordlists/common.txt
Now let's start our gobuster scan using the command:
gobuster dir -w /usr/share/dirb/wordlists/common.txt -u 10.129.229.193dir stands for directory scan
-w stands for wordlist
-u stands for url
Gobuster found on directory called /admin.php
Let's go back to our browser and type the following in the url tab:
10.129.229.193/admin.php
We got a login page.
Foothold
We do not know the username or the password, but let's try our luck and use the following credentials
username: admin
password: admin
It works and we are in. The flag is right there!
You got the flag! Congratulations!