Preignition - Linux

Ping and nmap the target Ip using sudo nmap -sV {target Ip}

We find port 80/tcp open http nginx 1.14.2, suggesting the target may be hosting explorable web content using nginx, open a web browser and look up the target Ip. Looking up the Ip leads us to a web page, and after some research on nginx find out the target is a web server. What we’re looking at is the default post-installation page for the service meaning it might not have been configured adequately.

Using a tool called gobuster, we can do something called directory (dir) busting to find “hidden” content on the web server. Gobuster does this by making connection attempts to the target using the http get method (requests web pages from the web server) with different url variations from a word list.

Use gobuster –help to list the commands we can use, we will be using the dir command in this case to search for directories on the web server

Running sudo gobuster -w common.txt -u {target Ip} gives us the result of /admin.php which is a page on the web server (-w : specifies the path to the wordlist file, -u : specifies the target URL or Ip) (we can also use -x to search for specific file extensions like -x php,html,txt)

Search {target Ip}/admin.php on your browser, we are meet with a login screen we would usually access with a brute force, in this case entering the default credentials of “admin” as the username and password gains us access.

After gaining access we can read and capture the flag.