There are a lot of default functionalities that are used to configure Apache. This is the default page and it shows that Apache Tomcat is configured on the system. We can see above that the Apache Tomcat default page is shown when we accessed the target machine IP through the browser. I opened the target machine IP on the browser to access the web application. As this port is used for HTTP service, there must be a web application running on the target machine. Let’s start the CTF challenge by exploring the target machine through the open port 8080. In the next steps, we will be utilizing these open ports for further exploring the target machine. The results can be seen in the screenshot below.Īs we can see in the above screenshot, port 22 and port 8080 are open on the target machine. We also used -sV switch to enumerate the version details of the running services. In the command, we used the -Pn switch for initiating a no-ping scan and the -p- switch for including all 65530 ports in the scan. We conducted an nmap full-port scan for this purpose. Please note: The target and attacker machine IP addresses may be different as per your network configuration.Īfter getting the target machine IP address, the first step is to find the open ports and services available on the machine. We will be using 192.168.1.23 as the attacker IP address. I can also see the IP address of other connected devices to my router, but due to security reasons, I have hidden the MAC address of the connected devices. In the above screenshot, you may see that we’ve got the virtual machine IP address: 192.168.1.9 (the target machine IP address). The command output can be seen in the screenshot given below. Enumerate and exploit for the purpose of getting the rootĪfter downloading and running this machine on VirtualBox, the first step is to explore the VM by running a Netdiscover command to get the IP address of the target machine.Scan open ports by using the Nmap scanner.Get the target machine IP address by running the netdiscover utility.The summary of the steps required in solving this CTF is given below: The techniques used are solely for educational purposes, and I am not responsible if the listed techniques are used against any other targets. I am using Kali Linux as an attacker machine for solving this CTF. Please note: For all of these machines, I have used Oracle VirtualBox to run the downloaded machine. I highly suggest attempting them, as it is a good way to sharpen your skills and to learn new techniques in a safe environment. You can download vulnerable machines from this website and try to exploit them. VulnHub is a well-known website for security researchers that aims to provide users with a way to practice their hacking skills through a series of challenges in a safe and legal environment. The torrent downloadable URL is also available for this VM and has been added in the reference section of this article.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |