This machine was rated as an “Easy” level machine and required the attacker to exploit a vulnerable web application to gain access to the machine.
Reconnaissance
The first step in any penetration testing exercise is reconnaissance. In this step, we gather as much information about the target machine as possible. We can start by running a port scan using nmap:
$ nmap -sC -sV -oN nmap.txt 10.10.10.138
This command will perform a port scan and service enumeration on the target machine and save the results to a file named nmap.txt
. We can then review the file to see what ports and services are running on the target machine.
The output of the nmap scan showed that the target machine was running a web server on port 80 and a SSH server on port 22.
Nmap scan report for 10.10.10.138
Host is up (0.055s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 56:ea:2e:ab:20:55:2e:90:f9:f1:ba:39:49:17:13:f1 (RSA)
| 256 5e:89:df:7c:9e:4a:4c:2e:e4:f7:f1:1a:00:1f:8f:7b (ECDSA)
|_ 256 c6:21:a6:a3:6f:02:1e:8c:32:ca:67:50:8c:25:2a:3b (ED25519)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Apache2 Ubuntu Default…