Hi everyone
Today we are going to look for a Box called Preignition which is rated as very easy in terms of difficulty. This machine has three phases: Recon, Enumeration and Exploitation.
- BOX Questions
- Task 1 Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.
- Task 2 What switch do we use for nmap’s scan to specify that we want to perform version detection
- Task 3 What does Nmap report is the service identified as running on port 80/tcp?
- Task 4 What server name and version of service is running on port 80/tcp?
- Task 5 What switch do we use to specify to Gobuster we want to perform dir busting specifically?
- Task 6 When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?
- Task 7 What page is found during our dir busting activities?
- Task 8 What is the HTTP status code reported by Gobuster for the discovered page?
- Recon & Enumeration
- Exploitation
- Submit root flag
- Key Takeaways
There are various tasks that needs to be completed to solve the entire Machine/Box.
BOX Questions
Task 1 Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.
dir busting
Task 2 What switch do we use for nmap’s scan to specify that we want to perform version detection
-sV
Task 3 What does Nmap report is the service identified as running on port 80/tcp?
http
Task 4 What server name and version of service is running on port 80/tcp?
nginx 1.14.2
Task 5 What switch do we use to specify to Gobuster we want to perform dir busting specifically?
dir
Task 6 When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?
-x php
Task 7 What page is found during our dir busting activities?
admin.php
Task 8 What is the HTTP status code reported by Gobuster for the discovered page?
200
Recon & Enumeration
Enumeration plays a very significant role in pen testing. The more properly you enumerate the more it will be easy to get a foothold on the target.
First, we will check whether target is reachable or not with ping command:
ping Target_IP
With ping command output we found that the target is reachable.
Now let’s move ahead and run the port scan for which we will be using Nmap a popular tool for port scanning and it will provide details of the various ports which are in Open state. The command for that will be:
sudo nmap -sV Target_IP
The above output shows that Port 80 is open, and http service is running on that port.
Now as http service is running let’s go ahead and check in the web browser what comes up:
We can see that we got nginx page which says welcome to nginx!
Now to further enumerate lets install a popular tool for directory enumeration which is gobuster:
The common.txt wordlist, which is available for download from this link
Let’s execute the gobuster scan:
command: sudo gobuster dir -w common.txt -u Target_IP
From the above result we can see that we got /admin.php which looks interesting, let check that.
Exploitation
Submit root flag
We found the root flag.
Key Takeaways
- Always enumerate properly.
- Do not use default logins like admin admin.
- Also make sure to hide the service versions or disable banner grabbing.
If you enjoyed this post, share it with your friends and colleagues