Make sure to add the target into the hosts file:
sudo echo <ip> joker.thm >> /etc/hostsLet’s start this.
nmap -p- -T4 -vv joker.thmOpen Ports: 22,80,8080
Question 1: What version of Apache is it?
2.4.29
Question 2: What port on this machine not need to be authenticated by user and password?
80
Question 3: There is a file on this port that seems to be secret, what is it?
secret.txt
Question 4: There is another file which reveals information of the backend, what is it?
phpinfo.php
Question 5: When reading the secret file, We find with a conversation that seems contains at least two users and some keywords that can be intersting, what user do you think it is?
joker
Question 6: What port on this machine need to be authenticated by Basic Authentication Mechanism?
8080
Question 7: At this point we have one user and a url that needs to be aunthenticated, brute force it to get the password, what is that password?
hannah
Question 8: Yeah!! We got the user and password and we see a cms based blog. Now check for directories and files in this port. What directory looks like as admin directory?
/administrator/
Question 9: We need access to the administration of the site in order to get a shell, there is a backup file, What is this file?
backup.zip
Question 10: We have the backup file and now we should look for some information, for example database, configuration files, etc … But the backup file seems to be encrypted. What is the password?
hannah
Question 11: Remember that… We need access to the administration of the site… Blah blah blah. In our new discovery we see some files that have compromising information, maybe db? ok what if we do a restoration of the database! Some tables must have something like user_table! What is the super duper user?
admin
Question 12: Super Duper User! What is the password?
abcd1234
Question 13: At this point, you should be upload a reverse-shell in order to gain shell access. What is the owner of this session?
www-data
Question 14: This user belongs to a group that differs on your own group, What is this group?
lxd
Question 15: What is the name of the file in the /root directory?
final.txt
Thank you reading my writes.
Your feedback is much appreciated !
