Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.
dir busting
What switch do we use for nmapβs scan to specify that we want to perform version detection
-sV
What does Nmap report is the service identified as running on port 80/tcp?
1
2
3
4
5
$ nmap -sV -p- <ip>
...
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.14.2
...
What server name and version of service is running on port 80/tcp?
nginx 1.14.2
What switch do we use to specify to Gobuster we want to perform dir busting specifically?
dir
When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?
-x php
What page is found during our dir busting activities?
admin.php
What is the HTTP status code reported by Gobuster for the discovered page?
200
Submit root flag
1
2
3
4
5
6
7
$ curl <ip>/admin.php
...shows a login form...
$ firefox <ip>/admin.php
admin:admin
6483bee07c1c1d57f14e5b0717503c73