Perform an nmap scan using the default SYN-SCAN (-sS) option and the -A (OS and Server Version Detection) as shown on line 1 below.
Access the web server on port 80 and choose to review the source code on the page presented. You will notice an HTML comment on line five as shown below. Note this for future use.
Next we will run “gobuster” as shown below to enumerate sub-directories utilizing the “dirb/common.txt” wordlist.
The robots.txt file reveals a single entry as seen below.
Run gobuster with the “-x” option as shown below. This is to include data with a .php extension.
You can see that a page named “login.php” is enumerated. Use the prior strings that were found “R1ckRul3s” and “Wubbalubbadubdub” to log onto the web application.
Begin by listing the files in the current directory with the provided input box.
Utilizing commands such as “cat”, “more”, and “head”, among others, has been disabled.
A simple “sudo -l” from the Command Panel reveals that the current user can run any command super user. We decide to list the contents of the “root” users home directory.