Attacking Ip info


Task 1

Q: What is considered to be one of the most essential skills to possess as a Penetration Tester? A: Dir busting

short for directory busting

Task 2

Q: What switch do we use for nmap’s scan to specify that we want to perform version detection A: -sV

Task 3

Q: What does Nmap report is the service identified as running on port 80/tcp? A: http

nmap -sV                                   
Starting Nmap 7.91 ( ) at 2022-08-15 00:47 EDT
Nmap scan report for
Host is up (0.27s latency).
Not shown: 999 closed ports
80/tcp open  http    nginx 1.14.2

Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 55.50 seconds

Task 4

Q: What server name and version of service is running on port 80/tcp? A: ngnix 1.14.2

I used the following command with gobuster ``$ gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x “.html,.txt,.php” -u -t 25 –timeout 60s

Task 7

Q: What is the HTTP status code reported by Gobuster for the discovered page? A: 200

$ gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x ".html,.txt,.php"  -u -t 25 --timeout 60s 


TO get to the flag we can navigate to the admin.php page. There we are prompted with a login page where we can guess the username and password to get the flag!