ToolsRus

This box's purpose is to use different tools to enumerate the server, gather information and take over the machine.

The tools required for this task are:

• Dirbuster

• Hydra

• Nmap

• Nikto

• Metasploit

We start this box running an nmap scan.

The nmap scan shows us the typical port 22 for ssh open, apache on port 80 and Tomcat on poet 1234. It also tells us that the target machine is running Ubuntu.

Navigating to the default webpage on port 80 doesn't show us anything useful.

The first questions of the box asks us about the webpage's directories, so we can run dirbuster or any other directory bruteforce scanner to find about that.

This scan shows us two directories guidelines and protected

With this we can answer the first question, and by navigating to the /guidelines directory we can answer the second.

By navigating to the /protected directory we also get the answer to the third question.

The forth question asks whats bob's password, so we can try to find it by executing a bruteforce attack with hydra.

Logging in as bob gets us to this page.

This probably means we need to inspect that apache server on port 1234.

The next questions are about the port and service running the other webservice, which can be answered with the previous nmap scan.

The box asks us to exploit the Apache TomCat server with metasploit, but instead I will do it with a reverse shell and netcat listener.

Using msfvenom we originate a war shell.

Which we upload in the tomcat server as user bob.

We then start a netcat listener.

And open the shell directory that will give is a shell with root access to the server.

Then we can find the flag.txt in the root directory to solve the box.