🏰
Pentesting Playbook
  • Pentesting Playbook
    • 🍰About
    • πŸ–₯️The Process
      • πŸ”ŽReconnaissance
        • πŸ”­Passive Reconnaissance
        • πŸ‘£Footprinting
        • πŸ•΅οΈActive Reconnaissance
        • πŸ€–Automated Reconnaissance
      • πŸ›Vulnerability Scanning & Testing
        • πŸ•ΈοΈWeb Hacking
      • πŸ’£Exploitation
        • 🏠Local File Inclusion (LFI)
        • 🐚Shells
        • πŸ’‰SQL Injection (SQLi)
          • πŸ—„οΈDatabases
          • 🐬MySQL
          • πŸ—ƒοΈDatabase Enumeration
          • πŸ“–Reading & Writing Files
          • πŸ—ΊοΈSQLMap
            • Database Enumeration
            • OS Exploitation
            • Bypassing Protection
        • βš”οΈCross Site Scripting (XSS)
      • πŸ”“Authentication
        • 🐧Linux Authentication
        • πŸͺŸWindows Authentication
        • πŸ”‘Brute Forcing Logins
        • πŸ”§Cracking Tools
      • ⬆️Privilege Escalation
        • 🐧Linux Escalation
        • πŸͺŸWindows Escalation
    • β™₯️Useful Extras
    • β˜‘οΈEngagement Checklist
  • Main Topics
    • πŸ–₯️Networking
    • βš”οΈAttacking Common Services
      • 🐬MySQL
      • ⚫MSSQL
      • πŸ–₯️RDP
      • 🦁SMB
      • πŸ—ƒοΈFTP
      • 🌐DNS
      • βœ‰οΈEmail
    • πŸ“Active Directory
      • πŸ”Initial Enumeration
      • 🦢Getting a Foothold
      • 🧺Password Hunting and Gathering
      • πŸ’¦Password Spraying
      • πŸ”Enumerating Security Controls
      • πŸ”‘Credentialed Enumeration with Linux
      • πŸ”‘Credentialed Enumeration with Windows
      • 🚜Living Off the Land
      • πŸ”₯Keberoasting with Linux
      • πŸ”₯Keberoasting with Windows
      • πŸ›‚Access Control List (ACL)
      • πŸ—οΈPrivileged Access
      • πŸ”ͺBleeding Edge Vulnerabilities
      • βš™οΈMisconfigurations
      • 🀝Domain Trusts
        • πŸͺŸAttacking Domain Trusts From Windows
        • 🐧Attacking Domain Trusts From Linux
        • 🌲Cross-Forest Trust Abuse From Windows
        • 🌳Cross-Forest Trust Abuse From Linux
    • ↗️Pivoting, Port Forwarding and Tunnelling
    • πŸ› οΈReverse Engineering
    • πŸ•΅οΈForensics
    • 🦈Pcap Analysis
    • πŸ—„οΈFile Transfers
    • 🚜Living off The Land
    • πŸ’ŽMetasploit Framework
    • ✍️Documentation & Reporting
  • Other Resources
    • ℹ️Interesting Attacks
  • Exam Prep
    • eCPPTv2 Prep
    • OSCP Prep
  • CTF
    • THM Rooms
      • Mustacchio
      • Plethora THM
      • Break Out The Cage
      • Probe
  • HTB Skill Assessments
    • AD Enumeration & Attacks - Skills Assessment Part I
    • AD Enumeration & Attacks - Skills Assessment Part II
Powered by GitBook
On this page

Was this helpful?

  1. CTF
  2. THM Rooms

Probe

PreviousBreak Out The CageNextHTB Skill Assessments

Last updated 1 year ago

Was this helpful?

We start with a nmap scan

nmap -sV -sS 10.10.196.80 -vv

What is the version of the Apache server?

With question 1 done, we see that our scan didn't catch a port for FTP

I ran rustcan -a 10.10.196.80 to scan all the ports fast

What is the port number of the FTP service?

What is the FQDN for the website hosted using a self-signed certificate and contains critical server information as the homepage?

What is the email address associated with the SSL certificate used to sign the website mentioned in Q3?

What is the value of the PHP Extension Build on the server?

What is the banner for the FTP service?

What software is used for managing the database on the server?

What is the Content Management System (CMS) hosted on the server?

What is the version number of the CMS hosted on the server?

What is the username for the admin panel of the CMS?

wpscan --url https://10.10.196.80:9007 --disable-tls-checks

During vulnerability scanning, OSVDB-3092 detects a file that may be used to identify the blogging site software. What is the name of the file?

What is the name of the software being used on the standard HTTP port?

What is the flag value associated with the web page hosted on port 8000?