Offsec - Clue
The reconnaissance phase involved scanning the target IP address using Nmap, which revealed open ports and services. Further investigation focused on the web server and port 3000, which indicated the presence of a web application. Directory discovery techniques were used, including Dirbuster and Gobuster, which uncovered some directories with content. A remote file read exploit was found for Cassandra Web, allowing access to sensitive files. Passwords were revealed, but attempts to log in via SSH were unsuccessful. The Freeswitch service was also explored, but no successful exploits were found. Finally, using Samba, read permissions were obtained for backups, allowing access to archives of Cassandra and Freeswitch. The password for Freeswitch was obtained from a configuration file, but no further access was gained. Overall, the reconnaissance phase involved thorough scanning and exploitation of various services.