Given Target: [LAB_IP]

Recon

nmap --top-ports 4000 -T5 -oN openPorts.txt [LAB_IP] Nmap scan report for [LAB_IP] Host is up (0.065s latency). Not shown: 3998 filtered tcp ports (no-response) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http

nmap -p22,80 -T4 -sC -sV -oN services.txt [LAB_IP] Nmap scan report for [LAB_IP] Host is up (0.056s latency). Bug in http-generator: no string output. PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 62:36:1a:5c:d3:e3:7b:e1:70:f8:a3:b3:1c:4c:24:38 (RSA) | 256 ee:25:fc:23:66:05:c0:c1:ec:47:c6:bb:00:c7:4f:53 (ECDSA) |_ 256 83:5c:51:ac:32:e5:3a:21:7c:f6:c2:cd:93:68:58:d8 (ED25519) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |http-title: All topics | CODOLOGIC | http-cookie-flags: | /: | PHPSESSID: | httponly flag not set |_http-server-header: Apache/2.4.41 (Ubuntu) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

dirbuster + dirb