Offsec - CyberSploit1 - Apr 20th 2023

OG Vulnhub box: https://www.vulnhub.com/entry/cybersploit-1,506/

Since target was given I don't have to run netdiscover to find target:

Target is: [LAB_IP]

$ nmap [LAB_IP] -p- -sV

Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-20 17:07 EDT

Nmap scan report for [LAB_IP]

Host is up (0.0013s latency).

Not shown: 65533 closed tcp ports (conn-refused)

PORT   STATE SERVICE VERSION

22/tcp open  ssh     OpenSSH 5.9p1 Debian 5ubuntu1.10 (Ubuntu Linux; protocol 2.0)

80/tcp open  http    Apache httpd 2.2.22 ((Ubuntu))Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 9.31 seconds

Check firefox on 80

This image shows up. Time to check directories and subdirectories. Time to run dirb and subdirwith the former for directories(website.com/page1) and latter for subdirectories such as app.website.com

???(kali?kali)-[~]

??$ dirb http://[LAB_IP]

DIRB v2.22

By The Dark Raver

START_TIME: Thu Apr 20 21:19:08 2023

URL_BASE: http://[LAB_IP]/

WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

GENERATED WORDS: 4612

---- Scanning URL: http://[LAB_IP]/ ----

• http://[LAB_IP]/cgi-bin/ (CODE:403|SIZE:289)