CTF - Vulnerability Assessment

Question 1

Explore hidden directories for version control artefacts that might reveal valuable information

We can run an Nmap scan on the target to look at the hidden directories. You should find a git repository have a look at that on the target domain.

nmap -sV -sC (target ip)

Question 2

The data storage has some loose security measures. Can you find the flag hidden within it?

Looking at the robots.txt file, we can see that there is phpmyadmin page which is accessible. Once in, look through the databases and specifically the MySQL one.

Question 3

A PHP file that displays server information might be worth examining. What could be hidden in plain sight?

We can perform another Nmap scan on the target using the script http-enum. From this we can see that there is another PHP file called phpinfo.php.

Question 4

Sensitive directories might hold critical information. Search through carefully for hidden gems.

From our look at the robots.txt file. We can see that there is /passwords directory.

Previous1.4 Vulnerability Assessment NextHost & Network Auditing

Last updated 9 days ago