A ctf for beginners, can it be rooted?
run nmap scan
nmap -T4 -A --top-ports 1000 10.10.58.73
We can see that 2 ports are open:
Port 22: OpenSSH v7.6p1 Ubuntu
Port 80: Apache webserver
Navigating to the website, we have the following information:
Wappalyzer also gives information on the server, php language, and OS.
Through the website we are told to use a dirbuster tool, so we are going to use it
dirbuster & we are going to look just for php files in the directories
Which gives the following directory structure:
If we navigate to http://10.10.58.73/panel
We have a file upload, which I’m going to try and upload a PHP reverse shell file, found here.