We covered scanning hosts for services, open ports, running software, hidden directories using scanning tools such as Nmap and Nikto. We gathered details such as the ports the webserver is running on, the version of the webserver, domain and email information, hidden directories, the PHP version and the content management system running on the machine. We also discovered ssh and FTP server along with other services running on non-standard ports. This was part of TryHackMe Probe.

Get OSCP Notes

The Complete Practical Web Application Penetration Testing Course

We used the below commands to run the Nmap scans:

nmap -p- -T4 IP

nmap -p80,1443,9007,443 -A IP

We also used the below commands to scan for hidden directories with gobuster

sudo dir gobuster -u http://IP:8000 -w /usr/share/wordlists/dirbuster/common.txt

We used Nikto and wpscan to reveal more detail about the webserver and the CMS

wpscan –url http://IP:9007 –enumerate ap,at,cb,dbe –disable-tls-checks

wpscan –url http://IP:9007 –enumerate u –disable-tls-checks

Room Answers

What is the version of the Apache server?

What is the port number of the FTP service?

What is the FQDN for the website hosted using a self-signed certificate and contains critical server information as the homepage?

What is the email address associated with the SSL certificate used to sign the website mentioned in Q3?

What is the value of the PHP Extension Build on the server?

What is the banner for the FTP service?

What software is used for managing the database on the server?

What is the Content Management System (CMS) hosted on the server?

What is the version number of the CMS hosted on the server?

What is the username for the admin panel of the CMS?

During vulnerability scanning, OSVDB-3092 detects a file that may be used to identify the blogging site software. What is the name of the file?

What is the name of the software being used on the standard HTTP port?

What is the flag value associated with the web page hosted on port 8000?

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles