Pentest Limited's BSides Edinburgh Write up

Thursday, June 1. 2017
Security

This is the second VM that I have tried from Pentest Limited. The report of the Securi-Tay CTF challenge can be found here. As usual, I downloaded the VM (located here) and imported it in to virtual box. Once I had changed the networking to my local host based network (vmbox0), I was ready to start taking a closer look. Initially, I did a ping sweep to determine the IP address of the target.




# nmap -sP 192.168.56.1/24



Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-20 22:56 BST

Nmap scan report for 192.168.56.100

Host is up (0.000065s latency).

MAC Address: 08:00:27:E0:C9:C2 (Oracle VirtualBox virtual NIC)

Nmap scan report for 888.darknet.com (192.168.56.103)

Host is up (0.0012s latency).

MAC Address: 08:00:27:31:B6:3A (Oracle VirtualBox virtual NIC)

Nmap scan report for 192.168.56.1

Host is up.

Nmap done: 256 IP addresses (3 hosts up) scanned in 2.94 seconds






Once I had the IP address, I then performed a port scan of the main server to reveal a single TCP port open (80 - HTTP):




# nmap -sT 192.168.56.103



Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-20 22:56 BST

Nmap scan report for 888.darknet.com (192.168.56.103)

Host is up (0.00066s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE

80/tcp open  http

MAC Address: 08:00:27:31:B6:3A (Oracle VirtualBox virtual NIC)





Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds




So without much delay I fired up a web browser, burp suite, archni and dirbuster and took a closer look...