TryHackMe: Vulnversity
--
What I’ve learned in this room.
We will start with Task 2, since in the Task 1 you are just required to deploy the machine.
Task 2: Reconnaissance
And we start our reconnaissance with the classics: Nmap (cheat sheet by SANS).
You can also refer to the table presented by TryHackMe:
Although in the beginning of the task THM already tells you which flag to use to scan the target:
Scan this box: nmap -sV <machine’s ip>
Scan the box, how many ports are open?
6
What version of the squid proxy is running on the machine?
3.5.12
How many ports will nmap scan if the flag -p- 400 was used?
400
Using the nmap flag -n what will it not resolve?
DNS
What is the most likely operating system this machine is running?
Ubuntu
What port is the web server running on?
3333
Task 3: Locating directories using GoBuster
Again in this task THM let’s you know what to do:
run GoBuster with a wordlist: gobuster dir -u http://<ip>:3333 -w <word list location>
Also THM mentioned that If you are using Kali Linux you can find the wordlists under /usr/share/wordlists. And that’s what I did, cd into that directory and found the most suitable wordlist for brute-forcing the directories with GoBuster. You can see my scan results below: