This was an easy difficulty box. It was pretty easy and straight-forward box. Good learning path for:
- LFI — File Enumeration
- Tomcat JSP Script Exploit
- Password Protected .zip File Abuse
- Linux LXD Container Breakout
Initial Recon
Nmap
Let’s begin with an initial port scan:
$ nmap -Pn --open -p- -sC -sV 10.10.10.194PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Mega Hosting
8080/tcp open http Apache Tomcat
|_http-title: Apache Tomcat
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Interesting Ports to Note
- HTTP (80/TCP) — Mega Hosting Web page.
- HTTP (8080/TCP) — Apache Tomcat Default Page.