Hack the Box: Bashed

I ran NMAP.

Nmap 7.25BETA2 scan initiated Sat Feb 10 10:05:35 2018 as: nmap -vv -Pn -sS -A -sC -p- -T 3 -script-args=unsafe=1 -oA detailed_scan -n 10.10.10.68

Increasing send delay for 10.10.10.68 from 0 to 5 due to 379 out of 1262 dropped probes since last increase.
Nmap scan report for 10.10.10.68
Host is up, received user-set (0.26s latency).
Scanned at 2018-02-10 10:05:37 EST for 1856s
Not shown: 65485 closed ports
Reason: 65485 resets
PORT      STATE    SERVICE REASON                              VERSION
80/tcp    open     http    syn-ack ttl 63                      Apache httpd 2.4.18 ((Ubuntu))
|_http-favicon: Unknown favicon MD5: 6AA5034A553DFA77C3B2C7B4C26CF870
| http-methods:
|_  Supported Methods: OPTIONS GET HEAD POST
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Arrexel's Development Site
7515/tcp  filtered unknown no-response
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=7.25BETA2%E=4%D=2/10%OT=80%CT=1%CU=40317%PV=Y%DS=2%DC=T%G=Y%TM=5A
OS:7F1181%P=i686-pc-linux-gnu)SEQ(SP=101%GCD=1%ISR=10E%TI=Z%CI=I%TS=8)SEQ(S
OS:P=101%GCD=1%ISR=10C%TI=Z%CI=I%II=I%TS=8)SEQ(SP=100%GCD=1%ISR=10D%TI=Z%II
OS:=I%TS=8)SEQ(SP=101%GCD=1%ISR=10E%TI=Z%TS=8)OPS(O1=M508ST11NW7%O2=M508ST1
OS:1NW7%O3=M508NNT11NW7%O4=M508ST11NW7%O5=M508ST11NW7%O6=M508ST11)WIN(W1=71
OS:20%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M5
OS:08NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4
OS:(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%
OS:F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%
OS:T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%R
OS:ID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Uptime guess: 0.007 days (since Sat Feb 10 10:26:33 2018)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 256/tcp)
HOP RTT       ADDRESS
1   257.82 ms 10.10.14.1
2   259.11 ms 10.10.10.68


Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

# Nmap done at Sat Feb 10 10:36:33 2018 -- 1 IP address (1 host up) scanned in 1859.43 seconds

I checked port 80 then ran dirbuster.

Continue reading “Hack the Box: Bashed”