This is a machine that allows you to practice web app hacking and privilege escalation
In these set of tasks you’ll learn the following:
- brute forcing
- hash cracking
- service enumeration
- Linux Enumeration
First thing it wants us to do is to find the services exposed by the machine
This can be done using Nmap
Next it would like us to locate any hidden directories. To locate these we are going to utilize Gobuster
/development looks like the hidden directory we are looking for
Our next step is to locate a username and password
using enum4linux we are able to locate the username Jan (other user is Kay for future question)
To find the password we are going to utilize Hydra and attack SSH. This will probably take some time