Basic Pentesting

This is a machine that allows you to practice web app hacking and privilege escalation

In these set of tasks you’ll learn the following:

  • brute forcing
  • hash cracking
  • service enumeration
  • Linux Enumeration

First thing it wants us to do is to find the services exposed by the machine

This can be done using Nmap

Next it would like us to locate any hidden directories. To locate these we are going to utilize Gobuster


/development looks like the hidden directory we are looking for

Our next step is to locate a username and password

using enum4linux we are able to locate the username Jan (other user is Kay for future question)

To find the password we are going to utilize Hydra and attack SSH. This will probably take some time