eJPT - 1.2 CTF Footprinting & Scanning
HmadTable of contents
Question 1
The server proudly announces its identity in every response. Look closely; you might find something unusual.
We can firstly run an Nmap scan to get information about the server. If we run the Nmap -sC option, the first flag is revealed.
Question 2
The gatekeeper's instructions often reveal what should remain unseen. Don't forget to read between the lines.
We can see that there are 3 disallowed entries in the robots.txt file. We can navigate to the robots.txt file on our browser and look in the /secret-info/ directory.
Question 3
Anonymous access sometimes leads to forgotten treasures. Connect and explore the directory; you might stumble upon something valuable.
When we did our Nmap scan, we saw that FTP server allows anonymous login, so we'll login and then transfer the files to our computer to read the contents.
Question 4
A well-named database can be quite revealing. Peek at the configurations to discover the hidden treasure.
Looking at the creds.txt file which we just transferred to our system, we can see that it contains a username and password. From our Nmap scan, we can see that a MySQL server is open. We can connect to it with the provided credentials. We can now run the command:
show databases;
This will list all the databases, and we have found our last flag.
That’s it for this section. Next one up is the enumeration section.
— Hmad
Subscribe to my newsletter
Read articles from Hmad directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Hmad
Hmad
I'm a cybersecurity enthusiast with a growing focus on offensive security. Currently studying for the eJPT & ICCA, building hands-on projects like Infiltr8, and sharing everything I learn through blog posts and labs.