Registry
Logo Creator OS Difficulty Points Graph thek Linux Hard 40 Reconnaissance Registry is a Ubuntu host running a private docker registry server guarded by weak credentials. With some enumeration of the service, I was able to locate a certificate that allowed me to pull the docker image and examine the filesystem, which gave me an encrypted SSH key and its password. With the user account, I dug through the SQLite database for the web server and found admin credentials.
Bitlab
Logo Creator OS Difficulty Points Graph Frey & thek Linux Medium 30 Initial Scan I identified two open ports (22 and 80) with my quick scan: nmap -F 10.10.10.114. I’ll do a script scan to get some more information.
Nmap 7.80 scan initiated Mon Dec 2 13:52:48 2019 as: nmap -sC -sV -oN nmap/def-script -p 22,80 10.10.10.114 Nmap scan report for 10.10.10.114 Host is up (0.037s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.
Postman
Logo Creator OS Difficulty Points Release TheCyberGeek Linux Easy 20 Initial Scan I started with an initial NMAP scan of the host, and discovered ports 22, 80, and 10000.
Command: nmap -F -oN nmap/quick 10.10.10.160
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 10000/tcp open snet-sensor-mgmt Further script scanning revealed an Apache service and a MiniServ service.
Command: nmap -sC -sV -oN nmap/def-script -p 22,80,10000 10.10.10.160
80/tcp open http Apache httpd 2.