Welcome!

Enumeration Nmap We start by enumeration by using the usual nmap scans (adding -Pn because I have issues with host discovery on this network for some reason): We see that the host is running an Apache Tomcat webserver. Website We access the website in our browser: The most interesting part is the button to access the Manager App, which when pressed prompts for credentials. After trying with manually putting usual default credentials to no avail we try using Metasploit to handle this with the default wordlists in the module auxiliary/scanner/http/tomcat_mgr_login: ...

Enumeration Nmap We start by enumerating by using the usual nmap scans: but we see that the host is not identified, so we try using the suggested -Pn option: Here we see that the host is running OpenSSH, an SMB server samba 3.0.20-Debian and an FTP server vsFTPd 2.3.4 which allows anonymous login. FTP Logging into FTP with the anonymous credentials anonymous:anonymous results in an empty directory: SMB Checking the shares on SMB with smbmap yields: where only the tmp share is available. ...

Enumeration nmap First we enumerate using the usual nmap scans: This shows that port 445 running SMB is open and that the host runs on Windows XP. SMB We try to log in without authentication using smbmap and smbclient: but see that it does not work. nmap vuln Since the host runs Windows XP there might be some vulnerabilities that are easily exploitable with nmap. We can check if the host has any obvious vulnerabilities that we can exploit on port 445 with the vuln script from nmap: ...

Enumeration nmap First we enumerate using the usual nmap scans: This reveals the open port 445 running SMB and that the host runs Windows 7 Professional. SMB We can check these smb shares hosted by port 445 by providing bogus credentials: where we see that Share and Users are readable. These are however empty and does not get us any further. nmap vuln Instead we might use the other information provided from our nmap scan, that the user runs an old windows version. We can check if the host has any obvious vulnerabilities that we can exploit on port 445 with the vuln script from nmap: ...