Cyborg Room Walkthrough

2024-11-17 3 min read TryHackMe Cyborg CTF OSINT Pentesting

Room Overview

Room URL: Cyborg

Room IP: 10.10.79.217 - This will be different for you.

Recon

We begin our reconnaissance phase by scanning the target using Nmap. This helps us identify the open ports and services running on the machine.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
Starting Nmap 7.60 ( https://nmap.org ) at 2024-10-28 16:28 GMT
Nmap scan report for ip-10-10-79-217.eu-west-1.compute.internal (10.10.79.217)
Host is up (0.018s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 db:b2:70:f3:07:ac:32:00:3f:81:b8:d0:3a:89:f3:65 (RSA)
|   256 68:e6:85:2f:69:65:5b:e7:c6:31:2c:8e:41:67:d7:ba (ECDSA)
|_  256 56:2c:79:92:ca:23:c3:91:49:35:fa:dd:69:7c:ca:ab (EdDSA)
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
MAC Address: 02:1F:A9:A5:69:89 (Unknown)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Nmap done: 1 IP address (1 host up) scanned in 8.96 seconds

Web Enumeration

Next, we perform directory enumeration using Gobuster to find hidden directories on the web server.

Continue reading