Port 80 has a site that allows you to purchase ebooks, and gobuster finds the “/admin.php” page, among others.
I always run nikto and gobuster on ports with web services, and while the former doesn’t find anything interesting, we have found some interesting pages using the latter. All guesses of the services listed in the above screenshot are correct except for the three highest ports, all of which are running web services.
With the -A option passed to nmap we learn more, including a guess at the operating system and details on the services running. Lots to look at here, and of course, this is the abbreviated scan result. This machine is located at 172.16.0.130, and with that information, we can scan for some open ports. VMware’s host-only network doesn’t work the same as VirtualBox’s, where you also see your host machine and the virtual network’s DHCP server addresses. It’s because of the way it interacts with the virtual host-only network! If I left it as bridged, it would likely work.) It’s easy to identify our target in the output of the scan, as its IP address is the only one found besides my attacker’s. (I finally figured out why netdiscover doesn’t work for me. I like to start off with an nmap ping scan to find the vulnerable host. With that out of the way, we’re ready to start scanning this machine! Scanning My attacking machine is also in VMware, so we just need to ensure it also has a network interface connected to the host-only network. I then like to go in and ensure the network setting is set to a “host-only” network so that it is not exposed to anyone except my attacking machine.
DHCP is also enabled, so we will need to discover the host’s address after it boots. It mentions that this machine was tested with VMware Workstation, so we’ll run it in VMware. Always read the description to see if there’s anything the author shared that they think is important.