This lab focuses on information gathering and reconnaissance techniques to analyze a target website. Participants will explore various aspects of the website to uncover potential vulnerabilities, sensitive files, and misconfigurations. By leveraging investigative skills, they will learn how to identify critical information that could assist in further penetration testing or exploitation.

Lab Environment

A website is accessible at target.ine.local. Perform reconnaissance and capture the following flags.

• Flag 1: This tells search engines what to and what not to avoid.

• Flag 2: What website is running on the target, and what is its version?

• Flag 3: Directory browsing might reveal where files are stored.

• Flag 4: An overlooked backup file in the webroot can be problematic if it reveals sensitive configuration details.

• Flag 5: Certain files may reveal something interesting when mirrored.

Tools

• Firefox

• Curl

• HTTrack

Note

In this lab, the flag will follow the format: FLAG1{MD5Hash} OR FL@G1{MD5Hash}. For example, FLAG1{0f4d0db3668dd58cabb9eb409657eaa8}. You need to submit only the MD5 hash string, excluding the braces. For instance: 0f4d0db3668dd58cabb9eb409657eaa8.

This tells search engines what to and what not to avoid.
visit: target.ine.local/robots.txt

What website is running on the target, and what is its version?

nmap -sC target.ine.local

Directory browsing might reveal where files are stored.

The stack is wordpress and Apache, so google potential directories in wordpress that can have listing enabled, here’s a list:

• http://target-site.com/wp-content/uploads/

• http://target-site.com/wp-includes/

• http://target-site.com/wp-content/plugins/

• http://target-site.com/wp-content/themes/

An overlooked backup file in the webroot can be problematic if it reveals sensitive configuration details.

Certain files may reveal something interesting when mirrored.