FLAG57

FLAG58

FLAG59

Enumeration

PORT      STATE SERVICE  VERSION
22/tcp    open  ssh      OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 4e:aa:fd:e7:95:bf:9e:74:b0:e0:f7:a5:50:58:3d:5c (RSA)
|   256 d5:e8:42:80:9f:c1:83:34:38:c7:c9:aa:10:f6:c3:12 (ECDSA)
|_  256 c9:ce:7c:12:42:0f:95:66:23:17:fc:4c:aa:04:d6:66 (ED25519)
80/tcp    open  http     Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Apache2 Ubuntu Default Page: It works
|_http-server-header: Apache/2.4.41 (Ubuntu)
443/tcp   open  ssl/http Apache httpd 2.4.41 ((Ubuntu))
| ssl-cert: Subject: commonName=bluewhale/organizationName=blue whale/stateOrProvinceName=HongKong/countryName=HK
| Not valid before: 2020-06-21T19:31:05
|_Not valid after:  2030-06-19T19:31:05
|_http-title: 400 Bad Request
| tls-alpn: 
|_  http/1.1
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_ssl-date: TLS randomness does not represent time
3306/tcp  open  mysql    MySQL 8.0.20-0ubuntu0.20.04.1
|_ssl-date: ERROR: Script execution failed (use -d to debug)
|_tls-nextprotoneg: ERROR: Script execution failed (use -d to debug)
|_tls-alpn: ERROR: Script execution failed (use -d to debug)
|_sslv2: ERROR: Script execution failed (use -d to debug)
| mysql-info: 
|   Protocol: 10
|   Version: 8.0.20-0ubuntu0.20.04.1
|   Thread ID: 47
|   Capabilities flags: 65535
|   Some Capabilities: Speaks41ProtocolNew, SupportsCompression, SupportsTransactions, ODBCClient, Speaks41ProtocolOld, Support41Auth, InteractiveClient, SupportsLoadDataLocal, IgnoreSigpipes, IgnoreSpaceBeforeParenthesis, DontAllowDatabaseTableColumn, LongColumnFlag, SwitchToSSLAfterHandshake, LongPassword, FoundRows, ConnectWithDatabase, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments
|   Status: Autocommit
|   Salt: O{\\x1CVl^:`WvaQpReb%#%\\x12
|_  Auth Plugin Name: caching_sha2_password
|_ssl-cert: ERROR: Script execution failed (use -d to debug)
33060/tcp open  mysqlx?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at <https://nmap.org/cgi-bin/submit.cgi?new-service> :
SF-Port33060-TCP:V=7.92%I=7%D=7/31%Time=62E6296F%P=x86_64-pc-linux-gnu%r(G
SF:enericLines,9,"\\x05\\0\\0\\0\\x0b\\x08\\x05\\x1a\\0");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

┌──(kali㉿kali)-[~]
└─$ gobuster dir -u <http://10.150.150.123> -w /usr/share/wordlists/dirb/common.txt -q -t 200   
/.hta                 (Status: 403) [Size: 279]
/index.html           (Status: 200) [Size: 10918]
/javascript           (Status: 301) [Size: 321] [--> <http://10.150.150.123/javascript/>]
/server-status        (Status: 403) [Size: 279]

FLAG57

FLAG58

FLAG59

Enumeration

Exploitation

Privilege Escalation