nmap scan gives the below ports, so basic FTP, SSH and HTTP 21 80 22 Upon accessing the port 80 we get a network administrator dashboard:

IP: 10.10.10.242 Nmap Scan: nmap -sC -sV -p- -oN knife.txt 10.10.10.242 So We have only 2 basic ports open 22- for SSH, 80 for any web application. Let’s analyze port 80 further.

My first android Box. nmap quick scan gave nothing, so had to perform full scan. Found these some ports as below 2222/tcp open ssh (protocol 2.0) 42135/tcp open tcpwrapped 42489/tcp open tcpwrapped 59777/tcp open http Bukkit JSONAPI httpd for Minecraft game server 3.6.0 or older searching for 59777 we got…

nmap scan port 22 and 80 in basic scan, still we will go for full scan. command: nmap -sC -sV -p- -oN bounty-hunter.nmap 10.10.11.100 Anyway full scan also shows only 2 ports.

nmap scan. Major port 22 ad 80, means 22 for SSH 80 for web application to find a foothold. On web page we don’t find a lot again, so let’s burp it and see what’s going on. From the dirbuster result we come across alot of webpages some of them…

Challenge 1:- Insecure Logging

Step 1: Install burp suite on your Laptop/Desktop. If you haven’t already installed burp suite on your hacking machine please follow the blog to install burp suite. Step 2: Get the ip of your hacking machine from the command prompt using ipconfig command.

To install MOBSF follow the steps given on the https://mobsf.github.io/docs/#/ URL.