Box full of recon

Hi Team,

Has anyone done “Box full of recon” , I am not sure what is expected from 1st flag. I found and exploited 2nd and 3rd.
The question is : What is the flag found during the initial scanning?
And description is :Hint: The first flag will be a web-related vulnerability.
I’ve enumerated service running on port 8081 as blackice-icecap

image
I think we were meant to look for that first since these ports are open, but there is an smb server on the other subnet, and too, that was my thought. Metasploit isn’t really cracking the conditionals on it either.

But that is my guess

Yeah enumerated all IP that are up with nmap -sV -A --script vuln and nothing fits the asked patter in question. The second flag was just nmap ftp brute force and 3rd one was metasploit.
The first one was supported only to be name of vulnerability but I am completely lost.

Yeah, I agree; I was going to go back to that one later today in Burbsuite on one of the addresses and check the cookies or dirb the website to see if it’s an HTTP attack is possible.

Thinking about it, I haven’t been on just yet, but maybe Metasploit may need to be used; try Rejetto HTTP File Server exploit if it is opened. I just thought of that. But perhaps that was the missing key here. Not sure. But one idea I had, but as a thought.

The issue is, in wording :during the initial scan, flag will be web-based vulnerability.

1 Like

Hi all… a series of fixes are inbound. Thank you for bringing these to our attention.

For the first flag, nmap scanning will suffice. The word ‘vulnerability’ is perhaps a misnomer, however it’ll be painfully obvious from the scan output what the flag is.