Not a Pentester Academy student? Try our Free Communitiy Labs
In this challenge we will look at the dictionary attacks on NodeJS server. Please start the lab and answer the following questions:
- Which nmap command we can use to verify that the basic authentication mechanism is deployed on the target server?
- Which curl command we can use to verify that the basic authentication mechanism is deployed on the target server?
- Find the credentials required to access the web app hosted on the target server? Use Hydra.
User list: /usr/share/metasploit-framework/data/wordlists/unix_users.txt
Password list: wordlists/100-common-passwords.txt
- Fetch the flag from the webroot directory of the target server.
- This lab is dedicated to you! No other users are on this network :)
- Once you start the lab, you will have access to a root terminal of a Kali instance
- Your Kali has an interface with IP address 192.X.Y.Z. Run "ip addr" to know the values of X and Y.
- The Target machine should be located at the IP address 192.X.Y.3.
- Do not attack the gateway located at IP address 192.X.Y.1
|1.||Fetch the flag from the webroot directory of the target server:||
- Using automated scanners
- Using brute force attacks
- Denial of Service attacks
- Attacking the lab infrastructure
Users violating the above will be either temporarily or permanently banned from the website.
Technical Support for this Lab:
We currently provide technical support limited to:
- Giving hints for a lab exercise
- A lab exercise fails to load or has errors in it