@gavroche said:
Hey! I’m really sorry, but I think that I might need a huuuge help there… I’m trying to learn so I’m really new, and I’m also verry stuck…
So what I did :
nmap scan
dirbuster scan and found a few pages ‘test1.php’, ‘php-reverse-sell.php’, …
Some of these may be left behind by people who are attacking the box but dont really know what they are doing.
Unfortunately, there is no clean way for you to tell good from bad here. My suggestion is to wait a bit, then reboot the box. Hopefully you can scan it before the idiots upload 10 million pointless shells.
inspect the webpage, done some research on the creator…
This is the key. If you haven’t got an idea where to go next, do more research.
Burpsuite
You dont need this.
nessus won’t open for some reason…
You dont need this.
tried a few things : “ssh Xh4H@10.10.10.181” and an all lot of passwords that didn’t work…
This is unlikely to work.
so I’m kinda begging for help right there… in fact almost a walk through I guess…
Do more research on the creator. Take the clue from the page and look into that more. Then make your own list of possible words and search for that (Dirb/Gobuster/Dirbuster/Whatever).
feel free to pm and if you have any free suggestions to learn pen testing I’m also interested !
Practice makes perfect. There isn’t one single path to “learn” pentesting - it is a collection of knowledge on a variety of techniques. CTFs like HTB are awesome at practising techniques but aren’t always the same as learning pentesting.
If you want courses, Pluralsight are offering courses free in April which is worth looking into.
Thx !!