eJPT - 1.4 CTF Vulnerability Assessment

PublishedApril 1, 2025

•1 min read

I'm a cybersecurity enthusiast with a growing focus on offensive security. Currently studying for the eJPT & ICCA, building hands-on projects like Infiltr8, and sharing everything I learn through blog posts and labs.

Part of serieseJPT

Question 1

Explore hidden directories for version control artefacts that might reveal valuable information

We can run an Nmap scan on the target to look at the hidden directories. You should find a git repository have a look at that on the target domain.

nmap -sV -sC (target ip)

Question 2

The data storage has some loose security measures. Can you find the flag hidden within it?

Looking at the robots.txt file, we can see that there is phpmyadmin page which is accessible. Once in, look through the databases and specifically the MySQL one.

Question 3

A PHP file that displays server information might be worth examining. What could be hidden in plain sight?

We can perform another Nmap scan on the target using the script http-enum. From this we can see that there is another PHP file called phpinfo.php.

Question 4

Sensitive directories might hold critical information. Search through carefully for hidden gems.

From our look at the robots.txt file. We can see that there is /passwords directory.

That’s it for this section. Next one up is the auditing fundamentals section.

— Hmad

#ejpt #ctf #ctf-writeup #vulnerability

Comments

Join the discussion

No comments yet. Be the first to comment.

eJPT

Part 17 of 24

In this series, I'll be documenting the notes I take while studying for the eJPT (Junior Penetration Tester) certification by iNE Security. I'll include write-ups to the CTF's or Skill Checks as iNE calls them.

eJPT - 1.4 Vulnerability Assessment

Windows Vulnerabilities Has been the dominant OS worldwide for a while Vulnerabilities ranging from MS08-067 to MS17-010 Has various OS versions and releases, makes the threat surface fragmented They share a likeness given the development and phi...

More from this blog

eJPT - 4.1 CTF Introduction to the Web & HTTP Protocol

Question 1 Sometimes, important files are hidden in plain sight. Check the root ('/') directory for a file named 'flag.txt' that might hold the key to the first flag. For this task, we have been told that a website is running (on port 80) so we don...

Jul 14, 20252 min read

eJPT - 4.1 Introduction to the Web & HTTP Protocol

Introduction Web applications are software programs that run on web servers and are accessible over the internet through web browsers. They are designed to provide interactive and dynamic functionality to users allowing them to perform various tasks,...

Jul 14, 202512 min read

eJPT - 3.6 Social Engineering

Introduction In the context of penetration testing, social engineering is a technique used to manipulate individuals or employees within an organization to gain unauthorised access to sensitive information, systems of facilities. Social engineering w...

Jul 12, 20257 min read

eJPT - 3.5 CTF Post-Exploitation

CTF 1 Question 1 The file that stores user account details is worth a closer look. (target1.ine.local) After doing an Nmap scan on the target, we can see that port 22 is open and running libssh for which there is a Metasploit module available to ex...

Jul 10, 20254 min read

eJPT - 3.5 Post-Exploitation

Introduction Post-exploitation is the final phase of a penetration test. it consists of the tactics, techniques and procedures that attackers undertake after obtaining initial access on a target system. It involves what you do once you have gained an...

Jul 7, 202519 min read

H

HmadSec

44 posts

Hmad here. This blog is my personal space to document everything cybersecurity - from certification notes to lab writeups, CTF solutions, and more.