Welcome back amazing hackers I come up with another interesting blog on Tryhackme Vulnversity. This is the most important topic when you are going for bug bounty hunting.

At first, we can perform some Nmap scans for any ports or open or closed.

After the Nmap scan, I found out some useful information about the target.

I found port 21,22,139,445,3128 and 3333 are opened.

I checked how many ports does Nmap scan under -p-400 (400 ports).

What is the most likely operating system this machine is running?

Ubuntu

What port is the web server running on?

3333

Next phase finding directory brute-forcing.

gobuster dir -u http://<ip>:3333 -w <word list location>

This tool is used to find lists of directories in the target host.

I found useful information internal is used upload any files or folder which in turn useful in the reverse shell.

tryhackme vulnversity part 2: https://mukibas37.medium.com/tryhackme-vulnversity-part-2-f5af8651aac4