Background Info: Welcome to Quaoar
This is a vulnerable machine I created for the Hackfest 2016 CTF http://hackfest.ca/
Difficulty : Very Easy
To begin we start with netdiscover to establish the target IP address.
Netdiscover reveals the targets IP address is 172.16.250.131
Next up, the attacker uses nmap to see what ports and services are open.
Nmap reveals SEVERAL open ports. Port 80 is used for web hosting and is always an interesting start. The attacker pointed his browser to the IP address.
Nothing very interesting on the landing page. Clicking on the home page leads to a .jpg, with nothing in the page source.
The next step was to use nikto to crawl the website and gather more information.
Nikto revealed robots.txt, which in turn revealed a wordpress login page.
This was supposed to be a very easy machine so I tried the default admin/admin and logged in.