nmap -p- -T4 10.10.10.146
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-07 13:05 EDT
Nmap scan report for 10.10.10.146
Host is up (0.092s latency).
Not shown: 65532 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
nmap -sC -sV -p 22,80,443 10.10.10.146
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-07 13:11 EDT
Nmap scan report for 10.10.10.146
Host is up (0.088s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey:
| 2048 22:75:d7:a7:4f:81:a7:af:52:66:e5:27:44:b1:01:5b (RSA)
| 256 2d:63:28:fc:a2:99:c7:d4:35:b9:45:9a:4b:38:f9:c8 (ECDSA)
|_ 256 73:cd:a0:5b:84:10:7d:a7:1c:7c:61:1d:f5:54:cf:c4 (ED25519)
80/tcp open http Apache httpd 2.4.6 ((CentOS) PHP/5.4.16)
|_http-server-header: Apache/2.4.6 (CentOS) PHP/5.4.16
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
443/tcp closed https
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.54 seconds
Enumeration
Port 80
Gobuster
Was able to download code
Analyzing PHP code
We're checking for how a user interacts with a server through php code
Analyzing the upload.php code we fine
Mime
Magic bytes trick a file into thinking that it is another file
