HTB Walkthrough - Base

Information Gathering
Scanned all TCP ports:
# save target IP as local variable
export ip='10.129.105.155'
#initial scan
rustscan -a $ip -- -sVC --open -oN initial
# scan results
ORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 f6:5c:9b:38:ec:a7:5c:79:1c:1f:18:1c:52:46:f7:0b (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQmgId8Z5lyLG718jzJ9KoLYQPuaKh/Z1++me8L01noJeFuv5RPeqgtoJSeWKcimm7Cw7q3HDUZEHL2LncJIad5v04ma8xgiAG+xUmiO+ntkOff06rtsEx51XRWrbuN4gcTxDCPQQyTJKnTAfleagTbtoWtPNvi82SzaaPyU88nhcn/72USczCeiVfRvawQCcAIHKqUnJzTGlSHAwd6Fj+4sq4CTw0MCrZSTG9JCQmyUVbCFJaF/AtQ0PDOQ/fVhZH8E7E+faAlJKWTYr2sIfQZmC7enT2W82zzWL/JRiQXgAzsI8B6JTJOl3gbmy3+rLY9H+1qztceYKaA8wjFT/5
| 256 65:0c:f7:db:42:03:46:07:f2:12:89:fe:11:20:2c:53 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA3Z4xQdzt1Zxsy5gdOFTrv3k9HtD0UppMhGWFIFWnHZgWAdONjTRzD/ZeiyGeDUgYWGGpQOzl74HXesdUhr+h0=
| 256 b8:65:cd:3f:34:d8:02:6a:e3:18:23:3e:77:dd:87:40 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbQMzI8ONrv2TFdy0S8PtObPfizkmQ+217qx1pejwce
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.29 ((Ubuntu))
|_http-title: Welcome to Base
|_http-server-header: Apache/2.4.29 (Ubuntu)
| http-methods:
|_ Supported Methods: POST OPTIONS HEAD GET
|_http-favicon: Unknown favicon MD5: FED84E16B6CCFE88EE7FFAAE5DFEFD34
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Steps 2 Pwn
By Tony Harkness
read more