Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Campana feliz

machine downloaded from: https://thehackerslabs.com/

difficulty: Beginner

OS: Linux

8 September 2025


  1. Scanning interfaces
arp-scan -I eth1 -l
  1. Scanning ports and services
nmap -p- -sS -sC -sV -n -Pn -vvv 192.168.56.106 -oN nmap_report.txt

The scan revealed three active services:

  • SSH service running on port 22
  • HTTP service running on port 8088
  • Webmin service running on port 10000
  1. Directory enumeration
gobuster dir -u http://192.168.56.106:8088 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,js

This identified the file: shell.php file.

  1. At the url http://192.168.56.106:8088/index.html, the source contained a Base64-encoded comment.

Decoding it revealed a username: campana:

  1. The URL http://192.168.56.106/shell.php contained a login form. Using Hydra, I brute-forced the password for user campana:
hydra -l campana -P /usr/share/wordlists/rockyou.txt -f 192.168.56.106 -s 8088 http-post-form "/shell.php:username=^USER^&password=^PASS^:Username or password invalid"
  1. With the cracked credentials, I accessed a shell. Inside, I found a file containing Webmin login credentials.
  1. After logging into the Webmin panel, I confirmed it was running an outdated version. The panel exposed a console with root permissions. Using this, I obtained both the user and root flags.