that is intended, you should read nmap manual to see if there is an option that scans for ports other than the default ones.
hello, i am stuck at S***, can you give me any hint, i tried to modified some setting in admin portal, but no work.
At attack machine i only receive the Header response
2 Likes
Check the nmap scan again.
I just root the box…
The vulnerabilitys that you find are the vulnerabilitys that you need to use, do not get crazy trying weird stuff as i did… when you solve it you would find that you overcomplicate everything for no reason. But as is in my case is the missing of experience… xD
3 Likes
Did you add the ip address to /etc/hosts?
not necessary…
Finally rooted it. Thanks all for the great discussion posts. It was easy in hindsight but also easy to over complicate it
Anyone up that could give me a nudge for root i know im super close…
Thanks. It helps to concentrate on and solve this machine.
Feel free to dm if you want
Done with the machine 
…Need to practice and focus more on small things which I mostly ignore every time.
PS - Thanks everyone here for helping me go on the correct way 
finally rooted … sometimes its better to think “easy” … been stuck a while in the rabbit hole :>
1 Like
Any hints, I’m stuck to get the reverse shell
Foothold it’s really easy but it’s quite complex how to send stuff with the initial foothold … anyone menaged to encode as base64? is the right path? BAD request called by python debug seems that it’s not correctly set the payload itself … i can reach what i looking for…
usually raw commands work
You don’t need to encode anything.
I found the POC for exploit but can’t get a shell , any hint ?
Please DM me 
Hi guys, is that normal I can’t connect to web app though port 80 and I have 2 unknown services in nmap output ?