Download a virtual machine via link.
First, you have to establish network connection between kali and this “final” machine over VMware or VirtualBox (if you have any problem, let me know). You can check this step with the ifconfig and netdiscover command in kali. After that, scan the open services on the machine with nmap and check for known vulnerabilities. if you do not find any, try to check web application on port 80, maybe it has some bugs.
Once downloaded and installed, the following actions must be taken:
- Launch a semiautomatic scan to identify possible vulnerabilities of the web.
- For those vulnerabilities detected, check if they are false positives or if they are real threats.
- Exploit vulnerabilities detected with other tools than the vulnerability detection.
- Perform an escalation of privileges.
- Carry out an analysis of the rest of services in execution.
All the steps must be correctly explained, adding evidence (semiautomatic tool result report, screenshots, etc.).
The virtual machine has 10 flags distributed throughout the system. It is important to keep in mind that it is not necessary to have a user in the systems.