ターゲット // Hunit
PlatformOffSec Proving Grounds
OSLinux
DifficultyMedium
IP192.168.142.125

Enumeration

Nmap

▶ Nmap output
PORT      STATE SERVICE      VERSION
8080/tcp  open  http-proxy   (custom web app + REST API)
12445/tcp open  netbios-ssn  Samba smbd 4.6.2
18030/tcp open  http         Apache httpd 2.4.46 ((Unix))
43022/tcp open  ssh          OpenSSH 8.4 (protocol 2.0)

Everything is on non-standard ports. SMB (12445) and the Apache instance on 18030 turn out to be dead ends — the static site on 18030 is just a landing page, and Samba exposes nothing interesting. SSH sits on 43022, so keep that port in mind: any creds we find get tried there.