Hello everyone! 👋

In this blog, I’ll walk through eJPT CTF (Vulnerability Assessment) and explain how I approached the lab to find all the flags. Instead of sharing answers directly, the focus is on methodology, enumeration techniques, and logical reasoning.

This CTF was fairly easy compared to others, but it’s still a good exercise in spotting common weaknesses and hidden information on a target web server. The goal here is simple: enumerate properly, think logically, and grab the flags.

So, let’s dive into the lab.

Initial Recon

The lab provided Nessus credentials, but I intentionally did not use Nessus.

First, I kicked off an Nmap scan: nmap target.ine.local -T4 -sS -sV --script=vuln

-T4 — Faster, aggressive scan timing
-sS — TCP SYN (half-open) scan
-sV — Detect service versions
--script=vuln — Run vulnerability detection scripts

I also performed directory enumeration using Dirb:dirb http://target.ine.local

While Nmap was running, I quickly checked the robots.txt file through the browser.

Q1: Explore hidden directories for version control artifacts that might reveal valuable information.

While carefully scrolling through the Nmap results, I noticed that the .git directory was accessible on the web server.

I navigated directly to the .git directory.

And there we go — we get the first flag 🎉