Sedna is the second vulnerable VM released by hackfest.ca this month. Much of the first steps of enumeration will be similar to that of my write up for the first VM in the series. The first thing I start with is an Nmap scan. The output is below, shortened for brevity.
root@kali:~# nmap 10.0.1.22 -p- -sV -A
Starting Nmap 7.25SVN ( https://nmap.org ) at 2017-03-18 23:47 EDT
Nmap scan report for 10.0.1.22
Host is up (0.00050s latency).
Not shown: 65523 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
| http-robots.txt: 1 disallowed entry
|_http-server-header: Apache/2.4.7 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
|_ Potentially risky methods: PUT DELETE
|_http-open-proxy: Proxy might be redirecting requests
|_http-title: Apache Tomcat
Like before, the…