经历了上一个靶机的摧残，我发现我现在变强了（准确说不再那么胡思乱想了）

1.每次都给个ip就只能nmap起手了

nmap -p - -T4 -A -v <IP>

2.开放了http服务直接访问

发现是一个安装默认页，紧接着就是扫目录和文件我这边使用的是kali自带的dirb，当然用御剑等其他软件也可以

dirb <ip>

3.紧接着访问admin.php,是一个登录框

4.随手一个admin：admin 直接拿到了flag

5. 问题及答案

What is considered to be one of the most essential skills to possess as a Penetration Tester?
->dir busting
What switch do we use for nmap's scan to specify that we want to perform version detection
->-sV
What service type is identified as running on port 80/tcp in our nmap scan?
->http
What service name and version of service is running on port 80/tcp in our nmap scan?
->nginx 1.14.2
What is a popular directory busting tool we can use to explore hidden web directories and resources?
->gobuster
What switch do we use to specify to gobuster we want to perform dir busting specifically?
->dir
What page is found during our dir busting activities?
->admin.php
What page is found during our dir busting activities?
->200