Exercise : Recon BiluBox Penetration Test

Hi everyone ..

Today I am going to write my penetration exercise of bilubox from vulnhub.com. Although this box has had so many walthrough but I am going to try to explain it in the different view. I am going to use the walkthrough that I got to make other easier to understand the tools used.

As penetration tester, You should have a clear steps during your work. here are the step

1. Reconnaisance

This process is to gather information from the target machine or network by getting the general information for setting up attack strategy.

There are two ways of doing this phase are by active and passive reconnaisance.

Active reconnaisance is activities that you do actively touching the target network or application such as by sending some packet and analysing its return. I used to use nmap for gather initial information

Passive reconnaisance is activities to gather the information by passive data such as doing the man in the middle attack or analysing the log of IDS so this activities do not touch directly the target machine or network but by analysing the other user (network traffic, user browser history and etc) accessing the target.

Most of the activities is to gather the below information

– Determine the network range
– Identify active machines
– Discover open ports and access points
– Fingerprint the operating system
– Uncover services on ports
– Map the network

There are pros and cons of doing the active and passive reconnaissance, here the below points

1. Active Reconnaisance

Pro : Fast, do the analyses directly to the system will give you fast result. But the cons is your activities is easy to be tracked by deffender since you will make some noise to the target network or machine.

2. Passive Reconnaisance

Pro : It is silent, hard to detect by deffender. The cons is take a longer time and more complex analyses.

For your information, My penetration testing was done using VM. Here is the environment

  1. Kali linux :
  2. Bilubox : 192.168.5.x (I don’t know yet, let do recon)

Since my environment is VM so that it is safe to do active attack, no one will get hurt by doing this.

for the first step I will start nmap from my kali linux box to scan the network. I will do as follow

nmap -sP -vv

with the above command, I am doing the host discovery because I do not know yet what my dhcp server give to the bilu box. the comand above will ping each ip in the subnet of with verbose. below is output.


The result of this scan would be as below


from the above result, we see that there in one host is up with the ip based on this information we can do further steps more advance reconnaisance.

Still in this phase, I will try to get more information by using nmap with different input flag.

nmap -vv  -sV -sC -O -oA scan.result


  • vv : very verbose
  • sV : get the banner of service and version
  • sC : use the default script
  • O : probe the target OS
  • oA : output the result to file

the successfull running script will have out put like below image


based on the result above we can find that the target operating system is Linux system with port open 80 for web app with title –==[[IndiShell Lab]]==– and ssh port at 22

so based on the condition finding above, we can set our strategy for the next phase (scanning) that we cat target for web apps and ssh.

I think thats all for the initial phase for the exercise. I will create the scanning phase in the different post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s