Welcome to the first lab writeup in the eJPT certification course! This walkthrough will serve as a guide to better your understanding of how I approached these rooms. These notes are a combination of what I learned from the course, other writeups, and my own experience in hacking from other platforms. There may be more effective ways of solving some of these challenges and you’re encouraged to read other walkthroughs of the same room to better enhance your enumeration and overall hacking skills. Good hunting!

Lab Environment

A website is accessible at http://target.ine.local. Perform reconnaissance and capture the following flags.

Attacking IP: 192.214.165.2

Target IP: 192.214.165.3

Flag 1: This tells search engines what to and what not to avoid.

The first challenge is a pretty straight forward challenge. The task is referring to the /robots.txt file of our target. The purpose of searching here is because sometimes organizations can sometimes unintentionally reveal sensitive information about application pathways.

We can easily access this by simply going to the URL and typing in the target address and adding /robots.txt at the end revealing the flag screenshot below.

target.ine.local/robots.txt

{C584FD02-61D4-41D5-9283-C1C8139EA46D}.png

FLAG1{4448b262fae84e5591bc1c56c754459c}

IMPORTANT NOTE: Make sure you’re understanding the HOW and WHY behind where you find flags throughout these labs. There aren’t flags in real world penetration testing. There are decision making processes you make when you come across certain opportunities, credentials, roadblocks, and other important artifacts. Understanding this will make you a better hacker.

Flag 2: What website is running on the target, and what is its version?

We can find the second flag by running an nmap script scan that shows us what services are running on open ports. An nmap scan is going to be one of your first steps of enumeration so it’s very important to understand this tool and the various ways it can work.

nmap -sV -sC 192.214.165.3

Starting Nmap 7.94SVN ( <https://nmap.org> ) at 2026-01-03 03:22 IST
Nmap scan report for target.ine.local (192.214.165.3)
Host is up (0.000026s latency).
Not shown: 999 closed tcp ports (reset)

PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: INE
|_http-generator: WordPress 6.5.3 - FL@G2{72329a7696aa43c19a94ab9ac3d2890a}
|_http-server-header: Apache/2.4.41 (Ubuntu)
| http-robots.txt: 1 disallowed entry 
|_/wp-admin/
MAC Address: 02:42:C0:D6:A5:03 (Unknown)