Starting with masscan Two web ports are open with SSL and without SSL. Lets explore without SSL (port 80) first. To start with we will try gobuster We found one directory /department. Browse it Hmm a login page, we can try few login details like admin/admin, guest/guest, admin/password, etc. But in this case none worked. […]
Starting with masscan port 53 is open which is for DNS. Lets see if we can transfer zones We discovered cronos.htb and admin.cronos.htb domains. Insert following in /etc/hosts file Browse both domains …. and admin domain Use a few common techniques to enter/bypass login like admin/admin, guest/guest, etc and finally tried with SQLi which worked. […]
Starting with masscan Two ports are open, web and ssh Browsing web, we see WordPress but site does not look good. To view it correctly we need to put following in our /etc/hosts file Then browsing the site. We can go to http://10.10.10.46/?author=1 to view the user in WordPress. This gives us user falaraki We […]
Nothing about hacking/pentesting. Just posting the song I am listening right now.
Starting with nmap. Scan all ports with masscan Doing another scan in open ports using default script. port 80 reveals Drupal website. Looking at CHANGELOG.txt we are using Drupal version 7.54. Simple Google searching, we found another exploit here. Oopss!! let me try that again. Sweet! I am iusr. what can I do?? Let’s grab […]
Starting with nmap Only three ports are open. On browsing http://10.10.10.11:8500 , we see two directories. These two folders represent ColdFusion. http://10.10.10.11:8500/CFIDE/administrator reveals following page: Coldfusion 6-10 is vulnerable to LFI attack. From the above screenshot, we know we have CF version is 8. We will use the following as suggested here. http://10.10.10.11/CFIDE/administrator/enter.cfm?locale=…………….\ColdFusion8\lib\password.properties%00en From above […]