Gobuster
Last updated
Last updated
Start basic subdomain enumeration scan:
gobuster dir -u http://10.10.72.153/ -w /usr/share/dirb/wordlists/common.txt
Looks like we have a few subdomains to check out and further enumerate if need be.
/.hta --> 403 (Forbidden)
/.htapasswd --> 403 (Forbidden)
/.htaccess --> 403 (Forbidden)
/assets --> 301
Nothing of note in this subdomain necessarily but will keep an eye on it.
Ran further enumeration on this subdomain but didn't find anything to note.
/index.html --> 200
Home page
/robots.txt --> 200
All we get back is Wubbalubbadubdub
Nothing on the source page.
Should check to see if this is a password.
If I can find a login page.
Holy shit, it was the password. For once in my life it was that easy.
/server-status --> 403 (Forbidden)
Run vhost unmeration:
gobuster vhost -u http://[Target_IP]:[Port]/ -w /usr/share/dirb/wordlists/common.txt
Not expecting anything here as I don't think this is running on a virtual host but figured I would check.
Nothing popped up.
Run subdomain scan looking for .php extensions:
gobuster dir -u http://10.10.72.153/ -w /usr/share/dirb/wordlists/common.txt -x php
Looks like I have a few more options:
/denied.php --> 200
Redirects to /login.php
Once logged in, this if you are not logged in as admin.
/login.php --> 200
/portal.php --> 302
Redirects to /login.php
Once logged in, this is the portal page.
