Gobuster

• Start basic subdomain enumeration scan:

  • gobuster dir -u http://10.10.72.153/ -w /usr/share/dirb/wordlists/common.txt

  • 
  • Looks like we have a few subdomains to check out and further enumerate if need be.

    • /.hta --> 403 (Forbidden)

    • /.htapasswd --> 403 (Forbidden)

    • /.htaccess --> 403 (Forbidden)

    • /assets --> 301

      • 
      • Nothing of note in this subdomain necessarily but will keep an eye on it.

      • Ran further enumeration on this subdomain but didn't find anything to note.

    • /index.html --> 200

      • Home page

    • /robots.txt --> 200

      • All we get back is Wubbalubbadubdub

      • Nothing on the source page.

      • Should check to see if this is a password.

        • If I can find a login page.

        • Holy shit, it was the password. For once in my life it was that easy.

    • /server-status --> 403 (Forbidden)

• Run vhost unmeration:

  • gobuster vhost -u http://[Target_IP]:[Port]/ -w /usr/share/dirb/wordlists/common.txt

  • Not expecting anything here as I don't think this is running on a virtual host but figured I would check.

  • Nothing popped up.

• Run subdomain scan looking for .php extensions:

  • gobuster dir -u http://10.10.72.153/ -w /usr/share/dirb/wordlists/common.txt -x php

  • 
  • Looks like I have a few more options:

    • /denied.php --> 200

      • Redirects to /login.php

      • Once logged in, this if you are not logged in as admin.

    • /login.php --> 200

      • 
      • 

    • /portal.php --> 302

      • Redirects to /login.php

      • Once logged in, this is the portal page.