Gobuster

  • Start basic subdomain enumeration scan:

    • gobuster dir -u http://10.10.72.153/ -w /usr/share/dirb/wordlists/common.txt

    • Looks like we have a few subdomains to check out and further enumerate if need be.

      • /.hta --> 403 (Forbidden)

      • /.htapasswd --> 403 (Forbidden)

      • /.htaccess --> 403 (Forbidden)

      • /assets --> 301

        • Nothing of note in this subdomain necessarily but will keep an eye on it.

        • Ran further enumeration on this subdomain but didn't find anything to note.

      • /index.html --> 200

        • Home page

      • /robots.txt --> 200

        • All we get back is Wubbalubbadubdub

        • Nothing on the source page.

        • Should check to see if this is a password.

          • If I can find a login page.

          • Holy shit, it was the password. For once in my life it was that easy.

      • /server-status --> 403 (Forbidden)

  • Run vhost unmeration:

    • gobuster vhost -u http://[Target_IP]:[Port]/ -w /usr/share/dirb/wordlists/common.txt

    • Not expecting anything here as I don't think this is running on a virtual host but figured I would check.

    • Nothing popped up.

  • Run subdomain scan looking for .php extensions:

    • gobuster dir -u http://10.10.72.153/ -w /usr/share/dirb/wordlists/common.txt -x php

    • Looks like I have a few more options:

      • /denied.php --> 200

        • Redirects to /login.php

        • Once logged in, this if you are not logged in as admin.

      • /login.php --> 200

      • /portal.php --> 302

        • Redirects to /login.php

        • Once logged in, this is the portal page.

PreviousInitial EnumerationNextOpen Port Vulnerability Check

Last updated