Gloin - 5huckle/OFFICIALTECHJOURNAL GitHub Wiki
Recon Stage
Information about target
- IP: 10.0.5.31
- Website: https://10.0.5.31. Uses https instead of http
- I discovered this using a simple nmap scan of open ports and service info
- nmap -A -sV -oG openportsgloin.txt --open 10.0.5.31
- I discovered this using a simple nmap scan of open ports and service info
- Some hidden directories
- Operating System: Win64? Apache server however it says win64
- A juicy page
Gaining a foothold
- Attempting to use SQLi on the entrance page gave me access to the login successful page
- Hash of password
- SSH to login using the credentials
Traversing the System
Luckily, I did not need to elevate to root.