![]() ![]() js files (those are also loaded when /admin is visited) Rerunning gobuster with an extensive list of extensions with common.txt we get some. Negative Status codes: 404 User Agent: gobuster/3.1.0Ġ 13:00:30 Starting gobuster in directory enumeration mode Threads: 100 Wordlist: /usr/share/wordlists/dirb/common.txt └─# gobuster dir -u -w /usr/share/wordlists/dirb/common.txt -k -e -b 404 -t 100īy OJ Reeves ) & Christian Mehlmauer ) = Url: According to the box description, some students created a free password manager and we’re supposed to exploit it.ĭownloading the (.go) file, we get the source code of the application: Let’s continue exploring the application. ![]() Noice, the server looks custom, let’s search if there’s any public exploit for this version/release. Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel |_ Supported Methods: GET HEAD POST OPTIONS ![]() |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwiYH+1GSirMK5KY0d3m7Zfgsr/ff1CP6p14fPa7JORĨ0/tcp open http syn-ack ttl 60 Golang net/http server (Go-IPFS json-rpc or InfluxDB API ) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMyyGnzRvzTYZnN1N4EflyLfWvtDU0MN/L+O4GvqKqkwShe5DFEWeIMuzxjhE0AW+LH4uJUVdoC0985G圓z9zQU = | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLYC7Hj7oNzKiSsLVMdxw3VZFyoPeS/qKWID8x9IWY71z3FfPijiU7h9IPC+9C+kkHPiled/u3cVUVHHe7NS68fdN1+LipJxVRJ4o3IgiT8mZ7RPar6wpKVey6kubr8JAvZWLxIH6JNB16t66gjUt3AHVf2kmjn0y8cljJuWRCJRo9xpOjGtUtNJqSjJ8T0vGIxWTV/sWwAOZ0/TYQAqiBESX+GrLkXokkcBXlxj0NV+r5t+Oeu/QdKxh3x99T9VYnbgNPJdHX4YxCvaEwNQBwy46515eBYCE05TKA2rQP8VTZjrZAXh7aE0aICEnp6pow6KQUAZr/6vJtfsX+Amn3 The config file is expected to be at "/root/.rustscan.toml" Automatically increasing ulimit value to 5000.Ģ2/tcp open ssh syn-ack ttl 60 OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux protocol 2.0 ) ![]()
0 Comments
Leave a Reply. |