i have enumerated everyhtinh found so much…too much info…which way is the right way ? ftp server ?
** Spoilers removed - Arrexel **
look at what is in each directory and what esch file can contain. Remember developers arent the most security minded individuals
thanks man let me see
Everything you need is there. Enumerate and cross check all the information you can find.
Actually, I did the following but still no idea what should I go.
I used dirb and nikto and got few directories and I can see a folder contains many .php file however, php is not downloadable and some xml file is not really useful.
Furthermore, I do see some huge and mass javascript files. tried to look into detail but not much information found.
I also google the “ssh [version I found in nmap] exploit”, tried few script and not seems not vulnerable.
Maybe i overlooked some information and any hints are appreciated. thanks!
Since you’ve used dirb
you have found some directories that you can visit.
HINT: visit the directories - one of them contains interesting files…
@game0ver said:
Since you’ve useddirb
you have found some directories that you can visit.
HINT: visit the directories - one of them contains interesting files…
As @game0ver said, visit those directories… but WITH YOUR BROWSER.
After that, and with your enumerations, figure out where to use that info. Don’t overthink
Thanks for comment and finally, I got this machine root access.
Actually, I aware the file but I use textpad to open and it’s binary. Someone given me advise on how to extract some text inside then i see the light on. I can get the user access and then struggled a while for the root privilege to make it.
Thanks for Pentester720, he given valuable direction to me on this machine.
at last got the user hash password. Do I need to crack it to get the ssh?
wahahaha at last got the root. Thank you all for the tips almost gave up on this for several weeks already. These forum discussion really help a lot to solve the machine