Web Enumeration

To solve the problem of the web enumeration section you have to use ( gobuster ) on the target IP that they give us:

❯ gobuster dir -u -w /usr/share/dirb/wordlists/common.txt

Gobuster v3.5
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)

/.hta--------------------- (Status: 403) [Size: 280]
/.htpasswd-------------(Status: 403) [Size: 280]
/.htaccess--------------(Status: 403) [Size: 280]
/index.php--------------(Status: 200) [Size: 990]
/robots.txt---------------(Status: 200) [Size: 45]
/server-status----------(Status: 403) [Size: 280]
Progress: 4614 / 4615 (99.98%)

2023/08/30 14:06:09 Finished

Next we place in the browser the IP with the access to the robots.txt file :

Will show us this : User-agent: * Disallow: /admin-login-page.php

Finally, it is enough to do a ( curl ) on the php file that we found previously : curl [ IP ]/admin-login-page.php, here the credentials will be displayed to log in to the php file that we found, when opening it from the browser it will show a login: [ IP ]/admin-login-page.php