👩‍🏫InsanityHosting

nmap 192.168.189.124

rustscan -a 192.168.189.124 --ulimit 5000

nmap -p 21,22,80 -sC -sV -A- -o nmapscripts.txt 192.168.189.124

ftp 192.168.189.124

Port 80 Enumeration

will search for exploit popper

Popper 1.41-r2 - 'form' Remote File InclusionExploit Database

dirsearch -u http://192.168.189.124/ -e php,txt,html -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

/data -> http://192.168.189.124/data/ /img -> http://192.168.189.124/img/ /news -> http://192.168.189.124/news/

/css -> http://192.168.189.124/css/ /js -> http://192.168.189.124/js/ /webmail -> http://192.168.189.124/webmail/ /fonts -> http://192.168.189.124/fonts/ /monitoring -> http://192.168.189.124/monitoring/ [12:07:15] 200 - 57B - /licence /phpmyadmin -> http://192.168.189.124/phpmyadmin/

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://192.168.189.124/FUZZ -fl 480

data news css img js webmail fonts monitoring

licence

phpmyadmin

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://192.168.189.124/

wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt --hc 404 http://192.168.189.124/FUZZ

===================================================================== ID Response Lines Word Chars Payload

000000009: 301 7 L 20 W 234 Ch "js" 000000015: 301 7 L 20 W 235 Ch "css" 000000045: 301 7 L 20 W 235 Ch "img" 000000067: 301 7 L 20 W 236 Ch "news" 000000059: 301 7 L 20 W 236 Ch "data" 000000276: 301 7 L 20 W 237 Ch "fonts" 000000299: 301 7 L 20 W 239 Ch "webmail" 000000300: 301 7 L 20 W 242 Ch "phpmyadmin" 000001877: 301 7 L 20 W 242 Ch "monitoring" 000002402: 200 1 L 10 W 57 Ch "licence" 000004255: 200 479 L 1477 W 22263 Ch "http://192.168.189.124/" 000030014: 200 479 L 1477 W 22263 Ch "http://192.168.189.124/" 000059104: 200 479 L 1477 W 22263 Ch "http://192.168.189.124/"

browse the directories

need to add the host files also

SquirrelMail < 1.4.22 - Remote Code ExecutionExploit Database