![]() It can be brute forced more easily than the web admin login to try to find creds, but this typically isn’t something done on HTB machines. Typically this is something I gloss over. | Found By: Direct Access (Aggressive Detection) I’ll give it my API which I got for free from the WPScan website, and let it wpscan -url -api-token $WPSCAN_API. There could be value in it, but typically there’s more value in the scan specific to the framework. Given the use of WordPress, I’ll tend to look at things like wpscan over a directory brute force. Looking in Burp at my request history, it’s pretty clear this site is running on WordPress: Script and image tags seem to be stripped out. But it doesn’t rule out a moderate seeing it. That’s a good indicator that none of the other players will see it. I’ll add that to my hosts file, and then the comment posts to the site, but says it’s awaiting moderation: ![]() If I leave something, it ends up redirecting to pressed.htb and failing there. There’s also a comment section at the bottom. The page itself is presenting a list of User Agent strings, and seem to be updating periodically as I hit the site: There’s a single post, and clicking on it leads to, which is an interesting URL because having folders after the. Like all the UHC boxes, the theme for the site is about the UHC event: Nmap done: 1 IP address (1 host up) scanned in 15.76 secondsīased on the and Apache versions, the host is likely running Ubuntu 20.04 focal. |_http-title: UHC Jan Finals – New Month, New Boxes |_http-server-header: Apache/2.4.41 (Ubuntu) Stats: 0:00:00 elapsed 0 hosts completed (0 up), 0 undergoing Script Pre-ScanĨ0/tcp open http Apache httpd 2.4.41 ((Ubuntu)) Nmap done: 1 IP address (1 host up) scanned in 13.60 nmap -p 80 -sCV -oA scans/nmap-tcpscripts 10.10.11.142
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |