all InfoSec news
THM: Gaining Access to the Library Server
April 13, 2024, 6:12 a.m. | 0xViKi
System Weakness - Medium systemweakness.com
THM Room Link: https://tryhackme.com/r/room/bsidesgtlibrary
Initial Reconnaissance
Nmap Scan:
sudo nmap -sV -sS -A <IP>
Open Ports
- 22/tcp: OpenSSH 7.2p2 Ubuntu 4ubuntu2.8
- 80/tcp: Apache httpd 2.4.18 (Ubuntu)
Gobuster:
gobuster dir -u http://<IP>/ -x php,txt -w /usr/share/wordlists/dirb/common.txt -t 50
No interesting directories were discovered, however, I found robots.txt which hints that I need to brute-force attack
Information Gathering
Hints Brute-Force AttackOn Inspection of the website closely, I found a potential username that could be the username for SSH which is open …
More from systemweakness.com / System Weakness - Medium
Web Pen testing Automation
1 day, 5 hours ago |
systemweakness.com
Advance XSS payload List
1 day, 5 hours ago |
systemweakness.com
Static Malware Analysis: Techniques & Challenges
1 day, 5 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Threat Analysis Engineer
@ Gen | IND - Tamil Nadu, Chennai
Head of Security
@ Hippocratic AI | Palo Alto
IT Security Vulnerability Management Specialist (15.10)
@ OCT Consulting, LLC | Washington, District of Columbia, United States
Security Engineer - Netskope/Proofpoint
@ Sainsbury's | Coventry, West Midlands, United Kingdom
Journeyman Cybersecurity Analyst
@ ISYS Technologies | Kirtland AFB, NM, United States