@s1gh any hints how did you got shell without any spoiler?
Is there any reason why gobuster wont find any pages?
i got ssh session trying lateral movement
@gudj4qu3r said:
@s1gh any hints how did you got shell without any spoiler?
Kinda hard giving a hint without spoiling. But continue enumerating.
You should be able to find an interesting page.
gobuster works just fine, you just have to search for the right thing.
Guys, after this machine is reset, please give it about 10-15 minutes for it to come back and be ready for your torture. Anything you do before that will be pointless and will just delay the boot time further.
where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?
(sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)
@Opaque said:
where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?(sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)
You can try “directory-list-2.3-medium.txt”.
@Opaque said:
where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?(sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)
You can get more here
I think you can install all that with “apt install seclists” as well if you don’t want to clone it from git
@s1gh said:
@Opaque said:
where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?(sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)
You can try “directory-list-2.3-medium.txt”.
@Rantrel said:
@Opaque said:
where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?(sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)
I think you can install all that with “apt install seclists” as well if you don’t want to clone it from git
Thank you both, i will look into this.
I don’t even see a user.txt so I assume I have to get from where I am to somewhere else before I can even get user? Is that right?
@s1gh said:
@Opaque said:
where are you guys getting your dict files from? I have used the /usr/share/wordlists/dirb/common.txt and /usr/share/wordlists/metasploit/namelist.txt with gobuster and only found a few things. is there a better dict that i can use?(sorry this is such a noob question, Im pretty new to this. i even had to look up gobuster because i hadnt heard of it before lol)
You can try “directory-list-2.3-medium.txt”.
is it worked for you?
when it comes to stock lists, common.txt
should be all you need.
Is the login page a rabbit hole? and should I be brute forcing it?
@codo said:
Is the login page a rabbit hole? and should I be brute forcing it?
Maybe and no. Continue your enumeration.
Tip: If you’re using gobuster enable the following file extensions:php,txt,html
with the -x
flag.
And as @0x29A said, common.txt
from seclists is enough
I have a shell. Does anyone have any hints for finding/getting to the user.txt?
Thx Skunkfoot and fjv, i got shell now
@fjv I actually tried it with the extensions + directory 2.3 medium. I will try again with common.txt