Wall

Umm my full port scan is still running in the background, but I’m getting two open ports (usual ones :wink: ) and a couple of interesting pages including a login :wink: check your vpn maybe ?

ohh god vpn prob ? hahahaa alryte thnx dude

Oh dear, another box with a default apache home page. Not filled with hope.

there is a file through my dirb…but too odd…**.php is this valuable or something…just prints out a single number.hmm

yup

@Shad0wQu35t said:

there is a file through my dirb…but too odd…**.php is this valuable or something…just prints out a single number.hmm

Really? Dirb hasn’t found anything like that for me

@clubby789 i ran with the -X .php tag to find any php files…

yeah there is also an /mg and /s-ss pages but not much more hmm

Type your comment> @S1ph1lys said:

yeah there is also an /mg and /s-ss pages but not much more hmm

idk man my dirb didn’t show those stuff…nikto didn’t give me anything too

i tried several dictionaries before finding 2 files + protected folder…

How many wordlists/scanning tools are we going to need on this…

All the tools :slight_smile: I just hope it’s not a guess box

I found all of those pages with dirbuster and just the common word list… What word lists are you guys using?

I just switched, but was using dirbuster medium.txt

Gotcha, well I have a login page but I am not finding any good leads as to where to get creds, I’m with @S1ph1lys, I hope its not a guess box lol

Seems like a bruteGuess box…

+1 I hope its not a guess / brute box
no creds found

i also have two php pages **.php and *****.php along with a protected dir. Not able to find anything else

I guess I’ll have to try brute forcing when I get off work, connection is too ■■■■ here. What do you guys normally use when brute forcing this kind of authentication? I am pretty sure it is pretty easy through B.S. but I am curious if anyone else prefers another way, if you wanna PM me I am eager to learn!

You do not need to bruteforce to get past the wall.