Type your comment> @GPLO said:
I enumerated the vhosts and the error that gives some interesting information. I found all the easy/obvious stuff (I think!) but couldn’t really find anything to give me that foothold to user.After going at it for 2 nights (mostly enumerating with gobuster) without any leads, I decided to come here and check for a hint (feels bad!). I saw that there’s a b*k file to be found somewhere. I’m quite sure I would have never found this without a hint…
Now I’m sure I can find that file if I try long and hard enough but I’m more interested in learning the methodology/train of thought used to find this file first. Is there something that gives this away? Apart from the php error page mentioning a b****p directory? If someone who found this without taking any hints from others could please PM me how they did this I would very much appreciate it! I’d love to learn how to do this!
I also read this info here and finally got the file without getting exact information about the type of “bak”.
BUT
You can find this “bak” using a gobuster/dirbuster/dirb -like tool created one of my compatriots without seeing any hints/nudges/etc. If you find the GitHub page of the tool, you will see a screenshot in which you can spot the feature “Mangling” and its default value. That value contains an extension which you need to move on.
I never used that tool, but I plan to install and test it.