cmoon

Activity

• 
  Dirks0n → cmoon

  Hi cmoon,

  I am kind of stuck with this box. So far what I did, I did my enumerations and found that gitbucket running on 8080 and the directorys on 80:

  admin/
  css/
  host-manager/html
  icon/
  images/
  js/
  manager/html
  shell/

  the /manager and host-manager respond with 403. The issue in the gitbucket says that mutalauthentication should be disabled. So my assumption is that I have to somehow forge a client certificate sign it with the public key from the webserver and the certificate in my browser to make that mutalauthentication. After that I assume I would be able to access the /manager and /host-manager directorys.

  But my problem is I don't find a way to find out which ciphers I need for creating the client certificate. I did
  run the nmap ssl-enum-ciphers script and It gave me a list of ciphers but I guess that's not what I need. I appreciate any help.

  July 21