cmoon

About

Username
cmoon
Joined
Visits
476
Last Active
Roles
Member

Activity

  • Dirks0n

    Hi cmoon,

    I am kind of stuck with this box. So far what I did, I did my enumerations and found that gitbucket running on 8080 and the directorys on 80:

    admin/
    css/
    host-manager/html
    icon/
    images/
    js/
    manager/html
    shell/

    the /manager and host-manager respond with 403. The issue in the gitbucket says that mutalauthentication should be disabled. So my assumption is that I have to somehow forge a client certificate sign it with the public key from the webserver and the certificate in my browser to make that mutalauthentication. After that I assume I would be able to access the /manager and /host-manager directorys.

    But my problem is I don't find a way to find out which ciphers I need for creating the client certificate. I did
    run the nmap ssl-enum-ciphers script and It gave me a list of ciphers but I guess that's not what I need. I appreciate any help.

    July 21
Avatar

Howdy, Stranger!

Click here to create an account.