I am kind of stuck with this box. So far what I did, I did my enumerations and found that gitbucket running on 8080 and the directorys on 80:
the /manager and host-manager respond with 403. The issue in the gitbucket says that mutalauthentication should be disabled. So my assumption is that I have to somehow forge a client certificate sign it with the public key from the webserver and the certificate in my browser to make that mutalauthentication. After that I assume I would be able to access the /manager and /host-manager directorys.
But my problem is I don't find a way to find out which ciphers I need for creating the client certificate. I did
run the nmap ssl-enum-ciphers script and It gave me a list of ciphers but I guess that's not what I need. I appreciate any help.