Walkthrough

Rick And Morty username: R1ckRul3s Found in Website Inspection. ssh - Not Required follow Burpsuite POST Method Gobuster Command gobuster dir -u http://$MACHINE_IP-w /root/Desktop/Tools/wordlists/dirbuster/directory-list-2.3-medium.txt $MACHINE_IP-x .php, .txt, .py .html, .js Result /login.php (Status: 200) /assets (Status: 301) /portal.php (Status: 302) /denied.php (Status: 302) /server-status (Status: 403) BurpSuite Login command POST /login.php HTTP/1.1 Host: $MACHINE_IP User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 54 Origin: http://$MACHINE_IP Connection: close Referer: http://$MACHINE_IP/login....

Default username: John Default Password: TwoCows2 NIKTO `Web Vulneribility Scanner` nikto -h target ip* i.e nikto -host url Findings Outdated Applications - Google common exploits for given Version Apache mod_ssl openssl mod_ssl vulnerable to a remote buffer overflow Little bit of Directory Busting DIRBUSTER Directory Busting / Finding Folders ALternatives: gobuster, dirb, ferox boster dirbuster& insert target url on Target URL section Check ‘Go Faster’ Check List based brute force Click browse, navigate to /usr/share/wordlists/dirbuster/ Select a list File extension: php,txt,zip choose the extension you want to look for Note: more extension more time START Tip: Dir Scan takes a while....

Default username: John Default Password: TwoCows2 Tips: Save your all Scans in text/image for future use Lets find our IP Start Virtual Machine ping 8.8.8.8 in your main OS terminal, this will give us ip of our target machine Now go to your main machine Kali run sudo arp-scan -l This will give us IP address - Mac Address and Vendor We are looking for our matching IP. or Azureware/VMware...