This is happening whether you like it or not. :/data/documents/challenges/TryHackMe/Year_of_the_Rabbit/files/assets$ cat sup3r_s3cr3t_fl4g.php :/data/documents/challenges/TryHackMe/Year_of_the_Rabbit/files/assets$ ll Location: intermediary.php?hidden_directory=/WExYY2Cv-qU * Nice to see someone checking the stylesheets. The /assets directory contains styles.css which reveals a new page: /sup3r_s3cr3t_fl4g.php. $ /data/src/dirsearch/dirsearch.py -u -E -w /data/src/wordlists/Įxtensions: php, asp, aspx, jsp, js, html, do, action | HTTP method: get | Threads: 10 | Wordlist size: 220529Įrror Log: /data/src/dirsearch/logs/errors-20-05-18_17-52-10.logĬTRL+C detected: Pausing threads, please wait.xit / ontinue: e Let’s use dirsearch to discover hidden directories: Nmap done: 1 IP address (1 host up) scanned in 12.99 secondsģ ports are discovered (ftp, ssh, http). Service Info: OSs: Unix, Linux CPE: cpe:/o:linux:linux_kernel |_http-title: Apache2 Debian Default Page: It works
|_http-server-header: Apache/2.4.10 (Debian) (Please ensure your volume is turned up!)Ģ2/tcp open ssh OpenSSH 6.7p1 Debian 5 (protocol 2.0) Can you hack into the Year of the Rabbit box without falling down a hole?
0 kommentar(er)
