Skip to main content

Admin Portal

This site seems to allow users to login and register for new accounts. We will proceed to register for an account.

Admin portal

Meanwhile, we can perform dirbusting in the background using ffuf.

FFUF#


        /'___\  /'___\           /'___\       /\ \__/ /\ \__/  __  __  /\ \__/       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/         \ \_\   \ \_\  \ \____/  \ \_\          \/_/    \/_/   \/___/    \/_/
       v1.3.0________________________________________________
 :: Method           : GET :: URL              : http://10.10.10.228/portal/FUZZ :: Wordlist         : FUZZ: /usr/local/scripts/SecLists-master/Discovery/Web-Content/raft-small-words.txt :: Follow redirects : false :: Calibration      : false :: Timeout          : 10 :: Threads          : 40 :: Matcher          : Response status: 200,204,301,302,307,401,403,405________________________________________________
.htm                    [Status: 403, Size: 301, Words: 22, Lines: 10].html                   [Status: 403, Size: 301, Words: 22, Lines: 10]includes                [Status: 301, Size: 346, Words: 22, Lines: 10]uploads                 [Status: 301, Size: 345, Words: 22, Lines: 10]db                      [Status: 301, Size: 340, Words: 22, Lines: 10]assets                  [Status: 301, Size: 344, Words: 22, Lines: 10]php                     [Status: 301, Size: 341, Words: 22, Lines: 10].                       [Status: 302, Size: 0, Words: 1, Lines: 1].htaccess               [Status: 403, Size: 301, Words: 22, Lines: 10]Includes                [Status: 301, Size: 346, Words: 22, Lines: 10]Assets                  [Status: 301, Size: 344, Words: 22, Lines: 10]Uploads                 [Status: 301, Size: 345, Words: 22, Lines: 10]vendor                  [Status: 301, Size: 344, Words: 22, Lines: 10].htc                    [Status: 403, Size: 301, Words: 22, Lines: 10]DB                      [Status: 301, Size: 340, Words: 22, Lines: 10]PHP                     [Status: 301, Size: 341, Words: 22, Lines: 10].html_var_DE            [Status: 403, Size: 301, Words: 22, Lines: 10].htpasswd               [Status: 403, Size: 301, Words: 22, Lines: 10]con                     [Status: 403, Size: 301, Words: 22, Lines: 10].html.                  [Status: 403, Size: 301, Words: 22, Lines: 10].html.html              [Status: 403, Size: 301, Words: 22, Lines: 10].htpasswds              [Status: 403, Size: 301, Words: 22, Lines: 10]INCLUDES                [Status: 301, Size: 346, Words: 22, Lines: 10].htm.                   [Status: 403, Size: 301, Words: 22, Lines: 10].htmll                  [Status: 403, Size: 301, Words: 22, Lines: 10].html.old               [Status: 403, Size: 301, Words: 22, Lines: 10].html.bak               [Status: 403, Size: 301, Words: 22, Lines: 10].ht                     [Status: 403, Size: 301, Words: 22, Lines: 10].htm.htm                [Status: 403, Size: 301, Words: 22, Lines: 10]aux                     [Status: 403, Size: 301, Words: 22, Lines: 10]UPLOADS                 [Status: 301, Size: 345, Words: 22, Lines: 10].hta                    [Status: 403, Size: 301, Words: 22, Lines: 10].html1                  [Status: 403, Size: 301, Words: 22, Lines: 10].htgroup                [Status: 403, Size: 301, Words: 22, Lines: 10].html.LCK               [Status: 403, Size: 301, Words: 22, Lines: 10].html.printable         [Status: 403, Size: 301, Words: 22, Lines: 10]Vendor                  [Status: 301, Size: 344, Words: 22, Lines: 10]prn                     [Status: 403, Size: 301, Words: 22, Lines: 10].htm.LCK                [Status: 403, Size: 301, Words: 22, Lines: 10]ASSETS                  [Status: 301, Size: 344, Words: 22, Lines: 10]Php                     [Status: 301, Size: 341, Words: 22, Lines: 10].html.php               [Status: 403, Size: 301, Words: 22, Lines: 10].htx                    [Status: 403, Size: 301, Words: 22, Lines: 10].htaccess.bak           [Status: 403, Size: 301, Words: 22, Lines: 10].htmls                  [Status: 403, Size: 301, Words: 22, Lines: 10].htuser                 [Status: 403, Size: 301, Words: 22, Lines: 10].html-                  [Status: 403, Size: 301, Words: 22, Lines: 10].htlm                   [Status: 403, Size: 301, Words: 22, Lines: 10].htm2                   [Status: 403, Size: 301, Words: 22, Lines: 10]Db                      [Status: 301, Size: 340, Words: 22, Lines: 10]

Results#

Similarly, we can view the contents of the various directories.

More enumeration#

We are able to obtain information such as unfinished tasks and users information.

Tasks & Vulnerabilities#

Todos from admin

Users Exposed#

All available users

This seems to be it for a new user. Let me proceed back to the book search portal.