Fuzzy
题目描述
We have gained access to some infrastructure which we believe is connected to the internal network of our target. We need you to help obtain the administrator password for the website they are currently developing.
流程
大致是说给我们一个内网入口,叫我们去获得管理员密码
登网站看一下
欢迎来到Acme的公司…XXX(看着就是简介)
上图肯定不会是管理员界面,用目录扫描工具扫一下有什么吧。
gohb@gohb:~/桌面$ gobuster dir -u http://docker.hackthebox.eu:30568/ -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
css,js这是拿来渲染界面的没啥用,/api 应该是什么接口之类的文件,扫一下下面有什么
gohb@gohb:~$ gobuster dir -u http://docker.hackthebox.eu:30568/api -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x php,txt,html,htm
index.html 估计是首页,看看action.php吧
进入action.php界面如下:
提示说参数未设置,估计是后面要跟什么参数吧,用wfuzz测一下
wfuzz --hh=24 -c -w /usr/share/dirb/wordlists/big.txt http://docker.hackthebox.eu:30568/api/action.php?FUZZ=testc
找到个reset,risorse(只有reset下面有东西),继续wfuzz
gohb@gohb:~/桌面$ wfuzz --hh=27 -c -w /usr/share/dirb/wordlists/big.txt http://docker.hackthebox.eu:30568/api/action.php?reset=FUZZ
扫到一个参数20和334,?reset=334
好像错了
?reset=20
成功