5 web > shaun
# as web has adm group, we can see /var/logs
# exploring /var/logs/apache, we see file backup
web@doctor:/var/log/apache2$ cat backup | grep POST
10.10.14.4 - - [05/Sep/2020:11:09:49 +0200] "POST / HTTP/1.1" 200 11192 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
10.10.14.4 - - [05/Sep/2020:11:10:28 +0200] "POST /sdk HTTP/1.1" 404 453 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
10.10.14.4 - - [05/Sep/2020:11:10:28 +0200] "POST / HTTP/1.1" 200 11192 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
10.10.14.4 - - [05/Sep/2020:11:17:24 +0200] "POST /register HTTP/1.1" 302 676 "http://doctor.htb/register" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
10.10.14.4 - - [05/Sep/2020:11:17:34 +2000] "POST /reset_password?email=Guitar123" 500 453 "http://doctor.htb/reset_password"
10.10.14.4 - - [05/Sep/2020:11:17:34 +0200] "POST /login HTTP/1.1" 302 732 "http://doctor.htb/login" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
10.10.14.4 - - [05/Sep/2020:11:17:43 +0200] "POST /post/new HTTP/1.1" 302 797 "http://doctor.htb/post/new" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
Looks like password
web@doctor:/home/web/k$ su shaun
Password: Guitar123
shaun@doctor:/home/web/k$ whoami;id
shaun
uid=1002(shaun) gid=1002(shaun) groups=1002(shaun)
Last updated