2 :80

# adding to /etc/hosts
10.10.10.143 jarvis.htb logger.htb supersecurehotel.htb

http://jarvis.htb/
Stark Hotel Landing Page
# view source contains
supersecurehotel@logger.htb
supersecurehotel.htb

http://jarvis.htb/dining-bar.php
# menu items; nothing here

http://jarvis.htb/rooms-suites.php
# different types of room

http://jarvis.htb/room.php?cod=1
# info about a specific room, possibly SQLi ?

$ gobuster dir -u http://jarvis.htb -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt -t 80
===============================================================
/images               (Status: 301) [Size: 309] [--> http://jarvis.htb/images/]
/index.php            (Status: 200) [Size: 23628]
/nav.php              (Status: 200) [Size: 1333]
/footer.php           (Status: 200) [Size: 2237]
/css                  (Status: 301) [Size: 306] [--> http://jarvis.htb/css/]
/js                   (Status: 301) [Size: 305] [--> http://jarvis.htb/js/]
/fonts                (Status: 301) [Size: 308] [--> http://jarvis.htb/fonts/]
/phpmyadmin           (Status: 301) [Size: 313] [--> http://jarvis.htb/phpmyadmin/]
/connection.php       (Status: 200) [Size: 0]
/room.php             (Status: 302) [Size: 3024] [--> index.php]
/sass                 (Status: 301) [Size: 307] [--> http://jarvis.htb/sass/]
/server-status        (Status: 403) [Size: 298

http://jarvis.htb/sass/
# dir listing of js dependency files, nothing interesting.

http://jarvis.htb/phpmyadmin/
phpMyAdmin login page
# default creds not working
# access denied for root|admin (with password:YES)
# cant go forward here

http://jarvis.htb/room.php?cod=1
# info about a specific room, possibly SQLi ?

Last updated