http://10.10.10.88/webservices/monstra-3.0.4/
homepage
# found admin page
http://10.10.10.88/webservices/monstra-3.0.4/admin/
# default creds admin:admin working
Looking at exploits https://www.exploit-db.com/exploits/48479
http://10.10.10.88/webservices/monstra-3.0.4/admin/index.php?id=filesmanager
file manager
# cant upload even a .txt,.png file
# probably a rabbit hole
# db file path:
http://10.10.10.88/webservices/monstra-3.0.4/storage/database/users.table.xml
<users>
<id>1</id>
<uid>af45a48ed8</uid>
<password>5d1e3697d706b0e24e574b56e79affda</password>
<hash>jB64OpMOWGxq</hash>
<date_registered>1519235295</date_registered>
<login>admin</login>
<firstname/>
<lastname/>
<email>test@test.local</email>
<skype/>
<twitter/>
<about_me>I like falafel with tartar sauce.</about_me>
<role>admin</role>
</users>