3 :8000
http://192.168.246.62:8000/
{
"clients": [
"local",
"local_async",
"local_batch",
"local_subset",
"runner",
"runner_async",
"ssh",
"wheel",
"wheel_async"
],
"return": "Welcome"
}
$ gobuster dir -u http://192.168.246.62:8000/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt -t 80 --wildcard
===============================================================
/login (Status: 200) [Size: 43]
/events (Status: 401) [Size: 753]
/index (Status: 200) [Size: 146]
/jobs (Status: 401) [Size: 753]
/stats (Status: 401) [Size: 753]
/logout (Status: 500) [Size: 823]
/keys (Status: 401) [Size: 753]
http://192.168.246.62:8000/login
{
"status": null,
"return": "Please log in"
}
http://192.168.246.62:8000/events | http://192.168.246.62:8000/jobs | http://192.168.246.62:8000/stats | http://192.168.246.62:8000/keys
401 Unauthorized
Powered by CherryPy 5.6.0
# nikto
+ Uncommon header 'x-upstream' found, with contents: salt-api/3000-1
# Googling "salt-api/3000-1" shows exploits for Saltstack 3000.1
https://github.com/jasperla/CVE-2020-11651-poc
https://github.com/dozernz/cve-2020-11651Last updated