80

Mapping

robots.txt:

.svn:

.DS_STORE

Directory Busting

gobuster dir -u ${ip} -w /usr/share/wordlists/dirb/common.txt -t 5

dirbuster

feroxbuster -u http://host.domain.tld:80/ -x php -C 404 -A --wordlist '/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt' -B --auto-tune

PHP

We can see login.php:

Now trying ': We have sql error

Now trying sql injection:

'OR '' = '

We get logged in

Then decoding it:

Now using this in port 9090