Mustacchio

Mustacchio Walkthrough

Welcome to the room, it's my first write up but hopefully this can be helpful to someone that's struggling!

Let's start with some basic enummeration. nmap -sV -p- T4 24/06/2023 14:3110.10.201.205 -vv -O scan.txt Great!

We have 3 open ports 22, 80 and 8765, let's visit the website and poke around.

At this point it's also a good idea to look for other directories on the site that might not be obviously with some sort of fuzzer like gobuster gobuster dir -u 10.10.15.84 -w /usr/share/wordlists/dirb/common.txt

Hmm we have two potential pages, robots.txt and custom let's try robots.txt It's got nothing a dead end...

Ok onto custom

users.bak sounds interesting let's try and open it!

We need to first figure out what it is so we run file users.bak

Great it looks like a database backup, lets try and open it with SQLite3

Looks like a login!

Let's try that port we found earlier out and see if there's a login page