It also shows composer, which is a PHP package manager. In general I’d want to keep that in mind, though it won’t come into play for Meta.
The uploads directory is most interesting. Since it didn’t find /metaview, I’ll scan that one feroxbuster -u -x php This is a subset of the data that I get when I run exiftool on the same feroxbuster -u -x php If I give it a file, it returns some metadata about the file: The link goes to /metaview/, which is an app that returns metadata about an image: This is a very plain site, which lists “applications in development”: It finds some basic folders, as well as an Apache server-status page. 🏁 Press to use the Scan Management Menu™ 📖 Wordlist │ /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt I’ll add -hh 0 to hide responses with 0 characters, and run again. I’ll start it with no filtering, and see that the default response is 0 lines, 0 words, 0 characters.
Given the use of domain names, I’ll fuzz for subdomains using virtual host routing using wfuzz. nmap also identifies that the root is a redirect to artcorp.htb. Nmap done: 1 IP address (1 host up) scanned in 10.08 secondsīased on the OpenSSH version, the host is likely running Debian 10 buster. Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel
|_http-title: Did not follow redirect to
0 kommentar(er)
