Hunit (WIP)
Nmap
Browsing to port 8080 takes us to a web page for haikus.
We can individually browse to each haiku.
Checking the source page for any haiku reveals a comment refer to API.
Running curl against the API reveals further information
Runnining curl against the user API directory reveals sensitive information regarding each user.
Compiling the passwords and login names of each provides us with a users and password list.
I then tried bruteforcing this with Hydra and was unable to get a result.
Inspecting our found information further we find that all the users are 'Editors' and David is a admin. The password associated with David is also greatly different from the rest. I then tried a manual login with SSH.
Valid credentials: dademola:ExplainSlowQuest110
Looking for other users in /home/ we see we have the Git user. Checking contents of the directory we also have a id_rsa key.
Last updated