Hi, I struck on this machine, find uncommon web service port, but running version seems non-vulnerable, any hints for me to moving forward?
So I was able to find the personalized thing, did the OSINT, found a valid user but unable to login due to a restriction. I've enumerated the Web servers but I'm unable to find anywhere to use the OSINT information. Any nudge on the next step? My only thought was look for a particular type of vulnerability on the web servers in order to obtain the ticket needed to login.
struggling to find a way in, found the osint thing but cant get in to control panel, not sure what im missing.
I have even have done
for file in $(ls /usr/share/seclists/Discovery/Web-Content); do gobuster -u http://10.1.1.23:#####blog/ -w /usr/share/seclists/Discovery/Web-Content/$file -e -k -l -s "200,204,301,302,307" -t 20 ; done
in a desperate attempt to try to enumerate a directory im missing
as well as http://10.1.1.23:######