THM Writeups

  CMesS link Enumeration Whilst we know we're dealing with a cms on this box, lets start off with a nmap scan anyway, just in case there's any other services exposed on the box that we may need to know about or access. And it doesn't look like there's anything else of interest here, we could run another scan and use -p1-55635 to scan through a bunch more ports than the common 1000 ports nmap uses by default, but I don't think we'll need to on this box. After loading up the website we can see a pretty basic interface, we can see there seems to be a default footer at the bottom that mentions 2017 so possibly we could be looking at an older version of gila cms. Lets run a gobuster scan on it and whilst we do that we can explore some of the website, try find a version for the cms and also maybe take a look to see if we can do anything with that search bar. Manually searching through the website doesn't really reveal anything of interest, so onto a gobuster scan....

  Watcher link Enumeration Starting off with a quick nmap scan we can see we have 3 ports open, 21(ftp), 22(ssh), 80(http), so first thing will be checking out the website and seeing what we have. Nothing too exciting here, most of the links seem to be broken on the page for some reason, the source code doesn't reveal much either, clicking on one of the images does redirect us though and creates a post request which could be worth looking at. Before looking further at the above query we might as well run a quick gobuster scan and see if we can dig up any hidden directories. Gobuster reveals some pretty standard stuff, always worth looking through though just incase there is any interesting contents in any of the directories, also worth looking at the pages css just incase there's any hidden comments in their that could be worthwhile. Starting with the robots.txt  we can see a couple of hidden txt files that certainly look worthwhile looking at, one being our first flag so lets...