🛡️ Cyber with KT Vault

02_Enumeration

1 min read

📂 Enumeration

1. FTP Enumeration / Exfiltration

Logging into the FTP server anonymously to retrieve the mentioned lists.

Steps:

  1. Connected via ftp 10.129.104.153.
  2. Logged in as anonymous with no password.
  3. Downloaded the following files:
    • allowed.userlist
    • allowed.userlist.passwd

2. Credential Analysis

Inspecting the exfiltrated files:

  • Users: aron, pwnmeow, egotisticalsw, admin
  • Passwords: root, Supersecretpassword1, @BaASD&9032123sADS, rKXM59ESxesUFHAd

3. Web Service Enumeration

Navigating to http://10.129.104.153 reveals a business template landing page with no obvious login fields.

Directory Bursting

I used dirsearch to find hidden directories and files.

Command:

dirsearch -u http://10.129.104.153/

Results: Discovered /login.php and /dashboard/.

Next Step

🔑 Next Step: Initial Access →

Graph View

Backlinks