Bookworm
10.10.11.215
scan
1 | |
echo "10.10.11.215 bookworm.htb" >> /etc/hosts
web-enumeration
./gobuster.sh 148 ⨯ 3 ⚙
which url? http://bookworm.htb/
===============================================================
Gobuster v3.5
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://bookworm.htb/
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.5
[+] Expanded: true
[+] Timeout: 10s
===============================================================
2023/06/16 23:27:45 Starting gobuster in directory enumeration mode
===============================================================
http://bookworm.htb/login (Status: 200) [Size: 2040]
http://bookworm.htb/register (Status: 200) [Size: 3093]
http://bookworm.htb/profile (Status: 302) [Size: 28] [–> /login]
http://bookworm.htb/shop (Status: 200) [Size: 10778]
http://bookworm.htb/static (Status: 301) [Size: 179] [–> /static/]
http://bookworm.htb/Login (Status: 200) [Size: 2034]
http://bookworm.htb/logout (Status: 302) [Size: 23] [–> /]
http://bookworm.htb/basket (Status: 302) [Size: 28] [–> /login]
register a new account
qwfqwf / qwfqwf
http://bookworm.htb/profile
update avatar has a function to upload picture
file path: http://bookworm.htb/static/img/uploads/14
may be we could try upload a webshell.