diannaosec

  I started with the usual nmap scans and found several ports of interest. I decided to visit the website on port 80 as a Gobuster scan was being undertaken. There was nothing of real interest on the page being served, but when I looked at its source I found a comment which referred to a developer directory. I tried /dev and /note but they did not work. The Gobuster scan found /development. The obvious next place to go was the /development directory. I found two .txt files in there. They both contained useful information, but j.txt seemed to be the most useful for my next steps. The name J was now of interest, so I kept it in mind as I went about checking out the SMB services listening on ports 139 and 445. It would seem J stood for Jay and K for Kay. I created a file of possible usernames and then went about brute forcing accounts. I started with the auxiliary/scanner/smb/smb_login module in msfconsole, but this did not work. I then tried default credentials for Tomcat on port 80...