OpenAdmin

$ nmap -p- -T4 -A 10.10.10.171
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 4b:98:df:85:d1:7e:f0:3d:da:48:cd:bc:92:00:b7:54 (RSA)
|   256 dc:eb:3d:c9:44:d1:18:b1:22:b4:cf:de:bd:6c:7a:54 (ECDSA)
|_  256 dc:ad:ca:3c:11:31:5b:6f:e6:a4:89:34:7c:9b:e5:50 (ED25519)
80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
$ nikto -h http://10.10.10.171
+ Server: Apache/2.4.29 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Apache/2.4.29 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Server may leak inodes via ETags, header found with file /, inode: 2aa6, size: 597dbd5dcea8b, mtime: gzip
+ Allowed HTTP Methods: POST, OPTIONS, HEAD, GET 
+ OSVDB-3233: /icons/README: Apache default file found.
$ dirb http://10.10.10.171
---- Scanning URL: http://10.10.10.171/ ----
==> DIRECTORY: http://10.10.10.171/artwork/                                                                                                                                   
+ http://10.10.10.171/index.html (CODE:200|SIZE:10918)                                                                                                                        
==> DIRECTORY: http://10.10.10.171/music/                                                                                                                                     
+ http://10.10.10.171/server-status (CODE:403|SIZE:277)                                                                                                                       
                                                                                                                                                                              
---- Entering directory: http://10.10.10.171/artwork/ ----
==> DIRECTORY: http://10.10.10.171/artwork/css/                                                                                                                               
==> DIRECTORY: http://10.10.10.171/artwork/fonts/                                                                                                                             
==> DIRECTORY: http://10.10.10.171/artwork/images/                                                                                                                            
+ http://10.10.10.171/artwork/index.html (CODE:200|SIZE:14461)                                                                                                                
==> DIRECTORY: http://10.10.10.171/artwork/js/                                                                                                                                
                                                                                                                                                                              
---- Entering directory: http://10.10.10.171/music/ ----
==> DIRECTORY: http://10.10.10.171/music/css/                                                                                                                                  
==> DIRECTORY: http://10.10.10.171/music/img/                                                                                                                                  
+ http://10.10.10.171/music/index.html (CODE:200|SIZE:12554)                                                                                                                  
==> DIRECTORY: http://10.10.10.171/music/js/                                                                                                                                  
                                                                                                                                                                              
---- Entering directory: http://10.10.10.171/artwork/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                              
---- Entering directory: http://10.10.10.171/artwork/fonts/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                              
---- Entering directory: http://10.10.10.171/artwork/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                              
---- Entering directory: http://10.10.10.171/artwork/js/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                              
---- Entering directory: http://10.10.10.171/music/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                              
---- Entering directory: http://10.10.10.171/music/img/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                              
---- Entering directory: http://10.10.10.171/music/js/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
Dirbuster
$ ffuf -u http://10.10.10.171/FUZZ -w /usr/share/wordlists/dirb/common.txt -mc 200,204,301,302,307,401 -o results.txt
crawl.py
#!/usr/bin/python
import sys
import json
import requests
import argparse
from bs4 import BeautifulSoup

def results(file):
    content=open(file,'r').readlines()
    for line in content:
        data=json.loads(line.strip())
        urls=[]
        for url in data['results']:
            urls.append(url['url'])
        return urls

def crawl(url):
    r = requests.get(url)
    soup = BeautifulSoup(r.text,'lxml')
    links = soup.findAll('a',href=True)
    for link in links:
        link=link['href']
        if link and link!='#':
            print('[+] {} : {}'.format(url,link))

if __name__=="__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("file",help="ffuf results")
    args = parser.parse_args()
    urls=results(args.file)
    for url in urls:
        crawl(url)
$ python3 crawl.py results.txt 
OpenNetAdmin 18.1.1 RCE
http://10.10.10.171/ona/

Navigation