http

Looking at page

At port 8080:

At port 113:

At port 113 we can see that there is FreeBSD identd.

FreeBSD's identd is a server that implements the IDENT user identification protocol. This protocol allows one system to prove its identity to another system over a network connection.

At port 10000:

This basic hellow world text.

Looking at hidden directory.

At Port 80:

302      GET        1l        5w      162c http://192.168.240.60:8080/issues/calendar => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fissues%2Fcalendar
302      GET        1l        5w      159c http://192.168.240.60:8080/issues/gantt => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fissues%2Fgantt
200      GET      182l      523w     7933c http://192.168.240.60:8080/search
200      GET      196l      471w     7312c http://192.168.240.60:8080/activity
404      GET       17l       51w      459c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
422      GET        0l        0w        0c http://192.168.240.60:8080/projects/autocomplete.js
302      GET        1l        5w       93c http://192.168.240.60:8080/logout => http://192.168.240.60:8080/
200      GET        7l      574w    27766c http://192.168.240.60:8080/stylesheets/jquery/jquery-ui-1.11.0.css
200      GET      136l      311w     5011c http://192.168.240.60:8080/login
302      GET        1l        5w      150c http://192.168.240.60:8080/admin => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fadmin
200      GET      860l     2032w    18168c http://192.168.240.60:8080/stylesheets/responsive.css
200      GET     1067l     2472w    30619c http://192.168.240.60:8080/javascripts/application.js
200      GET        2l      521w    32514c http://192.168.240.60:8080/javascripts/tribute-3.7.3.min.js
200      GET       83l      174w     2002c http://192.168.240.60:8080/javascripts/responsive.js
200      GET       27l       69w      622c http://192.168.240.60:8080/stylesheets/tribute-3.7.3.css
200      GET       35l      209w    10093c http://192.168.240.60:8080/favicon.ico
200      GET        1l        1w        2c http://192.168.240.60:8080/issues/auto_complete
200      GET       14l       24w      517c http://192.168.240.60:8080/news.atom
200      GET       14l       24w      529c http://192.168.240.60:8080/activity.atom
200      GET     1757l     6754w    67231c http://192.168.240.60:8080/stylesheets/application.css
200      GET      271l      686w    12258c http://192.168.240.60:8080/projects
200      GET      184l      523w     8530c http://192.168.240.60:8080/account/register
302      GET        1l        5w      150c http://192.168.240.60:8080/users => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fusers
200      GET      118l      404w     4230c http://192.168.240.60:8080/stylesheets/scm.css
200      GET      137l      339w     5361c http://192.168.240.60:8080/news
200      GET       24l     3549w   346651c http://192.168.240.60:8080/javascripts/jquery-2.2.4-ui-1.11.0-ujs-5.2.3.js
200      GET      126l      287w     4602c http://192.168.240.60:8080/
302      GET        1l        5w      157c http://192.168.240.60:8080/issues/new => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fissues%2Fnew
302      GET        1l        5w      147c http://192.168.240.60:8080/my => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fmy
200      GET        6l       21w     1131c http://192.168.240.60:8080/images/calendar.png
200      GET       14l       25w      536c http://192.168.240.60:8080/projects.atom
200      GET      350l     1041w    19698c http://192.168.240.60:8080/issues/
302      GET        1l        5w      151c http://192.168.240.60:8080/groups => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fgroups
302      GET        1l        5w      153c http://192.168.240.60:8080/settings => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fsettings
302      GET        1l        5w      159c http://192.168.240.60:8080/projects/new => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fprojects%2Fnew
200      GET        5l       10w      103c http://192.168.240.60:8080/robots
200      GET      256l      603w     7345c http://192.168.240.60:8080/javascripts/context_menu.js
200      GET       57l      234w     2300c http://192.168.240.60:8080/stylesheets/context_menu.css
200      GET        1l        1w       59c http://192.168.240.60:8080/issues.csv
200      GET       12l       23w      474c http://192.168.240.60:8080/issues/changes.atom
200      GET       14l       24w      523c http://192.168.240.60:8080/issues.atom
200      GET      395l     3332w   171531c http://192.168.240.60:8080/issues.pdf
200      GET      350l     1041w    19698c http://192.168.240.60:8080/issues
406      GET      124l      292w     4768c http://192.168.240.60:8080/queries
200      GET       19l       77w      648c http://192.168.240.60:8080/500
422      GET        0l        0w        0c http://192.168.240.60:8080/projects/autocomplete
400      GET       13l       24w      280c http://192.168.240.60:8080/[0-9]
400      GET       13l       24w      294c http://192.168.240.60:8080/projects/extension]
400      GET       13l       24w      287c http://192.168.240.60:8080/issues/[0-9]
400      GET       13l       24w      289c http://192.168.240.60:8080/projects/[0-9]
[####################] - 4m     90075/90075   0s      found:49      errors:63408
[####################] - 2m     30000/30000   243/s   http://192.168.240.60:8080/
[####################] - 3m     30000/30000   158/s   http://192.168.240.60:8080/issues/
[####################] - 4m     30000/30000   130/s   http://192.168.240.60:8080/projects/

At port 10000:

200      GET        1l        2w       12c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
[####################] - 2m     30000/30000   0s      found:0       errors:0
[####################] - 2m     30000/30000   206/s   http://192.168.240.60:10000/

Exploiting:

I tried to log in to page with the default password as admin:admin . Also I got login successcully.

As soon as I get login, I askes me to change the password. Let's change password to P@ssw0rd123!.

Got the first page as shown Below:

There is no project avaialble currently.

Also there is no activity record avaialble.

Click on Administrator and then on information. You will see that there is version-related information.

I found one exploit related to Redmine SCM arbitrary code execution.

Rapid7Rapid7

Not working.

PreviousPeppo [V. Hard]NextPostgreSQL

Last updated 12 months ago

Was this helpful?

302 GET 1l 5w 162c http://192.168.240.60:8080/issues/calendar => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fissues%2Fcalendar 302 GET 1l 5w 159c http://192.168.240.60:8080/issues/gantt => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fissues%2Fgantt 200 GET 182l 523w 7933c http://192.168.240.60:8080/search 200 GET 196l 471w 7312c http://192.168.240.60:8080/activity 404 GET 17l 51w 459c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter 422 GET 0l 0w 0c http://192.168.240.60:8080/projects/autocomplete.js 302 GET 1l 5w 93c http://192.168.240.60:8080/logout => http://192.168.240.60:8080/ 200 GET 7l 574w 27766c http://192.168.240.60:8080/stylesheets/jquery/jquery-ui-1.11.0.css 200 GET 136l 311w 5011c http://192.168.240.60:8080/login 302 GET 1l 5w 150c http://192.168.240.60:8080/admin => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fadmin 200 GET 860l 2032w 18168c http://192.168.240.60:8080/stylesheets/responsive.css 200 GET 1067l 2472w 30619c http://192.168.240.60:8080/javascripts/application.js 200 GET 2l 521w 32514c http://192.168.240.60:8080/javascripts/tribute-3.7.3.min.js 200 GET 83l 174w 2002c http://192.168.240.60:8080/javascripts/responsive.js 200 GET 27l 69w 622c http://192.168.240.60:8080/stylesheets/tribute-3.7.3.css 200 GET 35l 209w 10093c http://192.168.240.60:8080/favicon.ico 200 GET 1l 1w 2c http://192.168.240.60:8080/issues/auto_complete 200 GET 14l 24w 517c http://192.168.240.60:8080/news.atom 200 GET 14l 24w 529c http://192.168.240.60:8080/activity.atom 200 GET 1757l 6754w 67231c http://192.168.240.60:8080/stylesheets/application.css 200 GET 271l 686w 12258c http://192.168.240.60:8080/projects 200 GET 184l 523w 8530c http://192.168.240.60:8080/account/register 302 GET 1l 5w 150c http://192.168.240.60:8080/users => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fusers 200 GET 118l 404w 4230c http://192.168.240.60:8080/stylesheets/scm.css 200 GET 137l 339w 5361c http://192.168.240.60:8080/news 200 GET 24l 3549w 346651c http://192.168.240.60:8080/javascripts/jquery-2.2.4-ui-1.11.0-ujs-5.2.3.js 200 GET 126l 287w 4602c http://192.168.240.60:8080/ 302 GET 1l 5w 157c http://192.168.240.60:8080/issues/new => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fissues%2Fnew 302 GET 1l 5w 147c http://192.168.240.60:8080/my => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fmy 200 GET 6l 21w 1131c http://192.168.240.60:8080/images/calendar.png 200 GET 14l 25w 536c http://192.168.240.60:8080/projects.atom 200 GET 350l 1041w 19698c http://192.168.240.60:8080/issues/ 302 GET 1l 5w 151c http://192.168.240.60:8080/groups => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fgroups 302 GET 1l 5w 153c http://192.168.240.60:8080/settings => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fsettings 302 GET 1l 5w 159c http://192.168.240.60:8080/projects/new => http://192.168.240.60:8080/login?back_url=http%3A%2F%2F192.168.240.60%3A8080%2Fprojects%2Fnew 200 GET 5l 10w 103c http://192.168.240.60:8080/robots 200 GET 256l 603w 7345c http://192.168.240.60:8080/javascripts/context_menu.js 200 GET 57l 234w 2300c http://192.168.240.60:8080/stylesheets/context_menu.css 200 GET 1l 1w 59c http://192.168.240.60:8080/issues.csv 200 GET 12l 23w 474c http://192.168.240.60:8080/issues/changes.atom 200 GET 14l 24w 523c http://192.168.240.60:8080/issues.atom 200 GET 395l 3332w 171531c http://192.168.240.60:8080/issues.pdf 200 GET 350l 1041w 19698c http://192.168.240.60:8080/issues 406 GET 124l 292w 4768c http://192.168.240.60:8080/queries 200 GET 19l 77w 648c http://192.168.240.60:8080/500 422 GET 0l 0w 0c http://192.168.240.60:8080/projects/autocomplete 400 GET 13l 24w 280c http://192.168.240.60:8080/[0-9] 400 GET 13l 24w 294c http://192.168.240.60:8080/projects/extension] 400 GET 13l 24w 287c http://192.168.240.60:8080/issues/[0-9] 400 GET 13l 24w 289c http://192.168.240.60:8080/projects/[0-9] [####################] - 4m 90075/90075 0s found:49 errors:63408 [####################] - 2m 30000/30000 243/s http://192.168.240.60:8080/ [####################] - 3m 30000/30000 158/s http://192.168.240.60:8080/issues/ [####################] - 4m 30000/30000 130/s http://192.168.240.60:8080/projects/

hashtagLooking at page

hashtagAt port 8080:

hashtagAt port 113:

hashtagAt port 10000:

hashtagLooking at hidden directory.

hashtagAt Port 80:

hashtagAt port 10000:

hashtagExploiting:

Looking at page

At port 8080:

At port 113:

At port 10000:

Looking at hidden directory.

At Port 80:

At port 10000:

Exploiting: