Crocodile Write-up - Nikola's Digital Garden

#readwise # Crocodile Write-up ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/media/reader/parsed_document_assets/281296675/uPUXjLSm17cCjkDFdLlptujwPNMJTh0RhVXb-QtmMJQ-cove_LYfveuv.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Crocodile Write-up - URL: https://readwise.io/reader/document_raw_content/281296675 ## Summary The Crocodile Write-up explains how to exploit vulnerabilities in a target's FTP server and website. It starts by scanning the target using nmap to find open ports and services. The author uses an anonymous FTP login to access files, which may contain usernames and passwords. Finally, the author finds an admin login page on the website and successfully logs in to gain control. ## Highlights Reading about the target is helpful, but only at a surface level. In order to gain more insight into the technology they have used to create their website and possibly find any associated vulnerabilities, we can use a handy browser plug-in called [Wappalyzer](https://www.wappalyzer.com/). This plug-in analyzes the web page's code and returns all the different technologies used to build it, such as the webserver type, JavaScript libraries, programming languages, and more. You can press the links below to add the plug-in to your browser of choice. ([View Highlight](https://read.readwise.io/read/01jp84v58nr79ya978rgs1qw0h)) ^08ckfy --- Referencing previous write-ups, there is mention of a different, more direct way of navigating any hidden or hardly accessible directories and pages, and that is through dir busting. Using gobuster as our tool of choice, we can use the following switches for the script to get the fastest, most accurate results. - `dir` : Uses directory/file enumeration mode. - `--url `: The target URL. - --wordlist : Path to the wordlist. - `-x php,html`: File extension(s) to search for. For the `-x` switch, we can specify php and html to filter out all the unnecessary clutter that does not interest us. PHP and HTML files will most commonly be pages. We might get lucky and find an administrative panel login page that could help us find leverage against the target in combination with the credentials we extracted from the FTP server. ^dovfqx ([View Highlight](https://read.readwise.io/read/01jp84xsxt7rqag046zqffk371)) ---