First Scanning:
i use both nmap and rustscan(if you don't known about rustscan its nmap -p- on steroids)
nmap -sC -sV --min-parallelsim 64 -oN nmap/nmapfile $target-ip
Checking if the website has any sub-domains
wfuzz -c -f sub-fighter -w wordlist.txt -u http://cmess.thm -H "Host :FUZZ.cmess.thm" -hw 290
Target: http://cmess.thm/
Total requests: 4997
==================================================================
ID Response Lines Word Chars Request
==================================================================
00019: C=200 30 L 104 W 934 Ch "dev"
Total time: 0
Processed Requests: 2990
Filtered Requests: 2989
Requests/sec.: 0
Used gobuster for hunting down secret directories but no luck:
Check out the subdomain some good suff there.
got into the CMS of the website:
Now the hint is find what CMS is the website is using and use searchsploit
+found local file inclusion
+go to exploit-db now you know where to go
Thats all for the initial hints if you really want to see the what i did goto my github page and enter the user flag don't bruteforce it.
https://gitlab.com/jdp1369/THM_CMesS.git
