netdiscover
192.168.0.15
rustscan
Only the port 80 is open
Port 80
Apache/2.4.18
First flag
view-source:http://192.168.0.15/contact.php
flag1{YWxsdGhlZmlsZXM=}
allthefiles
second flag
ZmxhZzJ7YVcxbVlXUnRhVzVwYzNSeVlYUnZjZz09fQ==Flag2:
echo "ZmxhZzJ7YVcxbVlXUnRhVzVwYzNSeVlYUnZjZz09fQ==" | base64 --decode
flag2{aW1mYWRtaW5pc3RyYXRvcg==}
echo "aW1mYWRtaW5pc3RyYXRvcg==" | base64 --decode
imfadministratorLogin page
http://192.168.0.15/imfadministrator/
Roger is a user.
The password is hard coded in the cookie.
If I delete it he recreate an another cookie.
So, I have to create my own cookie.
The password may be good, but we also need the username.
