InfoSec LAB

Caption_Portal

Created: 1 min read

Caption-Portal

During the manual enumeration, I have discovered that the margo user is running a Python application

margo@caption:~/app$ ll
total 24
drwxrwxr-x  4 margo margo 4096 Aug 30 10:17 ./
drwxr-x--- 12 margo margo 4096 Sep 15 17:30 ../
-rw-rw-r--  1 margo margo 4253 Aug 25 15:32 app.py
drwxr-xr-x  4 margo margo 4096 Aug 30 10:17 static/
drwxr-xr-x  2 margo margo 4096 Aug 30 10:17 templates/

The Caption-Portal web application is hosted from the /home/margo/app directory

margo@caption:~/app$ cat app.py | grep -i passw
        password = request.form['password']
        if username == 'margo' and password == 'vFr&cS2#0!':
        elif username == 'admin' and password == 'cFgjE@0%l0':

2 web credentials have been discovered in the app.py file;

  • margo:vFr&cS2#0!
  • admin:cFgjE@0%l0

While those 2 credential works on the web application on the target port 80, nothing notable found as this serves static pages

Interactive Graph View

Backlinks