Froxlor
Froxlor is a lightweight, open-source server management software designed to simplify the administration of web hosting environments. It allows users to manage domains, FTP accounts, databases, and email services through a web-based interface. Froxlor is aimed at both individuals and hosting providers, offering flexibility and easy configuration for various server tasks.
The presence of a Froxlor instance was initially suspected during the manual system enumeration, and it was confirmed by PEAS at a later stage alongside PSPY
Tunneling
┌──(kali㉿kali)-[~/archive/htb/labs/sightless]
└─$ sshpass -p 'insaneclownposse' ssh michael@$IP -L 8888:127.0.0.1:8080 -N -fTunneling the target socket, 127.0.0.1:8080, to Kali’s port 8888
Web
Webroot
A login page
Authentication
Using the captured credential
Successfully authenticated
Customere
Checking the Customers section, there is a single entry
Clicking into the web1, it reveals more information
The web1 account appears to belong to the john user
FTP
There is also FTP section
It appears that the account can be used to authenticate to the FTP server.
I will attempt to edit the config
FTP Password Reset
I can reset the password here; Qwe1234