Web
Nmap [[BitForge_Recon#|discovered]] a Web server on the target port 80
The running service is
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge]
└─$ curl -I -X OPTIONS http://$IP/
HTTP/1.1 302 Found
Date: Sat, 12 Apr 2025 14:36:59 GMT
Server: Apache
Location: http://bitforge.lab/
Content-Length: 0
Content-Type: text/html; charset=UTF-8
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge]
└─$ curl -I http://$IP/
HTTP/1.1 302 Found
Date: Sat, 12 Apr 2025 14:37:01 GMT
Server: Apache
Location: http://bitforge.lab/
Content-Type: text/html; charset=UTF-8302 to a domain; bitforge.lab
/Practice/BitForge/2-Enumeration/attachments/{DEF5143E-A3A5-4D5B-9BD4-F5D048CE33B1}.png)
The domain information has been appended to the /etc/hosts file on Kali for local DNS resolution
/Practice/BitForge/2-Enumeration/attachments/{486E6241-173B-40FB-8CB8-0FB5902BA3A4}.png)
Webroot
/Practice/BitForge/2-Enumeration/attachments/{6CC6FE94-322B-4590-B1AB-978CD7064467}.png)
Checking the source code reveals that there is a login page at the /login.php endpoint and a virtual host / sub-domain; plan.bitforge.lab
/login.php
/Practice/BitForge/2-Enumeration/attachments/{2079E223-C8FB-486B-BBCE-F01BFA6E80E4}.png)
/Practice/BitForge/2-Enumeration/attachments/{44556A3C-2E1D-49DB-9A64-B722A75BA18E}.png)
The login.php file appears to be a dummy file as it doesn’t function properly
N/A
Fuzzing
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u http://$IP/FUZZ -ic -e .html,.txt,.php -fc 403
________________________________________________
:: Method : GET
:: URL : http://192.168.196.186/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
:: Extensions : .html .txt .php
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response status: 403
________________________________________________
.git [Status: 301, Size: 236, Words: 14, Lines: 8, Duration: 26ms]
index.php [Status: 302, Size: 0, Words: 1, Lines: 1, Duration: 20ms]
login.php [Status: 200, Size: 5440, Words: 1071, Lines: 135, Duration: 21ms]
static [Status: 301, Size: 238, Words: 14, Lines: 8, Duration: 20ms]
:: Progress: [81912/81912] :: Job [1/1] :: 1904 req/sec :: Duration: [0:00:48] :: Errors: 0 ::
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt -u http://$IP/FUZZ/ -ic
________________________________________________
:: Method : GET
:: URL : http://192.168.196.186/FUZZ/
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
[Status: 302, Size: 0, Words: 1, Lines: 1, Duration: 27ms]
icons [Status: 403, Size: 199, Words: 14, Lines: 8, Duration: 26ms]
static [Status: 200, Size: 1050, Words: 70, Lines: 17, Duration: 23ms]
server-status [Status: 403, Size: 199, Words: 14, Lines: 8, Duration: 19ms]
:: Progress: [207630/207630] :: Job [1/1] :: 1481 req/sec :: Duration: [0:02:00] :: Errors: 0 ::.git
.git
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge]
└─$ git-dumper http://bitforge.lab/.git ./git
[-] Testing http://bitforge.lab/.git/HEAD [200]
[-] Testing http://bitforge.lab/.git/ [200]
[-] Fetching .git recursively
[-] Fetching http://bitforge.lab/.git/ [200]
[-] Fetching http://bitforge.lab/.gitignore [404]
[-] http://bitforge.lab/.gitignore responded with status code 404
[-] Fetching http://bitforge.lab/.git/objects/ [200]
[-] Fetching http://bitforge.lab/.git/HEAD [200]
[-] Fetching http://bitforge.lab/.git/COMMIT_EDITMSG [200]
[-] Fetching http://bitforge.lab/.git/description [200]
[-] Fetching http://bitforge.lab/.git/branches/ [200]
[-] Fetching http://bitforge.lab/.git/config [200]
[-] Fetching http://bitforge.lab/.git/logs/ [200]
[-] Fetching http://bitforge.lab/.git/info/ [200]
[-] Fetching http://bitforge.lab/.git/hooks/ [200]
[-] Fetching http://bitforge.lab/.git/refs/ [200]
[-] Fetching http://bitforge.lab/.git/objects/00/ [200]
[-] Fetching http://bitforge.lab/.git/objects/18/ [200]
[-] Fetching http://bitforge.lab/.git/objects/1c/ [200]
[-] Fetching http://bitforge.lab/.git/objects/73/ [200]
[-] Fetching http://bitforge.lab/.git/objects/30/ [200]
[-] Fetching http://bitforge.lab/.git/objects/c1/ [200]
[-] Fetching http://bitforge.lab/.git/objects/c3/ [200]
[-] Fetching http://bitforge.lab/.git/objects/e6/ [200]
[-] Fetching http://bitforge.lab/.git/objects/d7/ [200]
[-] Fetching http://bitforge.lab/.git/objects/ea/ [200]
[-] Fetching http://bitforge.lab/.git/objects/f4/ [200]
[-] Fetching http://bitforge.lab/.git/info/exclude [200]
[-] Fetching http://bitforge.lab/.git/objects/info/ [200]
[-] Fetching http://bitforge.lab/.git/objects/pack/ [200]
[-] Fetching http://bitforge.lab/.git/logs/HEAD [200]
[-] Fetching http://bitforge.lab/.git/logs/refs/ [200]
[-] Fetching http://bitforge.lab/.git/hooks/applypatch-msg.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/commit-msg.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/fsmonitor-watchman.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/post-update.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/pre-applypatch.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/pre-push.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/pre-merge-commit.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/pre-commit.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/pre-rebase.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/pre-receive.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/prepare-commit-msg.sample [200]
[-] Fetching http://bitforge.lab/.git/hooks/push-to-checkout.sample [200]
[-] Fetching http://bitforge.lab/.git/refs/heads/ [200]
[-] Fetching http://bitforge.lab/.git/hooks/update.sample [200]
[-] Fetching http://bitforge.lab/.git/refs/tags/ [200]
[-] Fetching http://bitforge.lab/.git/objects/18/833b811e967ab8bec631344a6809aa4af59480 [200]
[-] Fetching http://bitforge.lab/.git/objects/30/db4b417dfe5ee173820f8fc66de3955d43080a [200]
[-] Fetching http://bitforge.lab/.git/objects/1c/e700a508aec3d5e4d4aa1b128a662f2c85f5ad [200]
[-] Fetching http://bitforge.lab/.git/objects/73/6aa9abed880f8f8f2495c00a497c13f3acc593 [200]
[-] Fetching http://bitforge.lab/.git/objects/00/e275f0312b12c2cff58aad73d04031fdc81672 [200]
[-] Fetching http://bitforge.lab/.git/objects/c3/4ab8d157d8c6466c8c321034b4d1863941fa38 [200]
[-] Fetching http://bitforge.lab/.git/objects/c1/d2b964d494b941768e48e5ec662c225fb7de71 [200]
[-] Fetching http://bitforge.lab/.git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391 [200]
[-] Fetching http://bitforge.lab/.git/objects/d7/8466e1ab69dbdd943503e192070450b4787be5 [200]
[-] Fetching http://bitforge.lab/.git/objects/f4/f6de69896baa2ecbb1084e604be81343833bfa [200]
[-] Fetching http://bitforge.lab/.git/objects/ea/f6c81951775e4202e40762b3300cc936cf4df1 [200]
[-] Fetching http://bitforge.lab/.git/logs/refs/heads/ [200]
[-] Fetching http://bitforge.lab/.git/refs/heads/main [200]
[-] Fetching http://bitforge.lab/.git/logs/refs/heads/main [200]
[-] Fetching http://bitforge.lab/.git/index [200]
[-] Sanitizing .git/config
[-] Running git checkout .
Updated 3 paths from the indexDumping the .git directory with git-dumper
Log
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge/git]
└─$ git log
commit 1ce700a508aec3d5e4d4aa1b128a662f2c85f5ad (HEAD -> main)
Author: McSam Ardayfio <mcsam@bitforge.lab>
Date: Mon Dec 16 16:44:48 2024 +0000
created .env to store the database configuration
commit eaf6c81951775e4202e40762b3300cc936cf4df1
Author: McSam Ardayfio <mcsam@bitforge.lab>
Date: Mon Dec 16 16:44:05 2024 +0000
removing db-config due to hard coded credentials
commit 18833b811e967ab8bec631344a6809aa4af59480
Author: McSam Ardayfio <mcsam@bitforge.lab>
Date: Mon Dec 16 16:43:08 2024 +0000
added the database configuration
commit f4f6de69896baa2ecbb1084e604be81343833bfa
Author: McSam Ardayfio <mcsam@bitforge.lab>
Date: Mon Dec 16 16:41:54 2024 +0000
setting up login and index page for the BitForge website4 commits were made
username disclosed; mcsam
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge/git]
└─$ git log -p
commit 1ce700a508aec3d5e4d4aa1b128a662f2c85f5ad (HEAD -> main)
Author: McSam Ardayfio <mcsam@bitforge.lab>
Date: Mon Dec 16 16:44:48 2024 +0000
created .env to store the database configuration
diff --git a/.env b/.env
new file mode 100644
index 0000000..e69de29
commit eaf6c81951775e4202e40762b3300cc936cf4df1
Author: McSam Ardayfio <mcsam@bitforge.lab>
Date: Mon Dec 16 16:44:05 2024 +0000
removing db-config due to hard coded credentials
diff --git a/db-config.php b/db-config.php
deleted file mode 100644
index c1d2b96..0000000
--- a/db-config.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<?php
-// Database configuration
-$dbHost = 'localhost'; // Change if your database is hosted elsewhere
-$dbName = 'bitforge_customer_db';
-$username = 'BitForgeAdmin';
-$password = 'B1tForG3S0ftw4r3S0lutions';
-
-try {
- $dsn = "mysql:host=$dbHost;dbname=$dbName;charset=utf8mb4";
- $pdo = new PDO($dsn, $username, $password);
-
- $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-
- echo "Connected successfully to the database!";
-} catch (PDOException $e) {
- echo "Connection failed: " . $e->getMessage();
-}
-?>
-
commit 18833b811e967ab8bec631344a6809aa4af59480
Author: McSam Ardayfio <mcsam@bitforge.lab>
Date: Mon Dec 16 16:43:08 2024 +0000
added the database configuration
diff --git a/db-config.php b/db-config.php
new file mode 100644
index 0000000..c1d2b96
--- /dev/null
+++ b/db-config.php
@@ -0,0 +1,19 @@
+<?php
+// Database configuration
+$dbHost = 'localhost'; // Change if your database is hosted elsewhere
+$dbName = 'bitforge_customer_db';
+$username = 'BitForgeAdmin';
+$password = 'B1tForG3S0ftw4r3S0lutions';
+
+try {
+ $dsn = "mysql:host=$dbHost;dbname=$dbName;charset=utf8mb4";
+ $pdo = new PDO($dsn, $username, $password);
+
+ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+ echo "Connected successfully to the database!";
+} catch (PDOException $e) {
+ echo "Connection failed: " . $e->getMessage();
+}
+?>
+
commit f4f6de69896baa2ecbb1084e604be81343833bfa
Author: McSam Ardayfio <mcsam@bitforge.lab>
Date: Mon Dec 16 16:41:54 2024 +0000
setting up login and index page for the BitForge website
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..c34ab8d
--- /dev/null
+++ b/index.php
@@ -0,0 +1,228 @@
+<?php
+$desiredHost = 'bitforge.lab';
+$currentHost = $_SERVER['HTTP_HOST'];
+
+if ($currentHost !== $desiredHost) {
+
+ header("Location: http://$desiredHost" . $_SERVER['REQUEST_URI']);
+ exit();
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<!-- basic -->
+<meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<!-- mobile metas -->
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<meta name="viewport" content="initial-scale=1, maximum-scale=1">
+<!-- site metas -->
+<title>BitForge Solutions</title>
+<meta name="keywords" content="">
+<meta name="description" content="">
+<meta name="author" content="">
+<!-- bootstrap css -->
+<link rel="stylesheet" type="text/css" href="static/css/bootstrap.min.css">
+<!-- style css -->
+<link rel="stylesheet" type="text/css" href="static/css/style.css">
+<!-- Responsive-->
+<link rel="stylesheet" href="static/css/responsive.css">
+<!-- fevicon -->
+<link rel="icon" href="static/images/fevicon.png" type="image/gif" />
+<!-- Scrollbar Custom CSS -->
+<link rel="stylesheet" href="static/css/jquery.mCustomScrollbar.min.css">
+<!-- Tweaks for older IEs-->
+<link rel="stylesheet" href="https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css">
+<!-- owl stylesheets -->
+<link rel="stylesheet" href="static/css/owl.carousel.min.css">
+<link rel="stylesoeet" href="static/css/owl.theme.default.min.css">
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css" media="screen">
+
+</head>
+<body>
+ <!-- header section start-->
+ <nav class="navbar navbar-expand-lg navbar-light bg-light">
+ <a class="logo" href="#"><img src="static/images/logo.webp"></a>
+ <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+ <div class="collapse navbar-collapse" id="navbarNav">
+ <ul class="navbar-nav">
+ <li class="nav-item">
+ <a class="nav-link" href="index.php">HOME</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="#">SEARCH JOBS</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="http://plan.bitforge.lab">EMPLOYEE PLANNING PORTAL</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="#">MORE</a>
+ </li>
+ </ul>
+ </div>
+ <div class="login_text"><a href="login.php">LOGIN HERE</a></div>
+ </nav>
+
+
+<!-- Banner Section Start -->
+<div class="banner_section layout_padding">
+ <div class="container">
+ <h1 class="best_taital">Welcome to BitForge Solutions <br>Innovative Software, Tailored for You</h1>
+ <div class="box_main">
+ <input type="text" class="email_bt" placeholder="Search for software solutions..." name="search">
+ <button class="subscribe_bt">Search</button>
+ </div>
+ <p class="there_text">
+ At BitForge Solutions, we create custom software solutions designed to meet the unique needs of businesses across industries. Explore how we can transform your ideas into cutting-edge technology.
+ </p>
+ <div class="bt_main">
+ <div class="discover_bt"><a href="#services">Discover Our Services</a></div>
+ </div>
+ </div>
+</div>
+<!-- Banner Section End -->
+
+<!-- Marketing Section Start -->
+<div class="marketing_section layout_padding">
+ <div class="container-fluid">
+ <div class="row">
+ <div class="col-md-6">
+ <div class="job_section">
+ <h1 class="jobs_text">Marketing Solutions</h1>
+ <p class="dummy_text">
+ Empower your brand with our marketing technology solutions. From analytics to campaign automation, BitForge equips you with tools to amplify your reach and engagement.
+ </p>
+ <div class="apply_bt"><a href="#contact">Get Started</a></div>
+ </div>
+ </div>
+ <div class="col-md-6">
+ <div class="image_1 padding_0"><img src="static/images/img-1.png" alt="Marketing Solutions"></div>
+ </div>
+ </div>
+ </div>
+</div>
+<!-- Marketing Section End -->
+
+<!-- Industrial Section Start -->
+<div class="marketing_section layout_padding">
+ <div class="container-fluid">
+ <div class="row">
+ <div class="col-md-6">
+ <div class="image_1 padding_0"><img src="static/images/img-2.png" alt="Industrial Solutions"></div>
+ </div>
+ <div class="col-md-6">
+ <div class="job_section_2">
+ <h1 class="jobs_text">Industrial Automation</h1>
+ <p class="dummy_text">
+ Revolutionize your processes with industrial automation software. BitForge builds smart, scalable solutions to optimize workflows, reduce costs, and enhance productivity.
+ </p>
+ <div class="apply_bt"><a href="#contact">Learn More</a></div>
+ </div>
+ </div>
+ </div>
+ </div>
+</div>
+<!-- Industrial Section End -->
+
+<!-- Corporate Section Start -->
+<div class="marketing_section layout_padding">
+ <div class="container-fluid">
+ <div class="row">
+ <div class="col-md-6">
+ <div class="job_section">
+ <h1 class="jobs_text">Corporate Applications</h1>
+ <p class="dummy_text">
+ Drive efficiency with our corporate software solutions. BitForge delivers enterprise-grade applications that streamline operations and foster collaboration.
+ </p>
+ <div class="apply_bt"><a href="#contact">Discover More</a></div>
+ </div>
+ </div>
+ <div class="col-md-6 padding_0">
+ <div class="image_1"><img src="static/images/img-3.png" alt="Corporate Solutions"></div>
+ </div>
+ </div>
+ </div>
+</div>
+<!-- Corporate Section End -->
+
+<!-- Government Section Start -->
+<div class="marketing_section layout_padding">
+ <div class="container-fluid">
+ <div class="row">
+ <div class="col-md-6 padding_0">
+ <div class="image_1"><img src="static/images/img-4.png" alt="Government Projects"></div>
+ </div>
+ <div class="col-md-6">
+ <div class="job_section_2">
+ <h1 class="jobs_text">Government Projects</h1>
+ <p class="dummy_text">
+ Collaborate with BitForge on secure, scalable software solutions for public sector needs. We specialize in delivering reliable systems that empower governments to serve communities better.
+ </p>
+ <div class="apply_bt"><a href="#contact">Partner With Us</a></div>
+ </div>
+ </div>
+ </div>
+ </div>
+</div>
+<!-- Government Section End -->
+
+<!-- Footer Section Start -->
+<div class="footer_section layout_padding">
+ <div class="container">
+ <h1 class="subscribr_text">Stay Ahead With BitForge</h1>
+ <p class="lorem_text">
+ Subscribe to our newsletter for updates on the latest trends, solutions, and innovations from BitForge Solutions.
+ </p>
+ <div class="box_main_2">
+ <textarea type="text" class="email_bt_2" placeholder="Enter Your Email" name="email"></textarea>
+ </div>
+ <button class="subscribe_bt_2">Subscribe</button>
+ </div>
+</div>
+<!-- Footer Section End -->
+
+ <!-- footer section end-->
+ <!-- copyright section start-->
+ <div class="copyright_section">
+ <div class="container">
+ <div class="row">
+ <div class="col-md-6">
+ <p class="copyright_text">Copyright 2020 All Right Reserved By.<a href="https://html.design"> Free html Templates</a></p>
+ </div>
+ <div class="col-md-6">
+ <p class="cookies_text">Cookies, Privacy and Terms</p>
+ </div>
+ </div>
+ </div>
+ </div>
+ <!-- copyright section end-->
+
+
+ <!-- Javascript files-->
+ <script src="js/jquery.min.js"></script>
+ <script src="js/popper.min.js"></script>
+ <script src="js/bootstrap.bundle.min.js"></script>
+ <script src="js/jquery-3.0.0.min.js"></script>
+ <script src="js/plugin.js"></script>
+ <!-- sidebar -->
+ <script src="js/jquery.mCustomScrollbar.concat.min.js"></script>
+ <script src="js/custom.js"></script>
+ <!-- javascript -->
+ <script src="js/owl.carousel.js"></script>
+ <script src="https:cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js"></script>
+ <script>
+ $(document).ready(function(){
+ $(".fancybox").fancybox({
+ openEffect: "none",
+ closeEffect: "none"
+ });
+ </script>
+
+
+
+</body>
+</html>
\ No newline at end of file
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..00e275f
--- /dev/null
+++ b/login.php
@@ -0,0 +1,135 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<!-- basic -->
+<meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<!-- mobile metas -->
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<meta name="viewport" content="initial-scale=1, maximum-scale=1">
+<!-- site metas -->
+<title>Login</title>
+<meta name="keywords" content="">
+<meta name="description" content="">
+<meta name="author" content="">
+<!-- bootstrap css -->
+<link rel="stylesheet" type="text/css" href="static/css/bootstrap.min.css">
+<!-- style css -->
+<link rel="stylesheet" type="text/css" href="static/css/style.css">
+<!-- Responsive-->
+<link rel="stylesheet" href="static/css/responsive.css">
+<!-- fevicon -->
+<link rel="icon" href="images/fevicon.png" type="image/gif" />
+<!-- Scrollbar Custom CSS -->
+<link rel="stylesheet" href="static/css/jquery.mCustomScrollbar.min.css">
+<!-- Tweaks for older IEs-->
+<link rel="stylesheet" href="https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css">
+<!-- owl stylesheets -->
+<link rel="stylesheet" href="static/css/owl.carousel.min.css">
+<link rel="stylesoeet" href="static/css/owl.theme.default.min.css">
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css" media="screen">
+
+</head>
+<body>
+ <!-- header section start-->
+ <nav class="navbar navbar-expand-lg navbar-light bg-light">
+ <a class="logo" href="#"><img src="static/images/logo.webp"></a>
+ <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+ <div class="collapse navbar-collapse" id="navbarNav">
+ <ul class="navbar-nav">
+ <li class="nav-item">
+ <a class="nav-link" href="index.php">HOME</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="#">SEARCH JOBS</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="http://plan.bitforge.lab">EMPLOYEE PLANNING PORTAL</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="#">MORE</a>
+ </li>
+ </ul>
+ </div>
+ </nav>
+ <!-- header section end-->
+ <!-- login section start-->
+ <div class="login_section">
+ <div class="container">
+ <div class="row">
+ <div class="col-sm-9 col-md-7 col-lg-5 mx-auto">
+ <div class="card card-signin my-5">
+ <div class="card-body">
+ <h5 class="card-title text-center">Log In</h5>
+ <form class="form-signin">
+ <div class="form-label-group">
+ <input type="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
+ <label for="inputEmail">Email address</label>
+ </div>
+
+ <div class="form-label-group">
+ <input type="password" id="inputPassword" class="form-control" placeholder="Password" required>
+ <label for="inputPassword">Password</label>
+ </div>
+
+ <div class="custom-control custom-checkbox mb-3">
+ <input type="checkbox" class="custom-control-input" id="customCheck1">
+ <label class="custom-control-label" for="customCheck1">Remember password</label>
+ </div>
+ <button class="btn btn-lg btn-primary btn-block text-uppercase" type="submit">Log In</button>
+ <hr class="my-4">
+ <button class="btn btn-lg btn-google btn-block text-uppercase" type="submit"><i class="fab fa-google mr-2"></i> Log In with Google</button>
+ <button class="btn btn-lg btn-facebook btn-block text-uppercase" type="submit"><i class="fab fa-facebook-f mr-2"></i> Log In with Facebook</button>
+ </form>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+
+ <!-- footer section end-->
+ <!-- copyright section start-->
+ <div class="copyright_section">
+ <div class="container">
+ <div class="row">
+ <div class="col-md-6">
+ <p class="copyright_text">Copyright 2020 All Right Reserved By.<a href="https://html.design"> Free html Templates</a></p>
+ </div>
+ <div class="col-md-6">
+ <p class="cookies_text">Cookies, Privacy and Terms</p>
+ </div>
+ </div>
+ </div>
+ </div>
+ <!-- copyright section end-->
+
+
+ <!-- Javascript files-->
+ <script src="js/jquery.min.js"></script>
+ <script src="js/popper.min.js"></script>
+ <script src="js/bootstrap.bundle.min.js"></script>
+ <script src="js/jquery-3.0.0.min.js"></script>
+ <script src="js/plugin.js"></script>
+ <!-- sidebar -->
+ <script src="js/jquery.mCustomScrollbar.concat.min.js"></script>
+ <script src="js/custom.js"></script>
+ <!-- javascript -->
+ <script src="js/owl.carousel.js"></script>
+ <script src="https:cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js"></script>
+ <script>
+ $(document).ready(function(){
+ $(".fancybox").fancybox({
+ openEffect: "none",
+ closeEffect: "none"
+ });
+ </script>
+
+
+
+</body>
+</html>
\ No newline at end of fileBoth index.php and login.php don’t have anything interesting and the login page is indeed a dummy page
However, there is a credential leak
Credential Leak
/Practice/BitForge/2-Enumeration/attachments/Pasted-image-20250412165636.png)
/Practice/BitForge/2-Enumeration/attachments/{57834EDD-7472-419F-973D-4026DE9531C7}.png)
Both commit eaf6c81951775e4202e40762b3300cc936cf4df1 and 18833b811e967ab8bec631344a6809aa4af59480 leak the DB Credential;BitForgeAdmin:B1tForG3S0ftw4r3S0lutions
gitleaks
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge/git]
└─$ gitleaks detect -v
○
│╲
│ ○
○ ░
░ gitleaks
Finding: $password = 'B1tForG3S0ftw4r3S0lutions';
Secret: B1tForG3S0ftw4r3S0lutions
RuleID: generic-api-key
Entropy: 4.053661
File: db-config.php
Line: 6
Commit: 18833b811e967ab8bec631344a6809aa4af59480
Author: McSam Ardayfio
Email: mcsam@bitforge.lab
Date: 2024-12-16T16:43:08Z
Fingerprint: 18833b811e967ab8bec631344a6809aa4af59480:db-config.php:generic-api-key:6
4:53PM INF 3 commits scanned.
4:53PM INF scan completed in 60.6ms
4:53PM WRN leaks found: 1Works with gitleaks too