http

rget: http://192.168.130.45/

[12:35:10] Starting: 
[12:35:37] 200 -  227B  - /cgi-bin/a1stats/a1disp.cgi
[12:35:37] 200 -  209B  - /cgi-bin/
[12:35:37] 200 -  219B  - /cgi-bin/index.html
[12:35:37] 200 -  225B  - /cgi-bin/imagemap.exe?2,2
[12:35:37] 200 -  224B  - /cgi-bin/htimage.exe?2,2
[12:35:37] 200 -  217B  - /cgi-bin/awstats/
[12:35:37] 200 -  220B  - /cgi-bin/ViewLog.asp
[12:35:37] 200 -  245B  - /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
[12:35:37] 200 -  219B  - /cgi-bin/awstats.pl
[12:35:37] 200 -  193B  - /cgi-bin
[12:35:37] 200 -  214B  - /cgi-bin/login
[12:35:37] 200 -  219B  - /cgi-bin/htmlscript
[12:35:37] 200 -  218B  - /cgi-bin/login.cgi
[12:35:37] 200 -  216B  - /cgi-bin/php.ini
[12:35:37] 200 -  218B  - /cgi-bin/login.php
[12:35:37] 200 -  220B  - /cgi-bin/printenv.pl
[12:35:37] 200 -  217B  - /cgi-bin/test-cgi
[12:35:37] 200 -  210B  - /cgi-bin2/
[12:35:37] 200 -  217B  - /cgi-bin/test.cgi
[12:35:39] 302 -  209B  - /contents  ->  http://192.168.130.45/contents/index.asp

I was able to login with admin:admin

version: HP Power Manager 4.2 (Build 7)

This is probably rabit holes though...I'll run the searchsploit just in case.

Hewlett-Packard (HP) Power Manager Administration - Remote Buffer Overflow (Metasploit)Exploit Database

I tried the exploit but I'm pretty sure I broke it..reverting the box and will keep enumerating http and other ports. CGI showing 200 but the page doesn't exist...is that a key?

maybe the key is in HP?

Alarm showing

LFI/SQL/RFI?

192.168.130.45/Contents/AlarmHelp.asp?Id=Remote+Agent+Not+Connected

Tried this method:

http://192.168.130.45/Contents/AlarmHelp.asp?id=1%20AND%201=1::int

It's showing weird error.

PreviousKevin Bof NextInfosec Prep

Last updated 2 years ago