Copy rget: http://192.168.130.45/
[12:35:10] Starting:
[12:35:37] 200 - 227B - /cgi-bin/a1stats/a1disp.cgi
[12:35:37] 200 - 209B - /cgi-bin/
[12:35:37] 200 - 219B - /cgi-bin/index.html
[12:35:37] 200 - 225B - /cgi-bin/imagemap.exe?2,2
[12:35:37] 200 - 224B - /cgi-bin/htimage.exe?2,2
[12:35:37] 200 - 217B - /cgi-bin/awstats/
[12:35:37] 200 - 220B - /cgi-bin/ViewLog.asp
[12:35:37] 200 - 245B - /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
[12:35:37] 200 - 219B - /cgi-bin/awstats.pl
[12:35:37] 200 - 193B - /cgi-bin
[12:35:37] 200 - 214B - /cgi-bin/login
[12:35:37] 200 - 219B - /cgi-bin/htmlscript
[12:35:37] 200 - 218B - /cgi-bin/login.cgi
[12:35:37] 200 - 216B - /cgi-bin/php.ini
[12:35:37] 200 - 218B - /cgi-bin/login.php
[12:35:37] 200 - 220B - /cgi-bin/printenv.pl
[12:35:37] 200 - 217B - /cgi-bin/test-cgi
[12:35:37] 200 - 210B - /cgi-bin2/
[12:35:37] 200 - 217B - /cgi-bin/test.cgi
[12:35:39] 302 - 209B - /contents -> http://192.168.130.45/contents/index.asp
This is probably rabit holes though...I'll run the searchsploit just in case.
I tried the exploit but I'm pretty sure I broke it..reverting the box and will keep enumerating http and other ports. CGI showing 200 but the page doesn't exist...is that a key?
Copy 192.168.130.45/Contents/AlarmHelp.asp?Id=Remote+Agent+Not+Connected
Copy http://192.168.130.45/Contents/AlarmHelp.asp?id=1%20AND%201=1::int
It's showing weird error.