whatweb 10.129.42.190 whatweb http://10.129.42.190/nibbleblogDirectory Enumeration
A quick Google search for “nibbleblog exploit” yields this Nibblblog File Upload Vulnerability. The flaw allows an authenticated attacker to upload and execute arbitrary PHP code on the underlying web server.
gobuster dir -u http://10.129.42.190/nibbleblog/ --wordlist /usr/share/seclists/Discovery/Web-Content/common.txtcurl -s http://10.129.42.190/nibbleblog/content/private/users.xml | xmllint --format -gobuster dir -u http://10.129.42.190/ --wordlist /usr/share/seclists/Discovery/Web-Content/common.txtcurl -s http://10.129.42.190/nibbleblog/content/private/config.xml | xmllint --format -When performing password cracking offline with a tool such as Hashcat or attempting to guess a password, it is important to consider all of the information in front of us. It is not uncommon to successfully crack a password hash (such as a company’s wireless network passphrase) using a wordlist generated by crawling their website using a tool such as CeWL.