A friend of mine offered me $20 if I could get into his site, but I have like no idea where to start, so far all I've managed to learn is that he's running it at a server at work, and it's running Apache 2.4.6 on CentOS, probably the latest.
Any ideas on where to go from here?
Juan Carter
Install Gentoo
Jace Young
not kali?
Eli Walker
Nice try FBI
Chase Green
Some of you clowns are obsessed the FBI wants to bring you down. Kek
Aaron Russell
btw this is genuinely just between me and a friend of mine, I think he just wants me to try to pentest his shit
David Carter
Use Burpsuite to see more info about the site
Adam Ward
lot of hacking is social engineering
Jeremiah Williams
I'll just show you what I told him.. Downloading now
Jeremiah Peterson
There's only an index.html file, along with an .htaccess and .htpsswd files, so he's just wasting your time, there's nothing interesting on the site.
Nicholas James
well I know you're running an empty minecraft server
Asher Peterson
I'm spooked solid
fuck man he wouldn't do that.. that's just lame..
Sebastian Lewis
and the ssl issuer is bad
Kayden Peterson
yeah I actually noticed that, but I'm not sure what it means
Evan Butler
it means it's a self-signed (in this case) or other illegit cert, not run through one of the big corporate ones or that big free open one, lets ssl or something
Joshua Phillips
>wants me to try to pentest his shit >doesn't know where to start
bring up cmd and type ipconfig to be pro hekerz
Landon Sullivan
did that a while ago, that's how I found out the it's being hosted at Rackspace
Aaron Wilson
well none of the default logins or anything are working, that's the limit of my know-how
Jackson Wilson
So would that mean it's faking a certificate from "Lets Encrypt"?
Jose Perry
looks ok to me, some browsers don't recognize them
Jacob Sullivan
fuck I'm starting to get a feeling there really is nothing to see here
Alexander Walker
let's encrypt is a CA (Cert Authority). they give a cert to any request with a valid extension.
Nathan Gutierrez
really?
Anthony James
really. no idea how he found that out but yeah. I guess there is a way to see someones IP over 4chinz?