Common collection

Release prompt ：

Use dirbuster Tool for web directory scanning ,⼯ Yes kali⾃ belt ,

cd /usr/share/dirbuster
java -jar DirBuster-1.0-RC1.jar

use URL Fuzz, You can specify a directory , Specify scan admin All the files under the directory ,dir Represents every line of the dictionary

/admin/{dir}.php This is blasting admin All under directory php file
perhaps

Or is it dirsearch course ,
forehead , The environment was also checked ,,, Didn't sweep it out , Try to do it yourself

/robots.txt

Get a hint , Visit available ：flag1:n1book{info_1

/index.php~

Get a hint , Visit available ：flag2:s_v3ry_im

.index.php.swp

You'll get a file

I read this question wp, The software still doesn't understand , Try again in a few days .

Careless Xiao Li

Git test , Use GitHack The script tests it , course ！kali It has its own Git、Python2 and Python3. Switch to virtual machine … Mainly in the second half of the day GitHack, Failed all the time ！

We found the reason ！！！ Not solve , Looking around for information, I found another tool scrabble Can replace it , Tutorial links ！
Open terminal in folder ,

./scrabble + website

ls see

cat + file

SQL Inject -1

Find the injection point ,