Gobuster is a powerful, fast, and configurable tool designed for brute-forcing URIs (directories and files) and DNS subdomains. Written in Go, it’s known for its speed and efficiency in discovering hidden content on web servers and identifying DNS records.
Navigating to the target IP using your browser, we can see there is a web server that is being hosted on port 80.
We will now do directory busting to search for potentially sensitive exposed files or directories that we can use to gather information about the target to get a foothold.
gobuster dir -k -u http://192.168.100.12/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x txt,php,html -t 40
We see a page of interest at /phpinfo.php
