# Nmap 7.91 scan initiated Sat Nov 14 20:20:55 2020 as: nmap -sSVC -p- -oA nmap_full -v 10.10.1.243 Nmap scan report for 10.10.1.243 Host is up (0.031s latency). Not shown: 65534 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS | http-robots.txt: 1 disallowed entry |_/fuel/ |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: Welcome to FUEL CMS
Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Nov 14 20:21:58 2020 -- 1 IP address (1 host up) scanned in 62.91 seconds
Let's try to find password in the application source code:
1 2 3 4 5 6 7
www-data@ubuntu:/var/www/html$ grep -r password fuel/application -n grep -r password fuel/application -n fuel/application/views/_install.php:121: <p>Install the FUEL CMS database by first creating the database in MySQL and then importing the <strong>fuel/install/fuel_schema.sql</strong> file. After creating the database, change the database configuration found in <strong>fuel/application/config/database.php</strong> to include your hostname (e.g. localhost), username, password and the database to match the new database you created.</p> fuel/application/views/_install.php:187: Password: <strong>admin</strong> (you can and should change this password and admin user information after logging in)</p> fuel/application/config/database.php:20:| ['password'] The password used to connect to the database fuel/application/config/database.php:80: 'password' => 'mememe', fuel/application/config/MY_fuel.php:32:// shows an alert in the admin backend if this is the admin password