HackMD - Collaborative Markdown Knowledge Base

## Recon stuff ### Stats endpoint https://207.241.239.10/server-status http://207.241.228.101/stats https://207.241.234.152/space/2022-12-17/2023-01-16 ### Files http://ia803207.s3dns.us.archive.org/authorized_keys ### Login forms https://207.241.232.240/admin/login/?next=/admin/ http://207.241.227.102:31507/console ### Weird shit http://207.241.227.102:27173/ckeditor/ckfinder/ http://207.241.227.102:29853/ https://207.241.225.189/client_secrets.json http://mail.archive.org:8088/cgi-bin/host_stats.py ### .git http://207.241.227.102:26638/.git/HEAD ## web.archive.org - SSRF -> Scan được port, dụ nó tải và lưu file được - XSS -> Account Take Over - http://web.archive.org/__wb/sparkline?output=json&url=ftp%3A%2F%2F157.245.151.62%2Fpub%2Ftest.txt&collection=web => what iz thiz - web.archive.org/web/20230114095455if_/ftp://157.245.151.62/pub/test.txt => truy cập vô là down luôn, có - web.archive.org/web/20230114095455if_/ssh://127.0.0.1 => nani ## analytics.archive.org - Có thể đang chạy tomcat ## Vulnerable to ..; https://207.241.231.8/static/css/..;/js/thirdparty/jquery-1.11.2.min.js