Moodle
Overview #
CMS for online learning for students
Finding Version #
https://docs.moodle.org/34/en/Single_view
Credentials #
Seems there are no default creds. But we can try these:
moodlebox:Moodlebox4$
moodlebox:moodlebox
Interesting Paths #
# might contains versions
/mod/forum/upgrade.txt
/composer.lock
# stringnames.txt contains a list of all the strings used during the install process
install/stringnames.txt
# others
/backup
/mod/chat/?id=1
/INSTALL.txt
Brute Force #
# Haven't confirmed if this is working
wfuzz -c -Z --hl 296,6 -X POST -H 'Cookie: MoodleSession=u0chdlm9finmc3sscsuggodg75' -d "username=admin&password=FUZZ" -w /usr/share/wordlists/rockyou.txt 'http://teacher.htb/moodle/login/index.php'