Using Default Credential to Admin Account Takeover

3 min readAug 31, 2024

Hello Everyone,

I am very Happy For good response my 2st article U can read

This is my 3rd article. in this article will talk about how to find Admin Panel & Sensitive Information vulnerability using amass tool. Let’s introduce myself I’m Ch4ndan das & I’m web penetration tester. From India | My English is not well so please don’t mind it.

So I was testing a company’s domain let’s call it redacted.com. I started Hunting amass tool ( I think everyone know amass ) IF any one don’t know amass tool search on google & chat gpt.

Lets start !

I pick a responsible disclosure program then start recon using amass tool. I used basic command like this amass enum -active -d target.com,redacted.com -nocolor -o amass.txt u can see in image

enum = enumerate -d = domain -nocolor = output not show in color -o = output file

You have single domain use this cmd amass enum -active -d redacted.com -o amass.txt u can see in image

You have Multiple domain use this cmd amass enum -active -d redacted.com,test.com,target.com -o amass.txt u can see in image

If You want add more filter then You can see help menu ( amass enum -h )

In this Process take long time depend own your internet speed. After save file (amass.txt) You need filter domain’s ip u can use this command cat amass.txt| grep -E -o ‘[0–9]{1,3}\.[0–9]{1,3}\.[0–9]{1,3}\.[0–9]{1,3}’| sort -u |tee ip.txt see in image

I Have Domain’s ip You need httpx tool For check Live ip ( I think everyone know httpx tool) IF any one don’t know httpx tool search on google & chat gpt.

Now I have ip.txt file for check live ip use this command cat ip.txt| httpx -sc -title -server -td -cl -mc 200,302 -o httpx.txt