# Initial Checks - `ping` test ![[images/Pasted image 20260116180120.png]] - `nmap` scan ![[images/Pasted image 20260116180144.png]] - visit page ![[images/Pasted image 20260116180237.png]] - source code ![[images/Pasted image 20260116180231.png]] # Use given creds - after using provided creds, this page is displayed ![[images/Pasted image 20260116180333.png]] - two web requests with cookies when logging in from main page: - POST request directed to `/index.php`![[images/Pasted image 20260116180456.png]] - GET request directed to `/profile.php` ![[images/Pasted image 20260116180527.png]] - there is also a `settings.php` page for changing password ![[images/Pasted image 20260116181043.png]] - if we look closer at the response from the GET request directed to `/profile.php`, we notice an API call to `/api.php/user/xxx` ![[images/Pasted image 20260116181202.png]] ![[images/Pasted image 20260116181853.png]]