7MS #579: Hacking Tommy Callahan - Part 2

Hey friends, today we're continuing our series on pwning the Tommy Boy VM on VulnHub VM! P.S. did you miss part one? Check it out on YouTube. Joe "The Machine" Skeen and I had a blast poking and prodding at the VM in hopes to fix the broken Callahan Auto brake-ordering Web app. Some tips/tricks we cover:

• It's always a good idea to look at a site's robots.txt file
• crunch is awesome for making wordlists
• fcrackzip is rad for cracking encrypted zip files
• dirbuster works well for busting into hidden files and subfolders
• exiftool works well to pull metadata out of images