PORT   STATE SERVICE
80/tcp open  http

PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.52 ((Win64) OpenSSL/1.1.1m PHP/8.1.1)
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
|_http-server-header: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.1
| http-title: Mist - Mist
|_Requested resource was <http://10.129.215.106/?file=mist>
|_http-generator: pluck 4.7.18
| http-robots.txt: 2 disallowed entries 
|_/data/ /docs/
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2016 (85%)
OS CPE: cpe:/o:microsoft:windows_server_2016
Aggressive OS guesses: Microsoft Windows Server 2016 (85%)
No exact OS matches for host (test conditions non-ideal).

<http://10.129.215.106/login.php>

Untitled

robots.txt

User-agent: *
Disallow: /data/
Disallow: /docs/

Try CVE for pluck 4.7

Untitled

<http://10.129.215.106/data/modules/albums/albums_getimage.php?image=\\>..\\..\\..\\..\\..\\..\\..\\Windows\\system.ini

Not work

Untitled

seems the version of pluck is greater than 4.7

Untitled

It’s 4.7.18 here

Try bruteforce on password:

Untitled

cracking limitation

https://github.com/pluck-cms/pluck/issues/122

By accessing the previous found path

Untitled