Hi everyone,
So I got scammed and sent money into some shady crypto brokerage. Noticeable amount, it'll take months for me to recover from that.
Now I want to try and have revenge.
So far:
• Their website runs on a separate VPS
• Only SSH and HTTP/S ports are open
• I've found where the admin panel must be located, it requires basic HTTP auth
• The API is exposed but there is nothing useful, the real stuff seems to be in the admin panel
• I've started bruteforcing ssh "root" user, and "admin" panel user with rockyou list; I don't think that will work tho
Any ideas what could I try next? I'll go to sleep now but I'd be delighted to read your suggestions in the morning, thanks!