_____                    ________  ________                            
|_   _|                  /  ___|  \/  |  __ \                           
  | | ___  __ _ _ __ ___ \ `--.| .  . | |  \/   _ __ ___  ___ ___  _ __  
  | |/ _ \/ _` | '_ ` _ \ `--. \ |\/| | | __   | '__/ _ \/ __/ _ \| '_ \ 
  | |  __/ (_| | | | | | /\__/ / |  | | |_\ \  | | |  __/ (_| (_) | | | |
  \_/\___|\__,_|_| |_| |_\____/\_|  |_/\____/  |_|  \___|\___\___/|_| |_|
***************************************************************************                                                                        
A little collection of data/info on the teamSMG's website to help other's troll around 
with this dogshit team for firing a member because their mum had cancer 
#justiceforninjaboogie #fckteamsmg #4thetr0llz
****************************************************************************
*BASIC INFO*
site: https://teamsmg.gg/
ip: 104.21.82.219 (might change due to WAF)
ASN: AS13335
CMS:  WordPress 5.8.2
CDN: Cloudflare
Database: MySQL
other: Apache/2.4.41 (Ubuntu) Server on port 80

USERS/ADMINS
1.joy
2.orrin
3.bryan
4.admin
5.Orrin Xu
6.Byan Lim
7.seedprod_bypass_user_wesocool (kinda strange usernname but seems to be correct) 
(brute force)
 
*WPscan report*
https://pastebin.com/ShQiDjQp

*ADMIN PANEL*
https://teamsmg.gg/wp/wp-login.php?redirect_to=https%3A%2F%2Fteamsmg.gg%2Fwp%2Fwp-admin%2F&reauth=1

*SUBDOMAIN*
https://store.teamsmg.gg/ ~ 23.227.38.65

*SHODAN*
https://www.shodan.io/host/104.21.82.219

*Nmap report*
https://pastebin.com/2W7nxncW
( i wouldn't trust this report but it may be helpful )

*JS files*
Use command: " waybackurls teamsmg.gg | grep "\\.js" | xargs -n1 -I@ curl -k @ | tee -a jsfilessmg.txt " to get the info

*NUCLEI*
P5 - INFO, Robots.txt Detected,http://teamsmg.gg:80/robots.txt,Disallow: /wp/wp-admin/
P5 - INFO, Wordpress Detected 1,http://teamsmg.gg:80/,&lh;meta name="generator" content="WordPress 5.8.2" />
P5 - INFO, Wordpress Detected 2,http://teamsmg.gg:80/blog/,&lh;meta name="generator" content="WordPress 5.8.2" />
P5 - INFO, Wordpress Detected 3,http://teamsmg.gg:80/wordpress/,&lh;meta name="generator" content="WordPress 5.8.2" />
P5 - INFO, Robots.txt Detected,https://teamsmg.gg:443/robots.txt,Disallow: /wp/wp-admin/
P5 - INFO, Wordpress Detected 2,https://teamsmg.gg:443/blog/,&lh;meta name="generator" content="WordPress 5.8.2" />
P5 - INFO, Wordpress Detected 3,https://teamsmg.gg:443/wordpress/,&lh;meta name="generator" content="WordPress 5.8.2" P5 - INFO, Nuclei Vulnerability Scan, [txt-fingerprint], http://teamsmg.gg
*pretty shit just ignore this*

*403 bypass info*
X-Original-URL X-Rewrite-URL headers returns back 200 on forbidden pages but this happens a lot and is either a false
positive or not helpful i didn't wanna test it cuz am lazy but be free to test if u want 2

*INTERESTING WEB PATHS*
https://teamsmg.gg/wp-json/wp/v2/users/
https://teamsmg.gg/wp/wp-login.php
https://teamsmg.gg/wp-json/
https://teamsmg.gg/wp/wp-includes/js/zxcvbn.min.js
https://teamsmg.gg/app/plugins/contact-form-7/includes/js/index.js?ver=5.5.4

*Vulnerability's* 
1.Possible WordPress vunls: https://pastebin.com/T2v0tciB
2.There site may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.href and passed to the 'append()' function of JQuery.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(this affects all urls on the site)

*TeamSMG's socials*
1.instagram: https://www.instagram.com/teamsmgofficial/
2.twitter: https://twitter.com/teamsmgofficial
3.facebook: https://www.facebook.com/teamsmgofficial
4.youtube: https://www.youtube.com/c/teamsmg
5.discord: https://discord.com/invite/6sPkynXVcp (give em hell)


Enjoy