Conceal_Web

Web

---

After establishing a VPN connection with the target host,an additional Nmap scan was performed. It reports a web server on port 80

Webroot It’s the default page for IIS 10.0 installation

Fuzzing

---

┌──(kali㉿kali)-[~/archive/htb/labs/conceal]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-directories-lowercase.txt -u http://$IP/FUZZ
________________________________________________
 
 :: Method           : GET
 :: URL              : http://10.10.10.116/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-directories-lowercase.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405,500
________________________________________________
 
upload                  [Status: 301, Size: 150, Words: 9, Lines: 2, Duration: 137ms]
:: Progress: [56164/56164] :: Job [1/1] :: 158 req/sec :: Duration: [0:04:54] :: Errors: 2 ::

ffuf discovered a directory; /upload/

/upload/

---

The /upload/ directory is empty However, the directory name is very suggestive