Web
Nmap discovered a Web server on the target port 80
The running service is Microsoft IIS httpd 10.0
Webroot
It’s a static page; index.html
Testimonials
Possible username disclosure at the Testimonials section
CONTACT US
The Contact Us section has a form submission that sends a GET request with parameters
Fuzzing
┌──(kali㉿kali)-[~/archive/htb/labs/infiltrator]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -t 200 -u http://dc01.infiltrator.htb/FUZZ -ic
________________________________________________
:: Method : GET
:: URL : http://dc01.infiltrator.htb/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 200
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
[Status: 200, Size: 31235, Words: 13845, Lines: 617, Duration: 151ms]
assets [Status: 301, Size: 158, Words: 9, Lines: 2, Duration: 97ms]
:: Progress: [1273819/1273819] :: Job [1/1] :: 945 req/sec :: Duration: [0:20:41] :: Errors: 65 ::none
Virtual Host / Sub-domain Enumeration
┌──(kali㉿kali)-[~/archive/htb/labs/infiltrator]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://$IP/ -H 'Host: FUZZ.infiltrator.htb' -ic -mc all -fs 31235
________________________________________________
:: Method : GET
:: URL : http://10.10.11.31/
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
:: Header : Host: FUZZ.infiltrator.htb
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: all
:: Filter : Response size: 31235
________________________________________________
:: Progress: [114437/114437] :: Job [1/1] :: 223 req/sec :: Duration: [0:10:24] :: Errors: 0 ::none