InfoSec LAB

Object_Web_80

Created: 2 min read

Web

Nmap discovered a Web server on target port 80 The running service is Microsoft IIS httpd 10.0

Webroot Mega Engines

The website appears to be a static page

There is a domain information; object.htb The domain information has been appended to the /etc/hosts file on Kali for local DNS resolution

ideas might be a valid username

The hyperlink button points to the Web server on the target port 8080

Wappalyzer identified technologies involved

Fuzzing

┌──(kali㉿kali)-[~/archive/htb/labs/object]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt -u http://$IP/FUZZ -ic -e .txt
________________________________________________
 
 :: Method           : GET
 :: URL              : http://10.10.11.132/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt
 :: Extensions       : .txt 
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405,500
________________________________________________
 
[WARN] Caught keyboard interrupt (Ctrl-C)

Fuzzing web server doesn’t appear to be the intended route as it’s extremely slow

Virtual Host / Sub-domain Discovery

┌──(kali㉿kali)-[~/archive/htb/labs/object]
└─$ ffuf -c -w /usr/share/wordlists/seclists/discovery/dns/subdomains-top1million-110000.txt -u http://$IP/ -H 'Host: FUZZ.object.htb' -fw 4052 
________________________________________________
 
 :: Method           : GET
 :: URL              : http://10.10.11.132/
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
 :: Header           : Host: FUZZ.object.htb
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405,500
 :: Filter           : Response words: 4052
________________________________________________
 
[status: 200, Size: 0, Words: 1, Lines: 1, Duration: 2688ms]
    * fuzz: cally
 
:: Progress: [114441/114441] :: Job [1/1] :: 66 req/sec :: Duration: [0:03:33] :: Errors: 0 ::

ffuf returned one, cally, but respond time was 2688ms

It’s false-positive as it’s the same Removing cally.object.htb

Interactive Graph View

Backlinks