Web
Nmap discovered a web server on the target port 80
The running service is Apache httpd 2.4.41
Webroot
The domain information has been appended to the /etc/hosts file on Kali for local DNS resolution
While there is a contact form at the bottom that sends out a GET request to the /index.html file, it doesn’t seem all that responsive
Overall, it just appears to be a single static page I will try fuzzing it
Fuzzing
┌──(kali㉿kali)-[~/archive/htb/labs/pandora]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -u http://panda.htb/FUZZ -ic -e .txt,.php,.html
________________________________________________
:: Method : GET
:: URL : http://panda.htb/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
:: Extensions : .txt .php .html
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405,500
________________________________________________
assets [Status: 301, Size: 307, Words: 20, Lines: 10, Duration: 93ms]
index.html [Status: 200, Size: 33560, Words: 13127, Lines: 908, Duration: 9316ms]
server-status [Status: 403, Size: 274, Words: 20, Lines: 10, Duration: 94ms]ffuf returned nothing.