Web
Nmap discovered a Web server on the target port 80
The running service is Apache httpd 2.4.29
Webroot
While the web application appears to be a personal blog, it shows that it’s under development
It doesn’t seem to have any hidden files or directories hard-coded into the index.html file
Fuzzing
┌──(kali㉿kali)-[~/archive/htb/labs/postman]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u https://$IP/FUZZ -ic
________________________________________________
:: Method : GET
:: URL : https://10.10.10.160/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405,500
________________________________________________
:: Progress: [20476/20476] :: Job [1/1] :: 189 req/sec :: Duration: [0:01:52] :: Errors: 20476 ::Fuzzing the web app doesn’t appear to be viable as it errors out
Virtual Host / Sub-domain Discovery
┌──(kali㉿kali)-[~/archive/htb/labs/postman]
└─$ ffuf -c -w /usr/share/wordlists/seclists/discovery/dns/subdomains-top1million-110000.txt -u http://$IP/ -H 'Host: FUZZ.postman' -fs 3844
________________________________________________
:: Method : GET
:: URL : http://10.10.10.160/
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
:: Header : Host: FUZZ.postman
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405,500
:: Filter : Response size: 3844
________________________________________________
:: Progress: [114441/114441] :: Job [1/1] :: 369 req/sec :: Duration: [0:04:52] :: Errors: 0 ::Attempting to fuzz additional virtual hosts using the hostname, postman, discovered in the other web server
ffuf found nothing