Web
Nmap discovered a web server running on the target port 8000
The running service is Apache httpd 2.4.38
403
Fuzzing
┌──(kali㉿kali)-[~/archive/htb/labs/seventeen]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -u http://seventeen.htb:8000/FUZZ -ic -e .txt,.php,.html
________________________________________________
:: Method : GET
:: URL : http://seventeen.htb:8000/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
:: Extensions : .txt .php .html
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405,500
________________________________________________
.html [Status: 403, Size: 280, Words: 20, Lines: 10, Duration: 94ms]
server-status [Status: 403, Size: 280, Words: 20, Lines: 10, Duration: 90ms]
:: Progress: [882188/882188] :: Job [1/1] :: 432 req/sec :: Duration: [0:34:56] :: Errors: 0 ::Nothing found
Virtual Host / Sub-Domain Discovery
┌──(kali㉿kali)-[~/archive/htb/labs/seventeen]
└─$ ffuf -c -w /usr/share/wordlists/seclists/discovery/dns/subdomains-top1million-110000.txt -u http://$IP:8000 -H 'Host: FUZZ.seventeen.htb' -fc 403
________________________________________________
:: Method : GET
:: URL : http://10.10.11.165:8000
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
:: Header : Host: FUZZ.seventeen.htb
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405,500
:: Filter : Response status: 403
________________________________________________
:: Progress: [114441/114441] :: Job [1/1] :: 398 req/sec :: Duration: [0:04:32] :: Errors: 0 ::Nothing found