InfoSec LAB

Sightless_Web

Created: 2 min read

Web

Nmap discovered a Web server on the target port 80 The running service is nginx 1.18.0

┌──(kali㉿kali)-[~/archive/htb/labs/sightless]
└─$ curl -i http://$IP/   
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 07 Sep 2024 19:23:38 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: http://sightless.htb/
 
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>

302 to a domain; signtless.htb

The domain information has been appended to the /etc/hosts file on Kali for local DNS resolution

Webroot

Service

The Service section contains 3 entires

SQLPad

One of the services, SQLPad, reveals a virtual host / sub-domain; sqlpad.sightless.htb

The /etc/hosts file has been updated for local DNS resolution

Fuzzing

┌──(kali㉿kali)-[~/archive/htb/labs/sightless]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -t 200 -u http://sightless.htb/FUZZ -ic 
________________________________________________
 :: Method           : GET
 :: URL              : http://sightless.htb/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 200
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
icones                  [Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 32ms]
images                  [Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 32ms]
:: Progress: [20476/20476] :: Job [1/1] :: 3205 req/sec :: Duration: [0:00:03] :: Errors: 0 ::

N/A

Virtual Host / Sub-domain Discovery

┌──(kali㉿kali)-[~/archive/htb/labs/sightless]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://$IP/ -H 'Host: FUZZ.sightless.htb' -ic -mc all -fc 302
________________________________________________
 :: Method           : GET
 :: URL              : http://10.129.206.178/
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
 :: Header           : Host: FUZZ.sightless.htb
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: all
 :: Filter           : Response status: 302
________________________________________________
:: Progress: [114437/114437] :: Job [1/1] :: 1886 req/sec :: Duration: [0:01:06] :: Errors: 0 ::

N/A

Interactive Graph View

Backlinks