InfoSec LAB

Soccer_Web_9091

Created: 1 min read

Web

Nmap discovered a Web server on the target port 9091 The initial scan was unable to identify the running service

┌──(kali㉿kali)-[~/archive/htb/labs/soccer]
└─$ curl http://$IP:9091/ -i
HTTP/1.1 404 Not Found
content-security-policy: default-src 'none'
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
content-length: 139
date: Mon, 18 Dec 2023 20:13:50 GMT
connection: keep-alive
keep-alive: timeout=5
 
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Accessing the web root just responses with Cannot Get /

Fuzzing

┌──(kali㉿kali)-[~/archive/htb/labs/soccer]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -t 200 -u http://$IP:9091/FUZZ -ic
________________________________________________
 :: Method           : GET
 :: URL              : http://10.10.11.194:9091/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 200
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
:: Progress: [220548/220548] :: Job [1/1] :: 1070 req/sec :: Duration: [0:03:11] :: Errors: 0 ::

ffuf returned nothing

Interactive Graph View

Backlinks