InfoSec LAB

Traverxec_Web

Created: 2 min read

Web

Nmap Traverxec a web server on the target port 80 The running service is nostromo 1.9.6

Webroot It appears to provide a designing service for website

There is a section that shows some images loaded from the /img/portfolio/ directory

The contact form doesn’t appear to be functional

Fuzzing

┌──(kali㉿kali)-[~/archive/htb/labs/traverxec]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u http://$IP/FUZZ -ic 
________________________________________________
 
 :: Method           : GET
 :: URL              : http://10.10.10.165/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405,500
________________________________________________
[Status: 301, Size: 314, Words: 19, Lines: 14, Duration: 23ms]
    * FUZZ: css
 
[Status: 301, Size: 314, Words: 19, Lines: 14, Duration: 25ms]
    * FUZZ: icons
 
[Status: 301, Size: 314, Words: 19, Lines: 14, Duration: 23ms]
    * FUZZ: img
 
[Status: 301, Size: 314, Words: 19, Lines: 14, Duration: 24ms]
    * FUZZ: js
 
[Status: 301, Size: 314, Words: 19, Lines: 14, Duration: 24ms]
    * FUZZ: lib
 
:: Progress: [13383/20476] :: Job [1/1] :: 17 req/sec :: Duration: [0:09:34] :: Errors: 387 ::
[WARN] Caught keyboard interrupt (Ctrl-C)

Not only does ffuf find anything new, fuzzing was extremely slow for some reason. No progress made.

nostromo

interesting thing about the target web server is that it’s hosted by nostromo nostromo, also known as nhttpd, is an open-source web server designed by Marcus Glocker. It runs as a single process, and handles normal concurrent connections by select calls, but for efficiency during more demanding connections such as directory listings and CGI execution it forks. It supports HTTP/1.1 and CGI/1.1, Basic access authentication, SSL, IPv6, custom responses, aliases and virtual hosts

The version is 1.9.6

Vulnerability

┌──(kali㉿kali)-[~/archive/htb/labs/traverxec]
└─$ searchsploit nostromo 1.9.6          
-------------------------------------------------------- ---------------------------------
 Exploit Title                                          |  Path
-------------------------------------------------------- ---------------------------------
nostromo 1.9.6 - Remote Code Execution                  | multiple/remote/47837.py
-------------------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No Results

Checking for vulnerability reveals that the target nostromo instance has a [[Traverxec_CVE-2019-16278#[CVE-2019-16278](https //nvd.nist.gov/vuln/detail/CVE-2019-16278)|Remote Code Execution]] vulnerability

Interactive Graph View

Backlinks