InfoSec LAB

Trickster_Web

Created: 2 min read

Web

Nmap discovered a Web server on the target port 80 The running service is Apache httpd 2.4.52

┌──(kali㉿kali)-[~/archive/htb/labs/trickster]
└─$ curl -I http://$IP/         
HTTP/1.1 301 Moved Permanently
Date: Sat, 21 Sep 2024 19:56:35 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: http://trickster.htb/
Content-Type: text/html; charset=iso-8859-1

301 to a domain; trickster.htb

The domain information has been appended to the /etc/hosts file on Kali for local DNS resolution

Webroot It claims to provide an online shopping platform

It also appears to be a static website

contact

The contact section has a form submission

It doesn’t appear to be as responsive

Fuzzing

┌──(kali㉿kali)-[~/archive/htb/labs/trickster]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -t 200 -u http://trickster.htb/FUZZ -ic -fc 403
________________________________________________
 :: Method           : GET
 :: URL              : http://trickster.htb/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 200
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
 :: Filter           : Response status: 403
________________________________________________
:: Progress: [1273819/1273819] :: Job [1/1] :: 382 req/sec :: Duration: [0:44:54] :: Errors: 0 ::

N/A

Virtual Host / Sub-domain Discovery

┌──(kali㉿kali)-[~/archive/htb/labs/trickster]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://$IP/ -H 'Host: FUZZ.trickster.htb' -ic -mc all -fc 301
________________________________________________
 :: Method           : GET
 :: URL              : http://10.129.126.169/
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
 :: Header           : Host: FUZZ.trickster.htb
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: all
 :: Filter           : Response status: 301
________________________________________________
shop                    [Status: 403, Size: 283, Words: 20, Lines: 10, Duration: 128ms]
:: Progress: [114437/114437] :: Job [1/1] :: 58 req/sec :: Duration: [0:24:14] :: Errors: 0 ::

ffuf found a sub-domain; shop.trickster.htb

Interactive Graph View

Backlinks