InfoSec LAB

Worker_Web_dimension.worker.htb

Created: 2 min read

dimension.worker.htb

Webroot of the dimension.worker.htb virtual host / sub-domain This appears to be a website demo It’s also mentioned that the website is designed and deployed by an internal deployment pipeline

While not much endpoint is uncovered by the Burp Suite’s passive crawler, the structure seems rather familiar

intro

The intro section shows that the team behind the worker.htb domain provides website templates there is a mention of “hard core platform development team”, which appears rather ambiguous, yet suggestive Additionally, the part, “all other sites running on worker.htb”, is likely referring to those sub-domains discovered earlier above

work

The work section literally outlines 5 of those sub-domains discovered earlier above.

Solid State was never discovered during fuzzing and it points to solid-stete.worker.htb

While I have updated the /etc/hosts file on Kali for local DNS resolution, something else crossed my mind twenty.worker.htb is NOT listed in the work section above and it may not be a demo website template as a “work”

about

The about section seems to point to the same resource that the intro section points to

contact

While the contact section contains a POST form, it doesn’t appear to be as important as there is no dynamic response. It could be an entry point via XSS, but highly doubtful

elements

There is a hidden section named, elements

It contains nothing more than the demo

Fuzzing

┌──(kali㉿kali)-[~/archive/htb/labs/worker]
└─$ ffuf -c -w /usr/share/wordlists/seclists/discovery/web-content/directory-list-2.3-medium.txt -u http://dimension.worker.htb/FUZZ -ic -e .html,.txt
________________________________________________
 :: Method           : GET
 :: URL              : http://dimension.worker.htb/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
 :: Extensions       : .html .txt 
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
images                  [status: 301, Size: 158, Words: 9, Lines: 2, Duration: 154ms]
index.html              [status: 200, Size: 14588, Words: 846, Lines: 369, Duration: 154ms]
assets                  [status: 301, Size: 158, Words: 9, Lines: 2, Duration: 141ms]
license.txt             [status: 200, Size: 17128, Words: 2798, Lines: 64, Duration: 159ms]
readme.txt              [status: 200, Size: 771, Words: 91, Lines: 30, Duration: 127ms]
:: Progress: [661641/661641] :: Job [1/1] :: 2 req/sec :: Duration: [0:43:56] :: Errors: 740 ::

No additional endpoint discovered

Interactive Graph View

Backlinks