Web
Nmap discovered a Web server on the target port 80
The running service is nginx 1.14.0 (Ubuntu)
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bratarina]
└─$ curl -I -X OPTIONS http://$IP/
HTTP/1.1 404 NOT FOUND
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 24 Mar 2025 10:44:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 6461
Connection: keep-alive
Vary: Cookie
Set-Cookie: session=eyJjc3JmX3Rva2VuIjp7IiBiIjoiTkdZelkyWTRaVEpoWXpWaU1tVXdNV0ptWkdVek1UQmhabUprWkdZM00ySmpaVGxoTWpBME5BPT0ifX0.GsLI8A.FkK258XGTjDE_VUwNMq6TtOSvE8; HttpOnly; Path=/
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bratarina]
└─$ curl -I http://$IP/
HTTP/1.1 404 NOT FOUND
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 24 Mar 2025 10:44:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 6461
Connection: keep-alive
Vary: Cookie
Set-Cookie: session=eyJjc3JmX3Rva2VuIjp7IiBiIjoiWWpKaVltVTFORFpqTTJFd016VmxZVGc0TUdFMVpqUmlabVJsWTJNeFpEVmxNMlZoWldaaU53PT0ifX0.GsLI9w.7pvV0Vi1627VJh_WJiXyj4dkW6Y; HttpOnly; Path=//Practice/Bratarina/2-Enumeration/attachments/{BD50BA8C-FD28-49F8-87C4-230C4E9BC606}.png)
Webroot
It’s FlaskBB
/Practice/Bratarina/2-Enumeration/attachments/{C9C9E082-DDD8-454E-94FF-4574B1C1DB94}.png)
However, CSS is not rendered in because they are not pointing to anywhere
/Practice/Bratarina/2-Enumeration/attachments/{9C65A145-9CB0-4701-88E7-CC46D7979CDB}.png)
/Practice/Bratarina/2-Enumeration/attachments/{E5FE1170-8E0F-469B-99D5-17356D580060}.png)
In fact, every endpoint is missing the address, rending the entire web app not functional
Fuzzing
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bratarina]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u http://$IP/FUZZ -ic
________________________________________________
:: Method : GET
:: URL : http://192.168.132.71/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
robots.txt [Status: 200, Size: 14, Words: 2, Lines: 2, Duration: 18ms]
static [Status: 301, Size: 194, Words: 7, Lines: 8, Duration: 18ms]
:: Progress: [20478/20478] :: Job [1/1] :: 257 req/sec :: Duration: [0:01:23] :: Errors: 0 ::
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bratarina]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -recursion -u http://$IP/FUZZ -ic
________________________________________________
:: Method : GET
:: URL : http://192.168.132.71/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
static [Status: 301, Size: 194, Words: 7, Lines: 8, Duration: 18ms]
[INFO] Adding a new job to the queue: http://192.168.132.71/static/FUZZ
[INFO] Starting queued job on target: http://192.168.132.71/static/FUZZ
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 19ms]
img [Status: 301, Size: 194, Words: 7, Lines: 8, Duration: 22ms]
[INFO] Adding a new job to the queue: http://192.168.132.71/static/img/FUZZ
css [Status: 301, Size: 194, Words: 7, Lines: 8, Duration: 19ms]
[INFO] Adding a new job to the queue: http://192.168.132.71/static/css/FUZZ
js [Status: 301, Size: 194, Words: 7, Lines: 8, Duration: 21ms]
[INFO] Adding a new job to the queue: http://192.168.132.71/static/js/FUZZ
fonts [Status: 301, Size: 194, Words: 7, Lines: 8, Duration: 17ms]
[INFO] Adding a new job to the queue: http://192.168.132.71/static/fonts/FUZZ
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 18ms]
[INFO] Starting queued job on target: http://192.168.132.71/static/img/FUZZ
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 20ms]
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 20ms]
[INFO] Starting queued job on target: http://192.168.132.71/static/css/FUZZ
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 23ms]
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 22ms]
[INFO] Starting queued job on target: http://192.168.132.71/static/js/FUZZ
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 19ms]
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 18ms]
[INFO] Starting queued job on target: http://192.168.132.71/static/fonts/FUZZ
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 19ms]
bootstrap [Status: 301, Size: 194, Words: 7, Lines: 8, Duration: 17ms]
[INFO] Adding a new job to the queue: http://192.168.132.71/static/fonts/bootstrap/FUZZ
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 18ms]
[INFO] Starting queued job on target: http://192.168.132.71/static/fonts/bootstrap/FUZZ
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 19ms]
[Status: 403, Size: 178, Words: 5, Lines: 8, Duration: 18ms]
:: Progress: [220546/220546] :: Job [7/7] :: 1503 req/sec :: Duration: [0:01:55] :: Errors: 0 ::N/A