Web
Nmap discovered a Web server on the target port 9090
The running service is Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fanatastic]
└─$ curl -I -X OPTIONS http://$IP:9090/
HTTP/1.1 200 OK
Allow: GET, OPTIONS
Date: Wed, 02 Apr 2025 12:19:41 GMT
Content-Length: 0
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fanatastic]
└─$ curl -I http://$IP:9090/
HTTP/1.1 405 Method Not Allowed
Allow: GET, OPTIONS
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Wed, 02 Apr 2025 12:19:46 GMT
Content-Length: 19
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fanatastic]
└─$ curl -i http://$IP:9090/
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: /graph
Date: Wed, 02 Apr 2025 12:19:54 GMT
Content-Length: 29
<a href="/graph">Found</a>.302 to an endpoint /graph
/Practice/Fanatastic/2-Enumeration/attachments/{EE0CD7AF-2815-438E-A764-100C1F22A244}.png)
There is a Prometheus instance
/Practice/Fanatastic/2-Enumeration/attachments/Pasted-image-20250402142452.png)
Prometheus is a free software application used for event monitoring and alerting. It records metrics in a time series database (allowing for high dimensionality) built using an HTTP pull model, with flexible queries and real-time alerting. The project is written in Go and licensed under the Apache 2 License, with source code available on GitHub.
/Practice/Fanatastic/2-Enumeration/attachments/{1D343B73-DF73-41B0-B13D-6BBE11DCBB13}-1.png)
/Practice/Fanatastic/2-Enumeration/attachments/{B874431A-6B13-48A8-9B76-FD3B648932C3}.png)
/Practice/Fanatastic/2-Enumeration/attachments/{385B5484-CE37-475B-9F70-65BE53A0B44A}.png)
The installation appears to be default and not much data has been scraped.
Version Information
/Practice/Fanatastic/2-Enumeration/attachments/Pasted-image-20250402143931.png)
The /status endpoint reveals the version information; 2.32.1
It’s also running with privileges of the root account
N/A
Fuzzing
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fanatastic]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u http://$IP:9090/FUZZ -ic
________________________________________________
:: Method : GET
:: URL : http://192.168.202.181:9090/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
alerts [Status: 200, Size: 2347, Words: 71, Lines: 1, Duration: 23ms]
classic [Status: 302, Size: 32, Words: 2, Lines: 3, Duration: 21ms]
config [Status: 200, Size: 2347, Words: 71, Lines: 1, Duration: 20ms]
consoles [Status: 301, Size: 45, Words: 3, Lines: 3, Duration: 21ms]
debug [Status: 301, Size: 42, Words: 3, Lines: 3, Duration: 19ms]
favicon.ico [Status: 200, Size: 15086, Words: 12, Lines: 3, Duration: 21ms]
flags [Status: 200, Size: 2347, Words: 71, Lines: 1, Duration: 23ms]
graph [Status: 200, Size: 2347, Words: 71, Lines: 1, Duration: 20ms]
metrics [Status: 200, Size: 101977, Words: 3397, Lines: 1371, Duration: 26ms]
new [Status: 301, Size: 40, Words: 3, Lines: 3, Duration: 18ms]
rules [Status: 200, Size: 2347, Words: 71, Lines: 1, Duration: 19ms]
static [Status: 301, Size: 43, Words: 3, Lines: 3, Duration: 18ms]
status [Status: 200, Size: 2347, Words: 71, Lines: 1, Duration: 19ms]
targets [Status: 200, Size: 2347, Words: 71, Lines: 1, Duration: 21ms]
version [Status: 200, Size: 178, Words: 1, Lines: 2, Duration: 19ms]
:: Progress: [20478/20478] :: Job [1/1] :: 2083 req/sec :: Duration: [0:00:10] :: Errors: 0 ::N/A