Web
Nmap discovered a Web server on the target port 9090
The running service is Apache Hadoop
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fired]
└─$ curl -I -X OPTIONS http://$IP:9090/
HTTP/1.1 200 OK
Date: Sun, 06 Apr 2025 19:52:00 GMT
Allow: GET,HEAD,POST,OPTIONS
Content-Length: 0
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fired]
└─$ curl -I http://$IP:9090/
HTTP/1.1 200 OK
Date: Sun, 06 Apr 2025 19:52:03 GMT
Last-Modified: Tue, 02 Aug 2022 12:04:43 GMT
Content-Type: text/html
Accept-Ranges: bytes
Content-Length: 115/Practice/Fired/2-Enumeration/attachments/{F271F9CF-68AD-4807-B819-EC982DFCBCD7}.png)
Webroot
Redirected to a login page for Openfire Administration Console
This appears to be a clone of the other instance
/Practice/Fired/2-Enumeration/attachments/Pasted-image-20250406215457.png)
Openfire (previously known as Wildfire, and Jive Messenger) is an instant messaging (IM) and groupchat server for the Extensible Messaging and Presence Protocol (XMPP). It is written in Java and licensed under the Apache License 2.0.
Source code is available for review
Version Information
/Practice/Fired/2-Enumeration/attachments/{8F4F43B5-9A05-49E3-9B81-BA97DCDF5D5E}.png)
The version information is disclosed; 4.7.3
Vulnerabilities
/Practice/Fired/2-Enumeration/attachments/{9AFD186A-B241-43EA-84FC-BAE59EC797C2}.png)
Looking it up online for vulnerabilities reveals an authentication bypass exploit; CVE-2023-32315