Web
Nmap discovered a Web server on the target port 8090
The running service is Apache Tomcat (language: en)
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/flu]
└─$ curl -I -X OPTIONS http://$IP:8090/
HTTP/1.1 200
MS-Author-Via: DAV
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Thu, 03 Apr 2025 07:56:27 GMT
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/flu]
└─$ curl -I http://$IP:8090/
HTTP/1.1 302
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Confluence-Request-Time: 1743666993703
Set-Cookie: JSESSIONID=1F8200A279A5EF14AFC15C35C4156EC5; Path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
Location: /login.action?os_destination=%2Findex.action&permissionViolation=true
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 03 Apr 2025 07:56:33 GMTThe MS-Author-Via header is present. It may be a WebDav server
302 to /login.action?os_destination=%2Findex.action&permissionViolation=true
/Practice/Flu/2-Enumeration/attachments/{735F50BC-B049-4561-9D2C-22FB45A8E5FC}.png)
Redirected to a Confluence login page
/Practice/Flu/2-Enumeration/attachments/Pasted-image-20250403100408.png)
Confluence is a web-based corporate wiki developed by Australian software company Atlassian. Atlassian wrote Confluence in the Java programming language and first published it in 2004. Confluence Standalone comes with a built-in Tomcat web server and hsql database, and also supports other databases.
/Practice/Flu/2-Enumeration/attachments/{762CCE40-F1E3-4EB2-8CFB-9B5D7941EDDF}-1.png)
Wappalyzer identified technologies involved
Version Information
/Practice/Flu/2-Enumeration/attachments/{3238F147-2A1D-4B83-B1F7-1437CFDC92A5}.png)
The version information is disclosed at the footer; 7.13.6
Vulnerabilities
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/flu]
└─$ searchsploit Confluence 7.13.6
----------------------------------------------------- ---------------------------------
Exploit Title | Path
----------------------------------------------------- ---------------------------------
Atlassian Confluence < 8.5.3 - Remote Code Execution | multiple/webapps/51904.py
----------------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No ResultsThere is a RCE exploit for Confluence 8.x, but the target Confluence instance isn’t exploitable.
/Practice/Flu/2-Enumeration/attachments/{3BD0915B-35D5-45C0-811A-5893652A8A83}.png)
Looking it up online reveals another RCE vulnerability; CVE-2022-26134