Web
Nmap discovered a Web server on the target port 443
The running service is Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1g PHP/7.3.23)
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hepet]
└─$ curl -I -k https://$IP/
HTTP/1.1 200 OK
Date: Tue, 04 Mar 2025 13:23:26 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.3.23
Last-Modified: Tue, 20 Oct 2020 20:34:20 GMT
ETag: "32e8-5b22027cd0b00"
Accept-Ranges: bytes
Content-Length: 13032
Content-Type: text/html/Practice/Hepet/2-Enumeration/attachments/{BCFE15FB-386A-40DE-B144-0BA5D898C933}.png)
Webroot
/Practice/Hepet/2-Enumeration/attachments/{D1C9A3B4-D6DD-47AE-B96A-13A0EA386B53}.png)
It appears to be a static page
/Practice/Hepet/2-Enumeration/attachments/{B1DD7A65-90AB-478B-9805-A090CF14EB91}.png)
/Practice/Hepet/2-Enumeration/attachments/Pasted-image-20250304142642.png)
The The Team section contains 6 users
5 of those users have been confirmed via enumerating the finger service.
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hepet]
└─$ echo 'ela' | nc -nv $IP 79
(UNKNOWN) [192.168.159.140] 79 (finger) open
ela is not known at this site.The ela user has been additionally confirmed through the finger service
CLEARTEXT Password
/Practice/Hepet/2-Enumeration/attachments/{3358008C-B714-48AE-9EDB-8365CAF34478}.png)
Looking back at the The Team section, SicMundusCreatusEst doesn’t look like a job title
Fuzzing
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hepet]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -u https://$IP/FUZZ -ic -fc 403 -e .php
________________________________________________
:: Method : GET
:: URL : https://192.168.159.140/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
:: Extensions : .php
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response status: 403
________________________________________________
[Status: 200, Size: 13032, Words: 2587, Lines: 342, Duration: 31ms]
team [Status: 301, Size: 344, Words: 22, Lines: 10, Duration: 19ms]
fonts [Status: 301, Size: 345, Words: 22, Lines: 10, Duration: 21ms]
Fonts [Status: 301, Size: 345, Words: 22, Lines: 10, Duration: 18ms]
Team [Status: 301, Size: 344, Words: 22, Lines: 10, Duration: 21ms]
:: Progress: [441092/441092] :: Job [1/1] :: 1980 req/sec :: Duration: [0:04:03] :: Errors: 0 ::N/A