Web
Nmap discovered a Web server on the target port 33033
The running service is unknown
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/medjed]
└─$ curl -I -X OPTIONS http://$IP:33033/
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
X-Request-Id: 46172f17-9031-415c-bfad-a9f39a523669
X-Runtime: 0.068138
Content-Length: 37264
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/medjed]
└─$ curl -I http://$IP:33033/
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
ETag: W/"bb4cb309b8f1fef787b06c86d96c5e6f"
Cache-Control: max-age=0, private, must-revalidate
Set-Cookie: _userpro_medjed_session=IL31v%2FLWM5b2BlHEled15lww29vhSppfFv5rnygp5a6xFuJlh9cmODnVB4lB8swlSBmaXekECiPo2K6lHzkfoOELsT6Vcak0C6Jy1Lv26seSJ9%2Bwom%2FW8kq7RLl4HEUyyq3SSISG0wbx0kphXM1h%2BnMYvG8VSX7w7de%2FtBKb4A87sPLz1%2FGpmi8cYzP7Kq9paUKD346FnSrlM8cSyAcQWF%2F1Tn20WPyKsO0XyTGTrcOKT68%2BWW8DUehiJZUlOiS6NVAOvp8tuC1ODWCImHRs5GLAl3K7%2FVUnBn2H8nW28A%3D%3D--eqIDmv8txG0WodMT--Kk6SoNVJKIwSt2CMqdHBkA%3D%3D; path=/; HttpOnly
X-Request-Id: ce946033-df24-4319-af77-65c0ba84d794
X-Runtime: 0.066235/Practice/Medjed/2-Enumeration/attachments/{76B5D407-6FDE-4C69-BE64-5CE552036952}.png)
Webroot
Possible username disclosure
/Practice/Medjed/2-Enumeration/attachments/{5D1B0CE1-E4D3-460F-8F61-120DBAE97833}.png)
Wappalyzer identified technologies involved
Fuzzing
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/medjed]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u http://$IP:33033/FUZZ -ic -e .html,.txt,.rb -fc 403
________________________________________________
:: Method : GET
:: URL : http://192.168.156.127:33033/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
:: Extensions : .html .txt .rb
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response status: 403
________________________________________________
500 [Status: 200, Size: 1635, Words: 289, Lines: 67, Duration: 39ms]
login [Status: 200, Size: 1523, Words: 138, Lines: 44, Duration: 440ms]
logout [Status: 302, Size: 100, Words: 5, Lines: 1, Duration: 1195ms]
:: Progress: [81912/81912] :: Job [1/1] :: 369 req/sec :: Duration: [0:02:43] :: Errors: 78021 ::
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/medjed]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt -u http://$IP:33033/FUZZ/ -ic
________________________________________________
:: Method : GET
:: URL : http://192.168.156.127:33033/FUZZ/
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
[Status: 200, Size: 3708, Words: 666, Lines: 120, Duration: 590ms]
users [Status: 200, Size: 3708, Words: 666, Lines: 120, Duration: 3601ms]
logout [Status: 302, Size: 100, Words: 5, Lines: 1, Duration: 94ms]
:: Progress: [207630/207630] :: Job [1/1] :: 286 req/sec :: Duration: [0:06:38] :: Errors: 198509 ::/login/users
/login
/Practice/Medjed/2-Enumeration/attachments/{C65C157A-15E0-4DC3-A92A-AD133256DA3B}.png)
Login page, but no credential is known at this time
Forgot Password
/Practice/Medjed/2-Enumeration/attachments/Pasted-image-20250411203207.png)
/Practice/Medjed/2-Enumeration/attachments/{09BC2C4A-7B31-4282-B4BE-176B1C7A85A1}.png)
Username enumeration appears to be possible
N/A