InfoSec LAB

Ochima_Web_8338

Created: 2 min read

Web

Nmap discovered a Web server on the target port 8338 The running service is Python http.server 3.5 - 3.10

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/ochima]
└─$ curl -I -X OPTIONS http://$IP:8338/
HTTP/1.0 501 Unsupported method ('OPTIONS')
Server: Maltrail/0.52
Date: Sun, 06 Apr 2025 17:31:08 GMT
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 500
 
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/ochima]
└─$ curl -I http://$IP:8338/       
HTTP/1.0 501 Unsupported method ('HEAD')
Server: Maltrail/0.52
Date: Sun, 06 Apr 2025 17:31:10 GMT
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 497

Webroot It’s a Maltrail instance

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. hXXp://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware). Source code is available for review

Default Credential

Successfully authenticated with the default credential

Version Information

The version information is disclosed at the footer

Vulnerabilities

Looking it up online for vulnerabilities reveal a RCE exploit targeting Maltrail < 0.54

Interactive Graph View

Backlinks