InfoSec LAB

Blueprint_Web_8080

Created: 2 min read

Web

Nmap discovered a Web server on the port 8080 of the BLUEPRINT(10.10.136.191) host. The running service is Apache httpd 2.4.23 (OpenSSL/1.0.2h PHP/5.6.28)

┌──(kali㉿kali)-[~/archive/thm]
└─$ curl -I -X OPTIONS http://$IP:8080/            
HTTP/1.1 200 OK
Date: Sat, 05 Jul 2025 10:01:03 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/5.6.28
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 0
Content-Type: httpd/unix-directory
 
 
┌──(kali㉿kali)-[~/archive/thm]
└─$ curl -I http://$IP:8080/       
HTTP/1.1 200 OK
Date: Sat, 05 Jul 2025 10:01:06 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/5.6.28
Content-Type: text/html;charset=UTF-8

Webroot Directory listing is enabled.

  • /oscommerce-2.3.4/

This appears to be mirroring the other web server on the port 443. Continuing on the other web server on the port 443.

Fuzzing

┌──(kali㉿kali)-[~/archive/thm/blueprint]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u http://$IP:8080/FUZZ -ic -e .html,.txt,.asp -fs 1046
________________________________________________
 :: Method           : GET
 :: URL              : http://10.10.136.191:8080/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
 :: Extensions       : .html .txt .asp 
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
 :: Filter           : Response size: 1046
________________________________________________
cgi-bin/                [Status: 403, Size: 1060, Words: 103, Lines: 43, Duration: 46ms]
licenses                [Status: 403, Size: 1205, Words: 127, Lines: 46, Duration: 66ms]
phpmyadmin              [Status: 403, Size: 1205, Words: 127, Lines: 46, Duration: 1914ms]
server-status           [Status: 200, Size: 16395, Words: 470, Lines: 278, Duration: 52ms]
server-info             [Status: 200, Size: 99771, Words: 6161, Lines: 1148, Duration: 49ms]
:: Progress: [81912/81912] :: Job [1/1] :: 431 req/sec :: Duration: [0:03:24] :: Errors: 0 ::
  • /server-status
  • /server-info

Those are not supposed to be accessible from outside as they could leak sensitive information.

/server-status

/server-info

Interactive Graph View

Backlinks