InfoSec LAB

HackSmarterSecurity_Web_80

Created: 3 min read

Web

Nmap discovered a Web server on the port 1311 of the HACKSMARTERSEC(10.10.183.209) host. The running service is Microsoft IIS httpd 10.0

┌──(kali㉿kali)-[~/archive/thm/hacksmartersecurity]
└─$ curl -I -X OPTIONS http://$IP/
HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD, POST
Server: Microsoft-IIS/10.0
Public: OPTIONS, TRACE, GET, HEAD, POST
Date: Sat, 05 Jul 2025 13:58:17 GMT
Content-Length: 0
 
 
┌──(kali㉿kali)-[~/archive/thm/hacksmartersecurity]
└─$ curl -I http://$IP/        
HTTP/1.1 200 OK
Content-Length: 3998
Content-Type: text/html
Last-Modified: Wed, 11 Oct 2023 17:10:49 GMT
Accept-Ranges: bytes
ETag: "821ebe165fcd91:0"
Server: Microsoft-IIS/10.0
Date: Sat, 05 Jul 2025 13:58:19 GMT

Webroot

/about.html Endpoint

The /about.html endpoint reveals a possible username disclosure; h4x0r

/contact.html Endpoint

The /contact.html endpoint contains a dummy form submission

Fuzzing

┌──(kali㉿kali)-[~/archive/thm/hacksmartersecurity]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u http://$IP/FUZZ -ic -e .html,.txt,.aspx
________________________________________________
 :: Method           : GET
 :: URL              : http://10.10.183.209/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
 :: Extensions       : .html .txt .aspx 
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
About.html              [Status: 200, Size: 4585, Words: 1129, Lines: 138, Duration: 37ms]
Contact.html            [Status: 200, Size: 4728, Words: 1202, Lines: 152, Duration: 37ms]
Images                  [Status: 301, Size: 151, Words: 9, Lines: 2, Duration: 35ms]
Index.html              [Status: 200, Size: 3998, Words: 948, Lines: 118, Duration: 35ms]
about.html              [Status: 200, Size: 4585, Words: 1129, Lines: 138, Duration: 37ms]
contact.html            [Status: 200, Size: 4728, Words: 1202, Lines: 152, Duration: 36ms]
css                     [Status: 301, Size: 148, Words: 9, Lines: 2, Duration: 36ms]
images                  [Status: 301, Size: 151, Words: 9, Lines: 2, Duration: 36ms]
index.html              [Status: 200, Size: 3998, Words: 948, Lines: 118, Duration: 35ms]
js                      [Status: 301, Size: 147, Words: 9, Lines: 2, Duration: 40ms]
superadmin.html         [Status: 200, Size: 14, Words: 4, Lines: 1, Duration: 37ms]
:: Progress: [81912/81912] :: Job [1/1] :: 1111 req/sec :: Duration: [0:01:24] :: Errors: 0 ::
 
 
┌──(kali㉿kali)-[~/archive/thm/hacksmartersecurity]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt -u http://$IP/FUZZ/ -ic
________________________________________________
 :: Method           : GET
 :: URL              : http://10.10.183.209/FUZZ/
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
                        [Status: 200, Size: 3998, Words: 948, Lines: 118, Duration: 38ms]
images                  [Status: 403, Size: 1233, Words: 73, Lines: 30, Duration: 36ms]
css                     [Status: 403, Size: 1233, Words: 73, Lines: 30, Duration: 36ms]
js                      [Status: 403, Size: 1233, Words: 73, Lines: 30, Duration: 35ms]
:: Progress: [207630/207630] :: Job [1/1] :: 1069 req/sec :: Duration: [0:03:33] :: Errors: 0 ::
  • /superadmin.html

/superadmin.html Endpoint

N/A

Interactive Graph View

Backlinks