YearOfTheOwl_Web_80

Web

---

Nmap discovered a Web server on the target port 80 The running service is Apache httpd 2.4.46

┌──(kali㉿kali)-[~/archive/thm/yearoftheowl]
└─$ curl -I http://$IP/                                     
HTTP/1.1 200 OK
Date: Mon, 09 Sep 2024 14:26:24 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.4.10
X-Powered-By: PHP/7.4.10
Content-Type: text/html; charset=UTF-8

Webroot It would appear to be identical to the web server on the target port 443

Fuzzing

---

┌──(kali㉿kali)-[~/archive/thm/yearoftheowl]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -t 200 -u http://$IP/FUZZ -ic
________________________________________________
 :: Method           : GET
 :: URL              : http://10.10.150.245/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 200
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
.htaccess               [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 55ms]
.htpasswd               [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 52ms]
cgi-bin/                [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 43ms]
com3                    [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 48ms]
com4                    [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 49ms]
com1                    [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 49ms]
com2                    [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 48ms]
con                     [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 45ms]
aux                     [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 1183ms]
licenses                [Status: 403, Size: 422, Words: 37, Lines: 12, Duration: 45ms]
lpt2                    [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 55ms]
lpt1                    [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 55ms]
nul                     [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 109ms]
phpmyadmin              [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 49ms]
prn                     [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 45ms]
server-status           [Status: 403, Size: 422, Words: 37, Lines: 12, Duration: 40ms]
server-info             [Status: 403, Size: 422, Words: 37, Lines: 12, Duration: 40ms]
webalizer               [Status: 403, Size: 303, Words: 22, Lines: 10, Duration: 33ms]
:: Progress: [20476/20476] :: Job [1/1] :: 2518 req/sec :: Duration: [0:00:09] :: Errors: 0 ::

N/A

Virtual Host / Sub-domain Discovery

---

┌──(kali㉿kali)-[~/archive/thm/yearoftheowl]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://$IP/ -H 'Host: FUZZ.year-of-the-owl' -ic -mc all -fs 252
________________________________________________
 :: Method           : GET
 :: URL              : http://10.10.150.245/
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
 :: Header           : Host: FUZZ.year-of-the-owl
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: all
 :: Filter           : Response size: 252
________________________________________________
:: Progress: [114437/114437] :: Job [1/1] :: 245 req/sec :: Duration: [0:05:20] :: Errors: 0 ::

N/A