Web
Nmap discovered a Web server on the target port 80
The running service is nginx 1.18.0
┌──(kali㉿kali)-[~/archive/thm/b3dr0ck/CVE-2024-6387_Check]
└─$ curl -i http://$IP/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 11 Jul 2024 12:13:14 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://10.10.99.145:4040/
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>The webroot points to the other web server at https://10.10.99.145:4040/
Fuzzing
┌──(kali㉿kali)-[~/archive/thm/b3dr0ck/CVE-2024-6387_Check]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -t 200 -u http://$IP/FUZZ -ic -fc 301
________________________________________________
:: Method : GET
:: URL : http://10.10.99.145/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 200
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response status: 301
________________________________________________
:: Progress: [1273820/1273820] :: Job [1/1] :: 4854 req/sec :: Duration: [0:06:31] :: Errors: 36 ::
┌──(kali㉿kali)-[~/archive/thm/b3dr0ck/CVE-2024-6387_Check]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -t 200 -u http://$IP/FUZZ -ic -fc 301
________________________________________________
:: Method : GET
:: URL : http://10.10.99.145/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 200
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response status: 301
________________________________________________
:: Progress: [20476/20476] :: Job [1/1] :: 2057 req/sec :: Duration: [0:00:08] :: Errors: 0 ::Nothing found