InfoSec LAB

BBScute_Web_88

Created: 2 min read

Web

Nmap discovered a Web server on the target port 88 The running service is unknown at this time

┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/bbscute]
└─$ nc -nv $IP 88
(UNKNOWN) [192.168.239.128] 88 (kerberos) open
 
 
HTTP/1.1 400 Bad Request
Server: nginx/1.14.2
Date: Tue, 29 Apr 2025 12:23:08 GMT
Content-Type: text/html
Content-Length: 173
Connection: close
 
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
 
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/bbscute]
└─$ curl -I http://$IP:88/        
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Tue, 29 Apr 2025 12:24:00 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
 
 
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/bbscute]
└─$ curl -k -I http://$IP:88/
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Tue, 29 Apr 2025 12:24:03 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

It initially appeared to a KDC because it runs on the port 88 by default but it appears to be a web server powered by nginx/1.14.2

Fuzzing

┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/bbscute]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u http://$IP:88/FUZZ -ic -e .html,.txt,.php -fc 403
________________________________________________
 :: Method           : GET
 :: URL              : http://192.168.239.128:88/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
 :: Extensions       : .html .txt .php 
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
 :: Filter           : Response status: 403
________________________________________________
:: Progress: [81912/81912] :: Job [1/1] :: 1980 req/sec :: Duration: [0:00:50] :: Errors: 0 ::
 
 
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/bbscute]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt -u http://$IP:88/FUZZ/ -ic -fc 403
________________________________________________
 :: Method           : GET
 :: URL              : http://192.168.239.128:88/FUZZ/
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
 :: Filter           : Response status: 403
________________________________________________
:: Progress: [207630/207630] :: Job [1/1] :: 1923 req/sec :: Duration: [0:01:51] :: Errors: 0 ::

Interactive Graph View

Backlinks