Skip to main content

Fuzzing the web server

Since this is most likely the vulnerable point for many boxes, I continue by fuzzing the various endpoints using ffuf.

Fuzzing php files

~/Desktop/HTB/retired ❯ ffuf -w /opt/SecLists/Discovery/Web-Content/raft-small-words.txt -u http://10.10.11.154/FUZZ -e .php

/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/

v1.3.1
________________________________________________

:: Method : GET
:: URL : http://10.10.11.154/FUZZ
:: Wordlist : FUZZ: /opt/SecLists/Discovery/Web-Content/raft-small-words.txt
:: Extensions : .php
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405
________________________________________________

index.php [Status: 302, Size: 0, Words: 1, Lines: 1]
js [Status: 301, Size: 162, Words: 5, Lines: 8]
css [Status: 301, Size: 162, Words: 5, Lines: 8]
assets [Status: 301, Size: 162, Words: 5, Lines: 8]
. [Status: 302, Size: 0, Words: 1, Lines: 1]
:: Progress: [86006/86006] :: Job [1/1] :: 5396 req/sec :: Duration: [0:00:21] :: Errors: 0 ::

Fuzzing html files

~/Desktop/HTB/retired ❯ ffuf -w /opt/SecLists/Discovery/Web-Content/raft-small-words.txt -u http://10.10.11.154/index.php\?page\=FUZZ -e .html -fs 0

/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/

v1.3.1
________________________________________________

:: Method : GET
:: URL : http://10.10.11.154/index.php?page=FUZZ
:: Wordlist : FUZZ: /opt/SecLists/Discovery/Web-Content/raft-small-words.txt
:: Extensions : .html
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405
:: Filter : Response size: 0
________________________________________________

default.html [Status: 200, Size: 11414, Words: 4081, Lines: 189]
beta.html [Status: 200, Size: 4144, Words: 1137, Lines: 73]
:: Progress: [86006/86006] :: Job [1/1] :: 4426 req/sec :: Duration: [0:00:23] :: Errors: 0 ::

Results

Fuzzing the php sites seem to be futile. However, it seems like there is a beta.html page which could be interesting!