Recon
As usual, recon starts with nmap across all ports:
# Nmap 7.80 scan initiated Mon Sep 28 20:01:12 2020 as: nmap -p- -T4 -A -oN nmap_full.log 10.10.10.198 Nmap scan report for 10.10.10.198 Host is up (0.070s latency). Not shown: 65533 filtered ports PORT STATE SERVICE VERSION 7680/tcp open pando-pub? 8080/tcp open http Apache httpd 2.4.43 ((Win64) OpenSSL/1.1.1g PHP/7.4.6) |_http-open-proxy: Proxy might be redirecting requests |_http-server-header: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.6 |_http-title: mrb3n's Bro Hut Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): Microsoft Windows 2008|7 (85%)
We can see there is a HTTP server on 8080, and an unusual service on 7680. The page itself looks simple enough:
While exploring the page, we initiate a gobuster
run on the website. There are quite a few entries which get returned, including an /ex
folder which appears to contain an older, somewhat broken version of the website.