Tag: Writeup

January 9, 2021 / / Infosec


As usual, recon starts with nmap across all ports:

# Nmap 7.80 scan initiated Mon Sep 28 20:01:12 2020 as: nmap -p- -T4 -A -oN nmap_full.log
Nmap scan report for
Host is up (0.070s latency).
Not shown: 65533 filtered ports
7680/tcp open  pando-pub?
8080/tcp open  http       Apache httpd 2.4.43 ((Win64) OpenSSL/1.1.1g PHP/7.4.6)
|_http-open-proxy: Proxy might be redirecting requests
|_http-server-header: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.6
|_http-title: mrb3n's Bro Hut
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2008|7 (85%)

We can see there is a HTTP server on 8080, and an unusual service on 7680. The page itself looks simple enough:

While exploring the page, we initiate a gobuster run on the website. There are quite a few entries which get returned, including an /ex folder which appears to contain an older, somewhat broken version of the website.