Hacking Puzzle Head Scratcher


#1

I have a mysterious HTTP server listening on port 80 but 404ing every request. Any suggestions on fuzzing or bruting that can be done to discover the proper method of interacting with this server?


#2

Do you have any logs from your server? That would help ensure that your requests are hitting server. If you can also add the command you used to startup the server, that would be helpful :slight_smile:


#3

I’m interested in your mystery, is this just an IP somewhere. What I mean is, is that all you know? A server listening on port 80.


#4

do you control the server that this http daemon is listening on? or is it just out there somewhere on the internet?


#5

The answer to all three is that this is a VM running on my local hardware. Nmap shows the port open and it replies to GET/POST with 404 so something is there. But yeah, that’s all I know at this point.

The VM was shared as a challenge but asking questions to smart communities isn’t out of scope :wink:


#6

Have you checked to see if any headers or page content is also being returned?


#7

Also, perhaps, common pages like index.html, favicon.ico, robots.txt, humans.txt, etc?


#8

Nothing is being returned other than the 404


#9

I can’t find anything: dirbuster = nil /// nikto = nil


#10

Have you tried something like OWASP ZAP?

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project


#11

Thanks all for the inputs. For closure this is how it went:

  1. Find a different way into the server
  2. Loot the http server’s configs and application files
  3. Use said files to discover the proper API parameters to use in the requests

#12

Sounds like fun :smile: how did you get in?


#13

A combination of web framework vulnerability + exploitable docker config + poor user management