Objective: Find the API key in the hidden admin directory discovered on the target system.
During the assessment, we identified the target host as web1337.inlanefreight.htb. Our next step was to use ffuf to enumerate directories and uncover hidden content.
Step 1: Directory Enumeration
We started by enumerating directories on the target host using the following ffuf command:
ffuf -recursion -recursion-depth 1 -u http://web1337.inlanefreight.htb:38902/FUZZ -w /opt/useful/seclists/Discovery/Web-Content/common.txt
This revealed several files, including index.html and robots.txt.
Step 2: Analyzing robots.txt
We then used curl to view the contents of robots.txt:
curl -I http://web1337.inlanefreight.htb:38902/robots.txt
The file was accessible, and the response headers confirmed its presence:
HTTP/1.1 200 OK
Server: nginx/1.26.1
Step 3: Discovering the Hidden Admin Directory
Further analysis led us to a hidden admin directory, /admin_h1dd3n. We verified its existence with the following command:
curl -I http://web1337.inlanefreight.htb:38902/admin_h1dd3n
The server returned a 301 Moved Permanently status, redirecting us to /admin_h1dd3n/.
Step 4: Enumerating the Hidden Directory
To dig deeper, we enumerated the hidden directory using ffuf:
ffuf -recursion -recursion-depth 1 -u http://web1337.inlanefreight.htb:38902/admin_h1dd3n/FUZZ -w /opt/useful/seclists/Discovery/Web-Content/common.txt
Step 5: Downloading and Analyzing index.html
We found an index.html file in the hidden directory and downloaded it using wget:
wget http://web1337.inlanefreight.htb:38902/admin_h1dd3n/index.html
The file was successfully saved, and we proceeded to read its contents:
cat index.html
Alternatively, you can open it in a browser to view the page content.
Conclusion
After analyzing the file, we found the API key for the admin in the hidden directory!
Great job! The API key was successfully discovered.
Information Gathering - Web Edition module Badge
Subscribe for getting extra cubes !
Happy hacking!
Top comments (0)