DEV Community

maz4l
maz4l

Posted on

HTB Academy:Information Gathering - Web Edition (Updated).Skills Assessment. Part III.

Objective: Find the API key in the hidden admin directory discovered on the target system.

Image description

During the assessment, we identified the target host as web1337.inlanefreight.htb. Our next step was to use ffuf to enumerate directories and uncover hidden content.

Step 1: Directory Enumeration

We started by enumerating directories on the target host using the following ffuf command:

ffuf -recursion -recursion-depth 1 -u http://web1337.inlanefreight.htb:38902/FUZZ -w /opt/useful/seclists/Discovery/Web-Content/common.txt
Enter fullscreen mode Exit fullscreen mode

This revealed several files, including index.html and robots.txt.

Step 2: Analyzing robots.txt

We then used curl to view the contents of robots.txt:

curl -I http://web1337.inlanefreight.htb:38902/robots.txt
Enter fullscreen mode Exit fullscreen mode

The file was accessible, and the response headers confirmed its presence:

HTTP/1.1 200 OK
Server: nginx/1.26.1
Enter fullscreen mode Exit fullscreen mode

Step 3: Discovering the Hidden Admin Directory

Further analysis led us to a hidden admin directory, /admin_h1dd3n. We verified its existence with the following command:

curl -I http://web1337.inlanefreight.htb:38902/admin_h1dd3n
Enter fullscreen mode Exit fullscreen mode

The server returned a 301 Moved Permanently status, redirecting us to /admin_h1dd3n/.

Step 4: Enumerating the Hidden Directory

To dig deeper, we enumerated the hidden directory using ffuf:

ffuf -recursion -recursion-depth 1 -u http://web1337.inlanefreight.htb:38902/admin_h1dd3n/FUZZ -w /opt/useful/seclists/Discovery/Web-Content/common.txt
Enter fullscreen mode Exit fullscreen mode

Step 5: Downloading and Analyzing index.html

We found an index.html file in the hidden directory and downloaded it using wget:

wget http://web1337.inlanefreight.htb:38902/admin_h1dd3n/index.html
Enter fullscreen mode Exit fullscreen mode

The file was successfully saved, and we proceeded to read its contents:

cat index.html
Enter fullscreen mode Exit fullscreen mode

Alternatively, you can open it in a browser to view the page content.

Conclusion

After analyzing the file, we found the API key for the admin in the hidden directory!

Great job! The API key was successfully discovered.
Information Gathering - Web Edition module Badge
Image description

Subscribe for getting extra cubes !
Happy hacking!

Top comments (0)