Objective: Find the API key in the hidden admin directory discovered on the target system.

During the assessment, we identified the target host as web1337.inlanefreight.htb. Our next step was to use ffuf to enumerate directories and uncover hidden content.

Step 1: Directory Enumeration

We started by enumerating directories on the target host using the following ffuf command:

ffuf -recursion -recursion-depth 1 -u http://web1337.inlanefreight.htb:38902/FUZZ -w /opt/useful/seclists/Discovery/Web-Content/common.txt

This revealed several files, including index.html and robots.txt.

Step 2: Analyzing robots.txt

We then used curl to view the contents of robots.txt:

curl -I http://web1337.inlanefreight.htb:38902/robots.txt

The file was accessible, and the response headers confirmed its presence:

HTTP/1.1 200 OK
Server: nginx/1.26.1

Step 3: Discovering the Hidden Admin Directory

Further analysis led us to a hidden admin directory, /admin_h1dd3n. We verified its existence with the following command:

curl -I http://web1337.inlanefreight.htb:38902/admin_h1dd3n

The server returned a 301 Moved Permanently status, redirecting us to /admin_h1dd3n/.

Step 4: Enumerating the Hidden Directory

To dig deeper, we enumerated the hidden directory using ffuf:

ffuf -recursion -recursion-depth 1 -u http://web1337.inlanefreight.htb:38902/admin_h1dd3n/FUZZ -w /opt/useful/seclists/Discovery/Web-Content/common.txt

Step 5: Downloading and Analyzing index.html

We found an index.html file in the hidden directory and downloaded it using wget:

wget http://web1337.inlanefreight.htb:38902/admin_h1dd3n/index.html

The file was successfully saved, and we proceeded to read its contents:

cat index.html

Alternatively, you can open it in a browser to view the page content.

Conclusion

After analyzing the file, we found the API key for the admin in the hidden directory!

Great job! The API key was successfully discovered.
Information Gathering - Web Edition module Badge

Subscribe for getting extra cubes !
Happy hacking!