Investigating Websites

more at apt-secure.ca

These were notes taken from an HTB machine. The purpose of these notes on this page is to demonstrate a process, these steps can be used to analyze any website

Process:

-port scan

-discover presence of webapp

-open IP in browser

-discover URL spectra.htb

-add spectra.htb to /etc/hosts

-open up the two pages separate without trailing "index.php"

Provided website above. Not really anything too look at.


Port scan confirms that it is a webapp.

nginx 1.17.4 web serserver

-Hovering over links and viewing page source shows us where the links go.

- we need to map the URL from this file to an IP. We have the target IP now we need to add both resources to the /etc/hosts file


There is a reference to a user name "Administrator"

-remember details like this

-In one of the two links from above, there was a an index of web files.

-If there are things to read, read them

-found a blank webpage, source code had this block quote in it.