Recon

• Target : 192.168.0.153

simple network map scan:

nmap -sS -sV -T5 192.168.0.153 -p-

Notes:

• Open ports 80, 22
• Versions : nginx 1.24.0 , OpenSSH 9.6p1

Adding the misstep.nyx to /etc/hosts

Starting with a simple Fuzzing on the target :

feroxbuster -u <http://misstep.nyx> 
-w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt  
--filter-status 404 --scan-dir-listings 

After a simple Fuzzing we found a /admin with 403 Forbidden status code :

curl <http://misstep.nyx/admin>                                                                                           
Forbidden