Forum Discussion

Bronze III

1 month ago

Solved

Apache Header Tampering

Can someone point me to the right track? On this one, I found the hidden directory, used an X-Forwarded-For: to see into that directory where scanning for files showed a lot of 404s, with just a few ...

immersive labs

offensive cyber

ArthurDent
29 days ago
Finally solved it. The main fuzzing filelists in /usr/share/seclists/Discovery/Web-Content do not have a specific filename that is used to prevent web crawlers from entering directories. Once you identify that, everything else should be easy.

SamDickison

Community Manager

1 month ago

Hopefully someone here knows. All I have is "try focussing on specific HTTP methods other than restricted ones like POST and GET"

ArthurDent
Bronze III
29 days ago
Finally solved it. The main fuzzing filelists in /usr/share/seclists/Discovery/Web-Content do not have a specific filename that is used to prevent web crawlers from entering directories. Once you identify that, everything else should be easy.

Forum Discussion

Apache Header Tampering

Featured Places

Help

Related Content

CVE-2022-33891 (Apache Spark) – Defensive Question 4

CVE-2022-33891 (Apache Spark) – Defensive Question 8

Re: Letter to Santa Entry access?

Re: Foundational Static Analysis: API Analysis step 10

Introduction to Metasploit: Ep.9 – Demonstrate Your Skills

Recent Discussions

Error in lab in SVMs Behavior Detection

Advanced CTF Challenge: Inner Maze

Malicious Document Analysis: Dropper Analysis

Healthcare Compliance

Microsoft Sentinel SOAR: Demonstrate Your Skills