Hub (easy)

[WDavid404]

Key points:

• FuguHub 8.4 --> https://www.exploit-db.com/exploits/51550 eventhough this exploit is for v8.1 but it still work for v8.4!

[WDavid404]

PORT     STATE SERVICE  REASON         VERSION
22/tcp   open  ssh      syn-ack ttl 61 OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)

80/tcp   open  http     syn-ack ttl 61 nginx 1.18.0
|_http-title: 403 Forbidden
| http-methods: 
|_  Supported Methods: GET HEAD POST
|_http-server-header: nginx/1.18.0

8082/tcp open  http     syn-ack ttl 61 Barracuda Embedded Web Server
| http-methods: 
|   Supported Methods: OPTIONS GET HEAD PROPFIND PATCH POST PUT COPY DELETE MOVE MKCOL PROPPATCH LOCK UNLOCK
|_  Potentially risky methods: PROPFIND PATCH PUT COPY DELETE MOVE MKCOL PROPPATCH LOCK UNLOCK
|_http-server-header: BarracudaServer.com (Posix)
| http-webdav-scan: 
|   Server Date: Fri, 19 Jul 2024 15:11:09 GMT
|   WebDAV type: Unknown
|   Server Type: BarracudaServer.com (Posix)
|_  Allowed Methods: OPTIONS, GET, HEAD, PROPFIND, PATCH, POST, PUT, COPY, DELETE, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK
|_http-favicon: Unknown favicon MD5: FDF624762222B41E2767954032B6F1FF
|_http-title: Home

9999/tcp open  ssl/http syn-ack ttl 61 Barracuda Embedded Web Server
|_http-favicon: Unknown favicon MD5: FDF624762222B41E2767954032B6F1FF
| http-webdav-scan: 
|   Server Date: Fri, 19 Jul 2024 15:11:10 GMT
|   WebDAV type: Unknown
|   Server Type: BarracudaServer.com (Posix)
|_  Allowed Methods: OPTIONS, GET, HEAD, PROPFIND, PATCH, POST, PUT, COPY, DELETE, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK
| ssl-cert: Subject: commonName=FuguHub/stateOrProvinceName=California/countryName=US
| Subject Alternative Name: DNS:FuguHub, DNS:FuguHub.local, DNS:localhost
| Issuer: commonName=Real Time Logic Root CA/organizationName=Real Time Logic 

Barracuda Embedded Web Server ---> https://www.exploit-db.com/exploits/40177 ?

Access 8082 web page ---> http://192.168.218.25:8082/Config-Wizard/wizard/SetAdmin.lsp

Register a new account called "admin" --> succeeded. Go to "Web-server-file" tab page and then "/fs"

/about page --> FuguHub 8.4 --> No exploit info for v8.4 (But found https://www.exploit-db.com/exploits/51550 --> for v8.1)

Upload a php file --> succeed. --> but don't find a way to call this file

In the end, try to use https://www.exploit-db.com/exploits/51550 (Edit 51550.py : https://{url}:443 --> http://{url}:8082, https://{url}:443/fs/cmsdocs/ --> http://{url}:8082/fs/)