A Report by HackHive
It all started from a simple Nmap scan.
What Happened:
While using Nmap, we accidentally scanned a local computer on our LAN. This scan showed several open ports that exposed sensitive information. This info could be used to gain unauthorized access to Nginx UI,, posing a serious risk of server-side takeover.
What We Did:
We started by scanning our local IP range (xxx.xxx.xxx.1 to xxx.xxx.xxx.254) with Nmap to find active devices and open ports. This scan revealed several IPs with open ports, meaning there were active devices within the range. This gave us a starting point to dig deeper into any potential security issues.
Nmap Scan for IP Range x.x.x.1–254: The scan showed that IP address xxx.xxx.xxx.156 had several open ports, indicating active services on that device. The Nmap scan results (attached) provide specifics on these open ports and services. Open ports can be gateways for unauthorized access, so we needed to look closely at the services running on this IP to identify and fix any vulnerabilities.
Scanning the Specific Target IP: We looked closer at the open ports on IP xxx.xxx.xxx.156 and found that port 8080 was active, which is commonly used for web servers. When we accessed this port, we found an Nginx server interface. This is a big deal because if an unauthorized user gets to this interface, they could control the web server. This means we need to lock down access to this Nginx server to ensure only authorized people can get in.
What We Found:
By exploiting the Nginx server configuration, we managed to take over the entire server, including the ability to add or remove subdomains. This security hole could let unauthorized users mess with server settings, leading to data breaches, service interruptions, and unauthorized access to sensitive info.
When we checked further, we found that port 3000 on IP xxx.xxx.xxx.156 was open, leading us to a Node.js Express framework page. This page had detailed source code documentation with admin passwords. This is a huge security risk because these passwords could give someone elevated access to various network resources.
OUR NEW COMMUNITY!!!
HackHive, our newly formed community dedicated to knowledge sharing and exploring the world of cybersecurity. As a collective of passionate and curious individuals, we aim to delve into real-world targets, uncover vulnerabilities, and most importantly share our learnings with others.
HackHive is committed to fostering a collaborative environment where members can share knowledge, create CTFs, build tools, and techniques to strengthen security postures.
HAPPY LEARNING…