Web enum of advis-marketing.cz

I've got expressed permission to try hack advis-marketing.cz

First scan

With simple nikto commands

IP 91.239.201.14

Server the target is using

OSVDB-877 (Open Source Vulnerability Database

host is vulnerable to XST - Cross-Site Tracing, a vulnerability that exploits the HTTP TRACE method to potentially steal sensitive data, including authentication data and cookies, from a web application.

some info about OSVDB-877

: https://medium.com/@tushar_rs_/cross-site-tracing-attack-xst-5aa519658b7a ???

Can't find anything too specific on osvdb-877

Second scan, same results, just wanted to output it to a file

The txt output file no longer mentions the server information

Trying Gobuster now - Directory enumeration mode

First attempt unsuccesful

It wouldn't let me procced because of 301 status code

Second attempt with this command:

gobuster dir -k -u advis-marketing.cz -t50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -b 301,403,404 -e -f --timeout 60s -o buster_advis.txt

Nmap

nmap -sC -sV -A -O -vv -p- -T5 91.239.201.14 -oN nmap_scan.txt

Metasploit on postgresqle

Tried few exploits with no success

msf6 auxiliary(scanner/postgres/postgres_hashdump)

msf6 auxiliary(scanner/postgres/postgres_version)

msf6 exploit(linux/http/acronis_cyber_infra_cve_2023_45249)

msf6 exploit(linux/http/acronis_cyber_infra_cve_2023_45249)

msf6 auxiliary(scanner/postgres/postgres_dbname_flag_injection)

msf6 auxiliary(scanner/postgres/postgres_login)

msf6 auxiliary(scanner/postgres/postgres_hashdump)

hydra

hydra -l /usr/share/wordlists/SecLists/Usernames/top-usernames-shortlist.txt -P /usr/share/wordlists/rockyou.txt ftp://91.239.201.14

only a year to complete this brute force...

huh, i cant seem to access advis-marketing.cz from the thm vm but i can access it from my own browser? Everything else seems to be working fine, just advis-marketing.cz not working. How could it be? Did it block my access from my ip lol? I've turn off hydra, nmap scans and everyting but to no avail.