init htb

old htb folders

HTB/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_curl.html

@@ -0,0 +1,16 @@
+HTTP/1.1 401 Unauthorized
+Server: nginx/1.18.0 (Ubuntu)
+Date: Thu, 09 Feb 2023 12:00:54 GMT
+Content-Type: text/html
+Content-Length: 188
+Connection: keep-alive
+WWW-Authenticate: Basic realm="Restricted"
+
+<html>
+<head><title>401 Authorization Required</title></head>
+<body>
+<center><h1>401 Authorization Required</h1></center>
+<hr><center>nginx/1.18.0 (Ubuntu)</center>
+</body>
+</html>
+

HTB/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt

@@ -0,0 +1,246 @@
+# Nmap 7.93 scan initiated Thu Feb  9 13:00:54 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml store.hat-valley.htb
+Nmap scan report for store.hat-valley.htb (10.10.11.185)
+Host is up, received user-set (0.027s latency).
+rDNS record for 10.10.11.185: awkward.htb
+Scanned at 2023-02-09 13:00:55 CET for 77s
+
+Bug in http-security-headers: no string output.
+PORT   STATE SERVICE REASON         VERSION
+80/tcp open  http    syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+| http-sitemap-generator: 
+|   Directory structure:
+|   Longest directory structure:
+|     Depth: 0
+|     Dir: /
+|   Total files found (by extension):
+|_    
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+|_http-chrono: Request times for /; avg: 160.15ms; min: 155.75ms; max: 167.02ms
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-fetch: Please enter the complete path of the directory to save data in.
+| http-waf-detect: IDS/IPS/WAF detected:
+|_store.hat-valley.htb:80/?p4yl04d3=<script>alert(document.cookie)</script>
+| http-enum: 
+|   /tools_admin.php: D-Link DIR-300 (401 Unauthorized)
+|   /bsc_lan.php: D-Link DIR-300, DIR-320, DIR-615 revD (401 Unauthorized)
+|   /awstatstotals/awstatstotals.php: AWStats Totals (401 Unauthorized)
+|   /awstats/awstatstotals.php: AWStats Totals (401 Unauthorized)
+|   /awstatstotals.php: AWStats Totals (401 Unauthorized)
+|   /awstats/index.php: AWStats Totals (401 Unauthorized)
+|   /awstatstotals/index.php: AWStats Totals (401 Unauthorized)
+|   /calendar/cal_search.php: ExtCalendar (401 Unauthorized)
+|   /cal_search.php: ExtCalendar (401 Unauthorized)
+|   /a_viewusers.php: Andys PHP Knowledgebase (401 Unauthorized)
+|   /LightNEasy.php?do=login: LightNEasy (401 Unauthorized)
+|   /channel_detail.php: DzTube (401 Unauthorized)
+|   /vbseo.php: vBSEO (401 Unauthorized)
+|   /admin.php: Possible admin folder (401 Unauthorized)
+|   /admin/account.php: Possible admin folder (401 Unauthorized)
+|   /admin/index.php: Possible admin folder (401 Unauthorized)
+|   /admin/login.php: Possible admin folder (401 Unauthorized)
+|   /admin/admin.php: Possible admin folder (401 Unauthorized)
+|   /login.php: Possible admin folder (401 Unauthorized)
+|   /admin_area/admin.php: Possible admin folder (401 Unauthorized)
+|   /admin_area/login.php: Possible admin folder (401 Unauthorized)
+|   /siteadmin/login.php: Possible admin folder (401 Unauthorized)
+|   /siteadmin/index.php: Possible admin folder (401 Unauthorized)
+|   /admin_area/index.php: Possible admin folder (401 Unauthorized)
+|   /bb-admin/index.php: Possible admin folder (401 Unauthorized)
+|   /bb-admin/login.php: Possible admin folder (401 Unauthorized)
+|   /bb-admin/admin.php: Possible admin folder (401 Unauthorized)
+|   /admin/home.php: Possible admin folder (401 Unauthorized)
+|   /admin/controlpanel.php: Possible admin folder (401 Unauthorized)
+|   /admincp/login.php: Possible admin folder (401 Unauthorized)
+|   /admin/cp.php: Possible admin folder (401 Unauthorized)
+|   /cp.php: Possible admin folder (401 Unauthorized)
+|   /administrator/index.php: Possible admin folder (401 Unauthorized)
+|   /administrator/login.php: Possible admin folder (401 Unauthorized)
+|   /nsw/admin/login.php: Possible admin folder (401 Unauthorized)
+|   /webadmin/login.php: Possible admin folder (401 Unauthorized)
+|   /admin/admin_login.php: Possible admin folder (401 Unauthorized)
+|   /admin_login.php: Possible admin folder (401 Unauthorized)
+|   /administrator/account.php: Possible admin folder (401 Unauthorized)
+|   /administrator.php: Possible admin folder (401 Unauthorized)
+|   /pages/admin/admin-login.php: Possible admin folder (401 Unauthorized)
+|   /admin/admin-login.php: Possible admin folder (401 Unauthorized)
+|   /admin-login.php: Possible admin folder (401 Unauthorized)
+|   /modelsearch/login.php: Possible admin folder (401 Unauthorized)
+|   /moderator.php: Possible admin folder (401 Unauthorized)
+|   /moderator/login.php: Possible admin folder (401 Unauthorized)
+|   /moderator/admin.php: Possible admin folder (401 Unauthorized)
+|   /account.php: Possible admin folder (401 Unauthorized)
+|   /controlpanel.php: Possible admin folder (401 Unauthorized)
+|   /admincontrol.php: Possible admin folder (401 Unauthorized)
+|   /rcjakar/admin/login.php: Possible admin folder (401 Unauthorized)
+|   /webadmin.php: Possible admin folder (401 Unauthorized)
+|   /webadmin/index.php: Possible admin folder (401 Unauthorized)
+|   /webadmin/admin.php: Possible admin folder (401 Unauthorized)
+|   /adminpanel.php: Possible admin folder (401 Unauthorized)
+|   /user.php: Possible admin folder (401 Unauthorized)
+|   /panel-administracion/login.php: Possible admin folder (401 Unauthorized)
+|   /wp-login.php: Possible admin folder (401 Unauthorized)
+|   /adminLogin.php: Possible admin folder (401 Unauthorized)
+|   /admin/adminLogin.php: Possible admin folder (401 Unauthorized)
+|   /adminarea/index.php: Possible admin folder (401 Unauthorized)
+|   /adminarea/admin.php: Possible admin folder (401 Unauthorized)
+|   /adminarea/login.php: Possible admin folder (401 Unauthorized)
+|   /panel-administracion/index.php: Possible admin folder (401 Unauthorized)
+|   /panel-administracion/admin.php: Possible admin folder (401 Unauthorized)
+|   /modelsearch/index.php: Possible admin folder (401 Unauthorized)
+|   /modelsearch/admin.php: Possible admin folder (401 Unauthorized)
+|   /admincontrol/login.php: Possible admin folder (401 Unauthorized)
+|   /adm/admloginuser.php: Possible admin folder (401 Unauthorized)
+|   /admloginuser.php: Possible admin folder (401 Unauthorized)
+|   /admin2.php: Possible admin folder (401 Unauthorized)
+|   /admin2/login.php: Possible admin folder (401 Unauthorized)
+|   /admin2/index.php: Possible admin folder (401 Unauthorized)
+|   /adm/index.php: Possible admin folder (401 Unauthorized)
+|   /adm.php: Possible admin folder (401 Unauthorized)
+|   /affiliate.php: Possible admin folder (401 Unauthorized)
+|   /adm_auth.php: Possible admin folder (401 Unauthorized)
+|   /memberadmin.php: Possible admin folder (401 Unauthorized)
+|   /administratorlogin.php: Possible admin folder (401 Unauthorized)
+|   /admin1.php: Possible admin folder (401 Unauthorized)
+|   /administr8.php: Possible admin folder (401 Unauthorized)
+|   /administracao.php: Possible admin folder (401 Unauthorized)
+|   /administracion.php: Possible admin folder (401 Unauthorized)
+|   /admins.php: Possible admin folder (401 Unauthorized)
+|   /AdminLogin.php: Possible admin folder (401 Unauthorized)
+|   /atom.php: RSS or Atom feed (401 Unauthorized)
+|   /rss.php: RSS or Atom feed (401 Unauthorized)
+|   /test.php: Test page (401 Unauthorized)
+|   /log.php: Logs (401 Unauthorized)
+|   /logs.php: Logs (401 Unauthorized)
+|   /js/vendors.php: CakePHP application (401 Unauthorized)
+|   /fshow.php: Horizon Web App (401 Unauthorized)
+|   /admin/upload.php: Admin File Upload (401 Unauthorized)
+|   /upload_multiple_js.php: NAS Uploader (401 Unauthorized)
+|   /info.php: Possible information file (401 Unauthorized)
+|   /phpinfo.php: Possible information file (401 Unauthorized)
+|   /kusabax/manage_page.php: Kusabax Image Board (401 Unauthorized)
+|   /plus/lurking.php: phpMyChat Plus (401 Unauthorized)
+|   /adm/barra/assetmanager/assetmanager.php: 360 Web Manager (401 Unauthorized)
+|   /confirminvite.php: phpMyBitTorrent (401 Unauthorized)
+|   /swfupload/index.php: SWFUpload (401 Unauthorized)
+|   /mymarket/shopping/index.php: MyMarket (401 Unauthorized)
+|   /myshop_start.php: FozzCom shopping (401 Unauthorized)
+|   /upload/scp/ajax.php: osTicket / AJAX File Upload (401 Unauthorized)
+|   /fm.php: Simple File Manager (401 Unauthorized)
+|   /cal_cat.php: Calendarix (401 Unauthorized)
+|   /calendar/cal_cat.php: Calendarix (401 Unauthorized)
+|   /cal/cal_cat.php: Calendarix (401 Unauthorized)
+|   /wiki/rankings.php: Bit Weaver (401 Unauthorized)
+|   /reqdetails.php: BtiTracker (401 Unauthorized)
+|   /shared/help.php: OpenBiblio/WebBiblio Subject Gateway System (401 Unauthorized)
+|   /seti.php: PHP SETI@home (401 Unauthorized)
+|   /Base/upload.php: MassMirror Uploader (401 Unauthorized)
+|   /Base/example_1.php: MassMirror Uploader (401 Unauthorized)
+|   /tools/filemanager/skins/mobile/admin1.template.php: ispCP Omega (401 Unauthorized)
+|   /updown.php: PHP Uploader Downloader (401 Unauthorized)
+|   /engine/api/api.class.php: DatalifeEngine (401 Unauthorized)
+|   /spControl.php: IBM Proventia (401 Unauthorized)
+|   /lib/usermanagement/userInfo.php: Testlink TestManagement (401 Unauthorized)
+|   /security/xamppsecurity.php: XAMPP (401 Unauthorized)
+|   /dm-albums/dm-albums.php: DM FileManager (401 Unauthorized)
+|   /downloadFile.php: NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure (401 Unauthorized)
+|   /BackupConfig.php: NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure (401 Unauthorized)
+|   /wp-login.php: Wordpress login page. (401 Unauthorized)
+|   /wordpress/wp-login.php: Wordpress login page. (401 Unauthorized)
+|   /blog/wp-login.php: Wordpress login page. (401 Unauthorized)
+|   /administrator/wp-login.php: Wordpress login page. (401 Unauthorized)
+|   /weblog/wp-login.php: Wordpress login page. (401 Unauthorized)
+|   /wp-admin/upgrade.php: Wordpress login page. (401 Unauthorized)
+|   /cmspages.php: 2Point Solutions CMS (401 Unauthorized)
+|   /sc_webcat/ecat/cms_view.php: Webcat (401 Unauthorized)
+|   /forum_answer.php?que_id=1: Guru JustAnswer (401 Unauthorized)
+|   /templates1/view_product.php: HB ECommerce (401 Unauthorized)
+|   /escort-profile.php: First Escort Marketing CMS (401 Unauthorized)
+|   /pages/indexheader.php: Green Pants CMS (401 Unauthorized)
+|   /pages/searcher.php: Green Pants CMS (401 Unauthorized)
+|   /pages/indexviewentry.php: Green Pants CMS (401 Unauthorized)
+|   /admin/libraries/ajaxfilemanager/ajaxfilemanager.php: Log1 CMS (401 Unauthorized)
+|   /leftmenubody.php: Quicktech (401 Unauthorized)
+|   /zikula/index.php: Zikula CMS (401 Unauthorized)
+|   /system/admin/header.php: Habari Blog (401 Unauthorized)
+|   /system/admin/comments_items.php: Habari Blog (401 Unauthorized)
+|   /fckeditor/editor/filemanager/connectors/php/config.php: DM File Manager/FCKeditor File upload (401 Unauthorized)
+|   /includes/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php: PHPnuke/Remote File Download (401 Unauthorized)
+|   /admin/includes/tiny_mce/plugins/tinybrowser/upload.php: CompactCMS or B-Hind CMS/FCKeditor File upload (401 Unauthorized)
+|   /html/news_fckeditor/editor/filemanager/upload/php/upload.php: cardinalCms/FCKeditor File upload (401 Unauthorized)
+|   /uploadsnaps.php: ZeeMatri/File upload (401 Unauthorized)
+|   /upload/includes/js/files/upload.php: Digital College/File upload (401 Unauthorized)
+|   /tinybrowser/upload.php: Tinybrowser Remote File Upload (401 Unauthorized)
+|   /photogallery_open.php: Heaven Soft CMS (401 Unauthorized)
+|   /Final/login/ava_upl.php: CH-CMS (401 Unauthorized)
+|   /Final/login/ava_upl2.php: CH-CMS (401 Unauthorized)
+|   /spaw/demo.php: SpawCMS/Remote File upload (401 Unauthorized)
+|   /admin/jscript/upload.php: Lizard Cart/Remote File upload (401 Unauthorized)
+|   /infusions/avatar_studio/avatar_studio.php: PHP-Fusion Mod avatar_studio (401 Unauthorized)
+|   /bnnr.php: vBulletin ads_saed (401 Unauthorized)
+|   /vb/bnnr.php: vBulletin ads_saed (401 Unauthorized)
+|   /forum/bnnr.php: vBulletin ads_saed (401 Unauthorized)
+|   /weblink_cat_list.php: WHMCompleteSolution CMS (401 Unauthorized)
+|_  /typo3/index.php: Typo3 Installation (401 Unauthorized)
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+| http-errors: 
+| Spidering limited to: maxpagecount=40; withinhost=store.hat-valley.htb
+|   Found the following error pages: 
+|   
+|   Error Code: 416
+|_  	http://store.hat-valley.htb:80/
+|_http-feed: Couldn't find any feeds.
+|_http-malware-host: Host appears to be clean
+|_http-title: 416 Requested Range Not Satisfiable
+|_http-mobileversion-checker: No mobile version detected.
+| http-useragent-tester: 
+|   Status for browser useragent: 401
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
+|_http-server-header: nginx/1.18.0 (Ubuntu)
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-comments-displayer: Couldn't find any comments.
+|_http-referer-checker: Couldn't find any cross-domain scripts.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+| http-headers: 
+|   Server: nginx/1.18.0 (Ubuntu)
+|   Date: Thu, 09 Feb 2023 12:01:02 GMT
+|   Content-Type: text/html
+|   Content-Length: 206
+|   Connection: close
+|   Content-Range: bytes */132
+|   
+|_  (Request type: GET)
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+| http-vhosts: 
+|_128 names had status 200
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+| http-methods: 
+|_  Supported Methods: GET HEAD POST
+| http-auth: 
+| HTTP/1.1 401 Unauthorized\x0D
+|_  Basic realm=Restricted
+|_http-date: Thu, 09 Feb 2023 12:01:02 GMT; -1s from local time.
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Thu Feb  9 13:02:12 2023 -- 1 IP address (1 host up) scanned in 77.57 seconds

HTB/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_whatweb.txt

@@ -0,0 +1,41 @@
+WhatWeb report for http://store.hat-valley.htb/
+Status    : 401 Unauthorized
+Title     : 401 Authorization Required
+IP        : 10.10.11.185
+Country   : RESERVED, ZZ
+
+Summary   : HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], nginx[1.18.0], WWW-Authenticate[Restricted][Basic]
+
+Detected Plugins:
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Ubuntu Linux
+	String       : nginx/1.18.0 (Ubuntu) (from server string)
+
+[ WWW-Authenticate ]
+	This plugin identifies the WWW-Authenticate HTTP header and
+	extracts the authentication method and realm.
+
+	Module       : Basic
+	String       : Restricted
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 401 Unauthorized
+	Server: nginx/1.18.0 (Ubuntu)
+	Date: Thu, 09 Feb 2023 12:00:56 GMT
+	Content-Type: text/html
+	Content-Length: 188
+	Connection: close
+	WWW-Authenticate: Basic realm="Restricted"
+
+