simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
HTB/broscience/results/scans/tcp443/tcp_443_https_broscience.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

@@ -0,0 +1,124 @@
web18759
web3621
web18808
web18275
web18276
web18274
web3624
web3626
web18273
web3625
web3623
web18277
forum5
web18809
skunk
ckp
cybozu
fs7
kaori
hendry
fs8
violin
tomorrow
tonton
ate
kaizoku
physik
asean
germanium
sourabh
chiko
rc2
clown
telechargement
mhm
arch1
londres
ticket2
starsoft
ssltest2
s1018
irish
dip
www.pdf
www.idc
blacknight
aileen
advisortrac
vcr
sips
autodiscover.ns1
prashanth
autoconfig.ns1
danco
www.cyberspace
orgs
iprint
manualidades
n6
freaks
brook
hoop
pancake
corsair
kissmin
ns155
www.gamma
lifetime
omega2
farida
mojtaba
viki
messiah
www.firma
lifes
delight
sweetdona
kangdy777
dlfmaekdns
retireplan
wichitapre
catspre
altmusicpre
usmilitary
soapspre
dying
hartfordpre
emailpre
gojapanpre
christianitypre
paganwiccanpre
islampre
homevideopre
tattoopre
macsupport
southbayadmin
www.reklam
ip243
o1.send
ip241
skylark
sszang00
kudos
juese11
leebrkorea1
diybatr2427
sbgs221
avgood
ljhon00
realnut
hca-rc-013.shca
csg-saf-0029.csg
mvm-ri-d127123.roslin
hca-spglab-048.shca
www.memory
www.jjm
www.micronet
mvm-ri-d086122.roslin
www.las
ccem
b68
aszx
atto
sp2digital

158
HTB/broscience/results/scans/tcp443/tcp_443_https_curl.html Normal file
View File

@@ -0,0 +1,158 @@
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:50:15 GMT
Server: Apache/2.4.54 (Debian)
Set-Cookie: PHPSESSID=514ejha3mn98hdt774ba24b3ku; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
<html>
<head>
<title>BroScience : Home</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/uikit@3.15.0/dist/css/uikit.min.css" />
<script src="https://cdn.jsdelivr.net/npm/uikit@3.15.0/dist/js/uikit.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/uikit@3.15.0/dist/js/uikit-icons.min.js"></script> <link rel="stylesheet" href="styles/light.css">
</head>
<body class="uk-dark">
<nav class="uk-navbar-container uk-margin uk-navbar-transparent uk-dark">
<div class="uk-container uk-container-expand">
<div class="uk-navbar" uk-navbar>
<div class="uk-navbar-left">
<a href="/" class="uk-navbar-item uk-logo">BroScience</a>
</div>
<div class="uk-navbar-right">
<ul class="uk-navbar-nav"><li><a href="login.php">Log In</a></li></ul> </div>
</div>
</div>
</nav> <div class="uk-container uk-margin">
<!-- TODO: Search bar -->
<div class="uk-child-width-1-2@s uk-child-width-1-3@m" uk-grid> <div>
<div class="uk-card uk-card-default ">
<div class="uk-card-media-top">
<img src="includes/img.php?path=bench.png" width="600" height="600" alt="">
</div>
<div class="uk-card-body">
<a href="exercise.php?id=1" class="uk-card-title">Bench Press</a>
<p>The bench press is widely regarded as the king of all exercises, specifically in building the chest ... <a href="exercise.php?id=1">keep reading</a></p>
</div>
<div class="uk-card-footer">
<p class="uk-text-meta">Written by <a class="uk-link-text" href="user.php?id=1">administrator</a> 9 months ago</p>
</div>
</div>
</div>
<div>
<div class="uk-card uk-card-default ">
<div class="uk-card-media-top">
<img src="includes/img.php?path=barbell_squats.jpeg" width="600" height="600" alt="">
</div>
<div class="uk-card-body">
<a href="exercise.php?id=2" class="uk-card-title">Barbell Squats</a>
<p>The barbell back squat is a very popular compound movement which emphasizes building the leg muscle ... <a href="exercise.php?id=2">keep reading</a></p>
</div>
<div class="uk-card-footer">
<p class="uk-text-meta">Written by <a class="uk-link-text" href="user.php?id=2">bill</a> 1 year ago</p>
</div>
</div>
</div>
<div>
<div class="uk-card uk-card-default ">
<div class="uk-card-media-top">
<img src="includes/img.php?path=seated_rows.png" width="600" height="600" alt="">
</div>
<div class="uk-card-body">
<a href="exercise.php?id=3" class="uk-card-title">Seated Rows</a>
<p>If you want to target your lats, seated rows are a great exercise to do so. There are machines where... <a href="exercise.php?id=3">keep reading</a></p>
</div>
<div class="uk-card-footer">
<p class="uk-text-meta">Written by <a class="uk-link-text" href="user.php?id=2">bill</a> 8 months ago</p>
</div>
</div>
</div>
<div>
<div class="uk-card uk-card-default ">
<div class="uk-card-media-top">
<img src="includes/img.php?path=deadlift.png" width="600" height="600" alt="">
</div>
<div class="uk-card-body">
<a href="exercise.php?id=4" class="uk-card-title">Deadlift</a>
<p>Deadlifts are another great exercise for targeting a lot of muscle groups at the same time, with the... <a href="exercise.php?id=4">keep reading</a></p>
</div>
<div class="uk-card-footer">
<p class="uk-text-meta">Written by <a class="uk-link-text" href="user.php?id=1">administrator</a> 7 months ago</p>
</div>
</div>
</div>
<div>
<div class="uk-card uk-card-default ">
<div class="uk-card-media-top">
<img src="includes/img.php?path=tricep_extensions.jpeg" width="600" height="600" alt="">
</div>
<div class="uk-card-body">
<a href="exercise.php?id=5" class="uk-card-title">Tricep Extensions</a>
<p>Tricep extensions are a great exercise to target your triceps. Requiring only a dumbell, you can do ... <a href="exercise.php?id=5">keep reading</a></p>
</div>
<div class="uk-card-footer">
<p class="uk-text-meta">Written by <a class="uk-link-text" href="user.php?id=3">michael</a> 7 months ago</p>
</div>
</div>
</div>
<div>
<div class="uk-card uk-card-default ">
<div class="uk-card-media-top">
<img src="includes/img.php?path=dumbell_curls.jpeg" width="600" height="600" alt="">
</div>
<div class="uk-card-body">
<a href="exercise.php?id=6" class="uk-card-title">Dumbell Curls</a>
<p>Curls for the girls. Arguably the favorite exercise of many gym-goers, this is a very good exercise ... <a href="exercise.php?id=6">keep reading</a></p>
</div>
<div class="uk-card-footer">
<p class="uk-text-meta">Written by <a class="uk-link-text" href="user.php?id=4">john</a> 2 years ago</p>
</div>
</div>
</div>
<div>
<div class="uk-card uk-card-default ">
<div class="uk-card-media-top">
<img src="includes/img.php?path=reverse_butterfly.jpeg" width="600" height="600" alt="">
</div>
<div class="uk-card-body">
<a href="exercise.php?id=7" class="uk-card-title">Reverse Butterfly</a>
<p>Reverse butterfly may be done with free weights or with a machine, although I personally prefer the ... <a href="exercise.php?id=7">keep reading</a></p>
</div>
<div class="uk-card-footer">
<p class="uk-text-meta">Written by <a class="uk-link-text" href="user.php?id=1">administrator</a> 11 months ago</p>
</div>
</div>
</div>
<div>
<div class="uk-card uk-card-default ">
<div class="uk-card-media-top">
<img src="includes/img.php?path=shoulder_press.jpeg" width="600" height="600" alt="">
</div>
<div class="uk-card-body">
<a href="exercise.php?id=8" class="uk-card-title">Shoulder Press</a>
<p>Shoulder press, also known as the military press or overhead press, is a great way to build your sho... <a href="exercise.php?id=8">keep reading</a></p>
</div>
<div class="uk-card-footer">
<p class="uk-text-meta">Written by <a class="uk-link-text" href="user.php?id=3">michael</a> 10 months ago</p>
</div>
</div>
</div>
</div> </div>
</body>
</html>

82
HTB/broscience/results/scans/tcp443/tcp_443_https_feroxbuster_dirbuster.txt Normal file
View File

@@ -0,0 +1,82 @@
200 GET 29l 70w 1309c https://10.10.11.195/user.php
200 GET 1l 4w 39c https://10.10.11.195/includes/img.php
200 GET 3l 7w 44c https://10.10.11.195/styles/light.css
200 GET 42l 97w 1936c https://10.10.11.195/login.php
200 GET 28l 71w 1322c https://10.10.11.195/exercise.php
200 GET 147l 510w 0c https://10.10.11.195/
403 GET 9l 28w 278c https://10.10.11.195/.html
403 GET 9l 28w 278c https://10.10.11.195/.php
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd
403 GET 9l 28w 278c https://10.10.11.195/.htaccess
403 GET 9l 28w 278c https://10.10.11.195/.hta
403 GET 9l 28w 278c https://10.10.11.195/.hta.txt
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.txt
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.txt
403 GET 9l 28w 278c https://10.10.11.195/.hta.html
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.html
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.html
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.php
403 GET 9l 28w 278c https://10.10.11.195/.hta.php
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.php
403 GET 9l 28w 278c https://10.10.11.195/.hta.asp
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.asp
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.asp
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.aspx
403 GET 9l 28w 278c https://10.10.11.195/.hta.aspx
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.aspx
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.jsp
403 GET 9l 28w 278c https://10.10.11.195/.hta.jsp
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.jsp
200 GET 28l 66w 1256c https://10.10.11.195/activate.php
302 GET 1l 3w 13c https://10.10.11.195/comment.php => https://10.10.11.195/login.php
301 GET 9l 28w 315c https://10.10.11.195/images => https://10.10.11.195/images/
301 GET 9l 28w 317c https://10.10.11.195/includes => https://10.10.11.195/includes/
200 GET 147l 510w 0c https://10.10.11.195/index.php
301 GET 9l 28w 319c https://10.10.11.195/javascript => https://10.10.11.195/javascript/
200 GET 45l 104w 2161c https://10.10.11.195/register.php
302 GET 0l 0w 0c https://10.10.11.195/logout.php => https://10.10.11.195/index.php
301 GET 9l 28w 315c https://10.10.11.195/manual => https://10.10.11.195/manual/
403 GET 9l 28w 278c https://10.10.11.195/server-status
301 GET 9l 28w 315c https://10.10.11.195/styles => https://10.10.11.195/styles/
302 GET 1l 3w 13c https://10.10.11.195/update_user.php => https://10.10.11.195/login.php
200 GET 28l 71w 1322c https://10.10.11.195/exercise.php
200 GET 3l 7w 44c https://10.10.11.195/styles/light.css
200 GET 29l 70w 1309c https://10.10.11.195/user.php
200 GET 1l 4w 39c https://10.10.11.195/includes/img.php
200 GET 42l 97w 1936c https://10.10.11.195/login.php
200 GET 147l 510w 0c https://10.10.11.195/
403 GET 9l 28w 278c https://10.10.11.195/.html
403 GET 9l 28w 278c https://10.10.11.195/.php
403 GET 9l 28w 278c https://10.10.11.195/.hta
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd
403 GET 9l 28w 278c https://10.10.11.195/.hta.txt
403 GET 9l 28w 278c https://10.10.11.195/.htaccess
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.txt
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.txt
403 GET 9l 28w 278c https://10.10.11.195/.hta.html
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.html
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.html
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.php
403 GET 9l 28w 278c https://10.10.11.195/.hta.php
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.php
403 GET 9l 28w 278c https://10.10.11.195/.hta.asp
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.asp
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.asp
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.aspx
403 GET 9l 28w 278c https://10.10.11.195/.hta.aspx
403 GET 9l 28w 278c https://10.10.11.195/.hta.jsp
403 GET 9l 28w 278c https://10.10.11.195/.htpasswd.jsp
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.aspx
403 GET 9l 28w 278c https://10.10.11.195/.htaccess.jsp
200 GET 28l 66w 1256c https://10.10.11.195/activate.php
302 GET 1l 3w 13c https://10.10.11.195/comment.php => https://10.10.11.195/login.php
301 GET 9l 28w 315c https://10.10.11.195/images => https://10.10.11.195/images/
301 GET 9l 28w 317c https://10.10.11.195/includes => https://10.10.11.195/includes/
200 GET 147l 510w 0c https://10.10.11.195/index.php
301 GET 9l 28w 319c https://10.10.11.195/javascript => https://10.10.11.195/javascript/
200 GET 45l 104w 2161c https://10.10.11.195/register.php
302 GET 0l 0w 0c https://10.10.11.195/logout.php => https://10.10.11.195/index.php
301 GET 9l 28w 315c https://10.10.11.195/manual => https://10.10.11.195/manual/
403 GET 9l 28w 278c https://10.10.11.195/server-status
301 GET 9l 28w 315c https://10.10.11.195/styles => https://10.10.11.195/styles/
302 GET 1l 3w 13c https://10.10.11.195/update_user.php => https://10.10.11.195/login.php

220
HTB/broscience/results/scans/tcp443/tcp_443_https_nmap.txt Normal file
View File

@@ -0,0 +1,220 @@
# Nmap 7.93 scan initiated Wed Feb 1 17:50:14 2023 as: nmap -vv --reason -Pn -T4 -sV -p 443 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/broscience/results/scans/tcp443/tcp_443_https_nmap.txt -oX /home/kali/htb/broscience/results/scans/tcp443/xml/tcp_443_https_nmap.xml 10.10.11.195
Nmap scan report for broscience.htb (10.10.11.195)
Host is up, received user-set (0.030s latency).
Scanned at 2023-02-01 17:50:14 CET for 352s
PORT STATE SERVICE REASON VERSION
443/tcp open http syn-ack ttl 63 Apache httpd 2.4.54 ((Debian))
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 3072) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 4096) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange (dh 3072) of lower strength than certificate key
| Key exchange (secp256r1) of lower strength than certificate key
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 3072) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 4096) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange (dh 3072) of lower strength than certificate key
| Key exchange (secp256r1) of lower strength than certificate key
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_128_CCM (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_128_CCM_8 (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_256_CCM (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 3072) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 3072) - A
| TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (dh 3072) - A
| TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (dh 3072) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (dh 3072) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 3072) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (dh 3072) - A
| TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 3072) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 4096) - A
| TLS_RSA_WITH_AES_128_CCM (rsa 4096) - A
| TLS_RSA_WITH_AES_128_CCM_8 (rsa 4096) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 4096) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 4096) - A
| TLS_RSA_WITH_AES_256_CCM (rsa 4096) - A
| TLS_RSA_WITH_AES_256_CCM_8 (rsa 4096) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 4096) - A
| TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 4096) - A
| TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 4096) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 4096) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 4096) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange (dh 3072) of lower strength than certificate key
| Key exchange (secp256r1) of lower strength than certificate key
| TLSv1.3:
| ciphers:
| TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| cipher preference: client
|_ least strength: A
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-server-header: Apache/2.4.54 (Debian)
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-feed: Couldn't find any feeds.
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
| http-vhosts:
|_128 names had status 400
|_http-date: Wed, 01 Feb 2023 16:50:48 GMT; +1s from local time.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| ssl-cert: Subject: commonName=broscience.htb/organizationName=BroScience/countryName=AT/localityName=Vienna/emailAddress=administrator@broscience.htb
| Issuer: commonName=broscience.htb/organizationName=BroScience/countryName=AT/localityName=Vienna/emailAddress=administrator@broscience.htb
| Public Key type: rsa
| Public Key bits: 4096
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2022-07-14T19:48:36
| Not valid after: 2023-07-14T19:48:36
| MD5: 5328ddd62f3429d11d26ae8a68d86e0c
| SHA-1: 20568d0d9e4109cde5a22021fe3f349c40d8d75b
| -----BEGIN CERTIFICATE-----
| MIIF0zCCA7ugAwIBAgIUD+qpK08oB9Kng1mp3mIxnO21+s4wDQYJKoZIhvcNAQEL
| BQAweTELMAkGA1UEBhMCQVQxDzANBgNVBAcMBlZpZW5uYTETMBEGA1UECgwKQnJv
| U2NpZW5jZTEXMBUGA1UEAwwOYnJvc2NpZW5jZS5odGIxKzApBgkqhkiG9w0BCQEW
| HGFkbWluaXN0cmF0b3JAYnJvc2NpZW5jZS5odGIwHhcNMjIwNzE0MTk0ODM2WhcN
| MjMwNzE0MTk0ODM2WjB5MQswCQYDVQQGEwJBVDEPMA0GA1UEBwwGVmllbm5hMRMw
| EQYDVQQKDApCcm9TY2llbmNlMRcwFQYDVQQDDA5icm9zY2llbmNlLmh0YjErMCkG
| CSqGSIb3DQEJARYcYWRtaW5pc3RyYXRvckBicm9zY2llbmNlLmh0YjCCAiIwDQYJ
| KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKcyX2E/e8BqyRU6FoKOWoWFJo6nLHhK
| B0wNgmPrcUZ5ycizPc+6ereoFgzZmj5qI0lBW4ZZNn5m5nBcAlVxCC6qzT+vUY1N
| j8VyC0seh90AJYGXHylWOJoEl+a8UOrbirbkuvJNhwG6Eryo2enWgmSkyHHIjH2d
| mS29vmydxAJafTR04IQkbmyfhbuYMEl5aZZQCS+ZuA+5MRCWbpZg8E02O5zAWSa6
| Kc3W1DnjEFJNECY9fwiga842sR7QxQYaJN30bBQAG0DJgay6Af+7cB82czIt8aRa
| gcrkrCeBtWc6t0VXyCOAqeVSghqzYhZuAbGQaQJN/lgcVL2Zky8Jte70EGW9Lsq1
| m6o92goMCfEFKxKieD0niVtOW1v/mkuwMG7R6VRY9D6ySn9jTK0WmmBYX0V145oY
| BU8WUbhAqZAPb/vsayGmVsKaX6ruNUO0t07ZhMjO8GO1mBh507+3YRtYztwueCOL
| 7e3N5jdOWXIauGXQafo9jhuhletktmeFs5ytM5gTf0X7R+Ink2coum5TI/KVK2WQ
| Lb+oSOkgqbrVpIyr3YrpqW1NnyekPweUbC/n4/uSZv1+9QHjGJ3aQtWmf73JFCkG
| BBeirNufb4/imdX8GZpkJs35kcL32gRyfpLHF9gyEIbW9NEnX1kpg8VfCrUJOjR5
| PFedjVtw4G/bAgMBAAGjUzBRMB0GA1UdDgQWBBR8vMUiyG5QWyER5cOhk24raL+A
| WjAfBgNVHSMEGDAWgBR8vMUiyG5QWyER5cOhk24raL+AWjAPBgNVHRMBAf8EBTAD
| AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCjEIzE+EpLeuGgCY18AREB4t2xSwqiYgqC
| H+gRoSbQ64xpNrbjOLBeyB4b1FotYdquKiaiFs7P1taY7hQiyHGFk4HOJlhyBnRK
| atjKt6ZE24yWgsGikGx0D57SYTeJwhqafYRnNuqNPCvnvhO1zQjMTl03T30PvSeb
| TDfcgd3rzG72w4S/zL59Vr4kr9Js01LpjDgt2Kyd5zW4RZKHA+RdIE+ePJXZaTwj
| +Ko8QzNKwt3qDlOXAV5MiqUfKPHyg6Rzq8i5bKNMpwU1UxYGpE64T0t+IfhiOX/O
| r/dW59nLXoHTGhqwAStFCzCqu+6Jfod2wFb+9Ty5rctVIpHw2XMEKfC8DSewvCc6
| QjMMMCRc2vpkc/YHberK+VYb8eVf4GcKzq6ns341jZ0FAwNEpB6tY6eeGovOLeeO
| P5ONg9XAO8EipKj/tJhmIZ2G6GHKh1Enj7zg1DoGCMttLeaC5lMzaxAWdwUplaBm
| w/+0dzFuuJL+XlxQIrVpGpmJOmBvPq/WvzU6ZFi4UwbHkow5EVvUPvW2GmTVecpx
| Or1X3z3W5aGvj1tH2OcqY5WTcgDNoBtFc3tob8xNd7KB88DQfNbSHuFShKymwAVK
| bcb0jeUT6YRF6NEmoLu80xyrro+Ejt1fLd3WE6q4+BXvhdj62OPtt5ue2rEhycgc
| dfC1SCd82A==
|_-----END CERTIFICATE-----
|_http-mobileversion-checker: No mobile version detected.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
| http-sitemap-generator:
| Directory structure:
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_
| http-errors:
| Spidering limited to: maxpagecount=40; withinhost=broscience.htb
| Found the following error pages:
|
| Error Code: 400
|_ http://broscience.htb:443/
|_ssl-date: TLS randomness does not represent time
|_http-chrono: Request times for /; avg: 260.46ms; min: 153.74ms; max: 364.01ms
|_http-comments-displayer: Couldn't find any comments.
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-headers:
| Date: Wed, 01 Feb 2023 16:50:51 GMT
| Server: Apache/2.4.54 (Debian)
| Content-Length: 458
| Connection: close
| Content-Type: text/html; charset=iso-8859-1
|
|_ (Request type: GET)
|_http-malware-host: Host appears to be clean
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
| http-security-headers:
| Strict_Transport_Security:
|_ HSTS not configured in HTTPS Server
| http-useragent-tester:
| Status for browser useragent: 400
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-title: 400 Bad Request
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Feb 1 17:56:06 2023 -- 1 IP address (1 host up) scanned in 352.25 seconds

BIN
HTB/broscience/results/scans/tcp443/tcp_443_https_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 MiB

42
HTB/broscience/results/scans/tcp443/tcp_443_https_whatweb.txt Normal file
View File

@@ -0,0 +1,42 @@
WhatWeb report for https://10.10.11.195:443
Status : 200 OK
Title : BroScience : Home
IP : 10.10.11.195
Country : RESERVED, ZZ
Summary : Cookies[PHPSESSID], HTTPServer[Debian Linux][Apache/2.4.54 (Debian)], Script
Detected Plugins:
[ Cookies ]
Display the names of cookies in the HTTP headers. The
values are not returned to save on space.
String : PHPSESSID
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Debian Linux
String : Apache/2.4.54 (Debian) (from server string)
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
HTTP Headers:
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:50:21 GMT
Server: Apache/2.4.54 (Debian)
Set-Cookie: PHPSESSID=jqrq19g4giei6rge5n6qucmp5u; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1418
Connection: close
Content-Type: text/html; charset=UTF-8

215
HTB/broscience/results/scans/tcp443/tcp_443_sslscan.html Normal file
View File

@@ -0,0 +1,215 @@
Version: 2.0.15-static
OpenSSL 1.1.1q-dev xx XXX xxxx
Connected to 10.10.11.195
Testing SSL server 10.10.11.195 on port 443 using SNI name 10.10.11.195
SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 enabled
TLSv1.1 enabled
TLSv1.2 enabled
TLSv1.3 enabled
TLS Fallback SCSV:
Connection failed - unable to determine TLS Fallback SCSV support
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
Compression disabled
Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed
TLSv1.1 not vulnerable to heartbleed
TLSv1.0 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve 25519 DHE 253
Accepted TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve 25519 DHE 253
Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve 25519 DHE 253
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 3072 bits
Accepted TLSv1.2 256 bits ECDHE-RSA-CHACHA20-POLY1305 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits DHE-RSA-CHACHA20-POLY1305 DHE 3072 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-CCM8 DHE 3072 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-CCM DHE 3072 bits
Accepted TLSv1.2 256 bits ECDHE-ARIA256-GCM-SHA384 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits DHE-RSA-ARIA256-GCM-SHA384 DHE 3072 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 3072 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-CCM8 DHE 3072 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-CCM DHE 3072 bits
Accepted TLSv1.2 128 bits ECDHE-ARIA128-GCM-SHA256 Curve 25519 DHE 253
Accepted TLSv1.2 128 bits DHE-RSA-ARIA128-GCM-SHA256 DHE 3072 bits
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 3072 bits
Accepted TLSv1.2 256 bits ECDHE-RSA-CAMELLIA256-SHA384 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA256 DHE 3072 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve 25519 DHE 253
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 3072 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-CAMELLIA128-SHA256 Curve 25519 DHE 253
Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA256 DHE 3072 bits
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 3072 bits
Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 3072 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 3072 bits
Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 3072 bits
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-CCM8
Accepted TLSv1.2 256 bits AES256-CCM
Accepted TLSv1.2 256 bits ARIA256-GCM-SHA384
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits AES128-CCM8
Accepted TLSv1.2 128 bits AES128-CCM
Accepted TLSv1.2 128 bits ARIA128-GCM-SHA256
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 256 bits CAMELLIA256-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 128 bits CAMELLIA128-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 256 bits CAMELLIA256-SHA
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 128 bits CAMELLIA128-SHA
Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 3072 bits
Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 3072 bits
Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 3072 bits
Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 3072 bits
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 256 bits CAMELLIA256-SHA
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 128 bits CAMELLIA128-SHA
Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 3072 bits
Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 3072 bits
Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 3072 bits
Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 3072 bits
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 256 bits CAMELLIA256-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 128 bits CAMELLIA128-SHA
Server Key Exchange Group(s):
TLSv1.3 128 bits secp256r1 (NIST P-256)
TLSv1.3 192 bits secp384r1 (NIST P-384)
TLSv1.3 260 bits secp521r1 (NIST P-521)
TLSv1.3 128 bits x25519
TLSv1.3 224 bits x448
TLSv1.2 128 bits secp256r1 (NIST P-256)
TLSv1.2 192 bits secp384r1 (NIST P-384)
TLSv1.2 260 bits secp521r1 (NIST P-521)
TLSv1.2 128 bits x25519
TLSv1.2 224 bits x448
SSL Certificate:
Certificate blob:
-----BEGIN CERTIFICATE-----
MIIF0zCCA7ugAwIBAgIUD+qpK08oB9Kng1mp3mIxnO21+s4wDQYJKoZIhvcNAQEL
BQAweTELMAkGA1UEBhMCQVQxDzANBgNVBAcMBlZpZW5uYTETMBEGA1UECgwKQnJv
U2NpZW5jZTEXMBUGA1UEAwwOYnJvc2NpZW5jZS5odGIxKzApBgkqhkiG9w0BCQEW
HGFkbWluaXN0cmF0b3JAYnJvc2NpZW5jZS5odGIwHhcNMjIwNzE0MTk0ODM2WhcN
MjMwNzE0MTk0ODM2WjB5MQswCQYDVQQGEwJBVDEPMA0GA1UEBwwGVmllbm5hMRMw
EQYDVQQKDApCcm9TY2llbmNlMRcwFQYDVQQDDA5icm9zY2llbmNlLmh0YjErMCkG
CSqGSIb3DQEJARYcYWRtaW5pc3RyYXRvckBicm9zY2llbmNlLmh0YjCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKcyX2E/e8BqyRU6FoKOWoWFJo6nLHhK
B0wNgmPrcUZ5ycizPc+6ereoFgzZmj5qI0lBW4ZZNn5m5nBcAlVxCC6qzT+vUY1N
j8VyC0seh90AJYGXHylWOJoEl+a8UOrbirbkuvJNhwG6Eryo2enWgmSkyHHIjH2d
mS29vmydxAJafTR04IQkbmyfhbuYMEl5aZZQCS+ZuA+5MRCWbpZg8E02O5zAWSa6
Kc3W1DnjEFJNECY9fwiga842sR7QxQYaJN30bBQAG0DJgay6Af+7cB82czIt8aRa
gcrkrCeBtWc6t0VXyCOAqeVSghqzYhZuAbGQaQJN/lgcVL2Zky8Jte70EGW9Lsq1
m6o92goMCfEFKxKieD0niVtOW1v/mkuwMG7R6VRY9D6ySn9jTK0WmmBYX0V145oY
BU8WUbhAqZAPb/vsayGmVsKaX6ruNUO0t07ZhMjO8GO1mBh507+3YRtYztwueCOL
7e3N5jdOWXIauGXQafo9jhuhletktmeFs5ytM5gTf0X7R+Ink2coum5TI/KVK2WQ
Lb+oSOkgqbrVpIyr3YrpqW1NnyekPweUbC/n4/uSZv1+9QHjGJ3aQtWmf73JFCkG
BBeirNufb4/imdX8GZpkJs35kcL32gRyfpLHF9gyEIbW9NEnX1kpg8VfCrUJOjR5
PFedjVtw4G/bAgMBAAGjUzBRMB0GA1UdDgQWBBR8vMUiyG5QWyER5cOhk24raL+A
WjAfBgNVHSMEGDAWgBR8vMUiyG5QWyER5cOhk24raL+AWjAPBgNVHRMBAf8EBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCjEIzE+EpLeuGgCY18AREB4t2xSwqiYgqC
H+gRoSbQ64xpNrbjOLBeyB4b1FotYdquKiaiFs7P1taY7hQiyHGFk4HOJlhyBnRK
atjKt6ZE24yWgsGikGx0D57SYTeJwhqafYRnNuqNPCvnvhO1zQjMTl03T30PvSeb
TDfcgd3rzG72w4S/zL59Vr4kr9Js01LpjDgt2Kyd5zW4RZKHA+RdIE+ePJXZaTwj
+Ko8QzNKwt3qDlOXAV5MiqUfKPHyg6Rzq8i5bKNMpwU1UxYGpE64T0t+IfhiOX/O
r/dW59nLXoHTGhqwAStFCzCqu+6Jfod2wFb+9Ty5rctVIpHw2XMEKfC8DSewvCc6
QjMMMCRc2vpkc/YHberK+VYb8eVf4GcKzq6ns341jZ0FAwNEpB6tY6eeGovOLeeO
P5ONg9XAO8EipKj/tJhmIZ2G6GHKh1Enj7zg1DoGCMttLeaC5lMzaxAWdwUplaBm
w/+0dzFuuJL+XlxQIrVpGpmJOmBvPq/WvzU6ZFi4UwbHkow5EVvUPvW2GmTVecpx
Or1X3z3W5aGvj1tH2OcqY5WTcgDNoBtFc3tob8xNd7KB88DQfNbSHuFShKymwAVK
bcb0jeUT6YRF6NEmoLu80xyrro+Ejt1fLd3WE6q4+BXvhdj62OPtt5ue2rEhycgc
dfC1SCd82A==
-----END CERTIFICATE-----
Version: 2
Serial Number: 0f:ea:a9:2b:4f:28:07:d2:a7:83:59:a9:de:62:31:9c:ed:b5:fa:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=AT/L=Vienna/O=BroScience/CN=broscience.htb/emailAddress=administrator@broscience.htb
Not valid before: Jul 14 19:48:36 2022 GMT
Not valid after: Jul 14 19:48:36 2023 GMT
Subject: /C=AT/L=Vienna/O=BroScience/CN=broscience.htb/emailAddress=administrator@broscience.htb
Public Key Algorithm: NULL
RSA Public Key: (4096 bit)
RSA Public-Key: (4096 bit)
Modulus:
00:a7:32:5f:61:3f:7b:c0:6a:c9:15:3a:16:82:8e:
5a:85:85:26:8e:a7:2c:78:4a:07:4c:0d:82:63:eb:
71:46:79:c9:c8:b3:3d:cf:ba:7a:b7:a8:16:0c:d9:
9a:3e:6a:23:49:41:5b:86:59:36:7e:66:e6:70:5c:
02:55:71:08:2e:aa:cd:3f:af:51:8d:4d:8f:c5:72:
0b:4b:1e:87:dd:00:25:81:97:1f:29:56:38:9a:04:
97:e6:bc:50:ea:db:8a:b6:e4:ba:f2:4d:87:01:ba:
12:bc:a8:d9:e9:d6:82:64:a4:c8:71:c8:8c:7d:9d:
99:2d:bd:be:6c:9d:c4:02:5a:7d:34:74:e0:84:24:
6e:6c:9f:85:bb:98:30:49:79:69:96:50:09:2f:99:
b8:0f:b9:31:10:96:6e:96:60:f0:4d:36:3b:9c:c0:
59:26:ba:29:cd:d6:d4:39:e3:10:52:4d:10:26:3d:
7f:08:a0:6b:ce:36:b1:1e:d0:c5:06:1a:24:dd:f4:
6c:14:00:1b:40:c9:81:ac:ba:01:ff:bb:70:1f:36:
73:32:2d:f1:a4:5a:81:ca:e4:ac:27:81:b5:67:3a:
b7:45:57:c8:23:80:a9:e5:52:82:1a:b3:62:16:6e:
01:b1:90:69:02:4d:fe:58:1c:54:bd:99:93:2f:09:
b5:ee:f4:10:65:bd:2e:ca:b5:9b:aa:3d:da:0a:0c:
09:f1:05:2b:12:a2:78:3d:27:89:5b:4e:5b:5b:ff:
9a:4b:b0:30:6e:d1:e9:54:58:f4:3e:b2:4a:7f:63:
4c:ad:16:9a:60:58:5f:45:75:e3:9a:18:05:4f:16:
51:b8:40:a9:90:0f:6f:fb:ec:6b:21:a6:56:c2:9a:
5f:aa:ee:35:43:b4:b7:4e:d9:84:c8:ce:f0:63:b5:
98:18:79:d3:bf:b7:61:1b:58:ce:dc:2e:78:23:8b:
ed:ed:cd:e6:37:4e:59:72:1a:b8:65:d0:69:fa:3d:
8e:1b:a1:95:eb:64:b6:67:85:b3:9c:ad:33:98:13:
7f:45:fb:47:e2:27:93:67:28:ba:6e:53:23:f2:95:
2b:65:90:2d:bf:a8:48:e9:20:a9:ba:d5:a4:8c:ab:
dd:8a:e9:a9:6d:4d:9f:27:a4:3f:07:94:6c:2f:e7:
e3:fb:92:66:fd:7e:f5:01:e3:18:9d:da:42:d5:a6:
7f:bd:c9:14:29:06:04:17:a2:ac:db:9f:6f:8f:e2:
99:d5:fc:19:9a:64:26:cd:f9:91:c2:f7:da:04:72:
7e:92:c7:17:d8:32:10:86:d6:f4:d1:27:5f:59:29:
83:c5:5f:0a:b5:09:3a:34:79:3c:57:9d:8d:5b:70:
e0:6f:db
Exponent: 65537 (0x10001)
X509v3 Extensions:
X509v3 Subject Key Identifier:
7C:BC:C5:22:C8:6E:50:5B:21:11:E5:C3:A1:93:6E:2B:68:BF:80:5A
X509v3 Authority Key Identifier:
keyid:7C:BC:C5:22:C8:6E:50:5B:21:11:E5:C3:A1:93:6E:2B:68:BF:80:5A
X509v3 Basic Constraints: critical
CA:TRUE
Verify Certificate:
self signed certificate
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 4096
Subject: broscience.htb
Issuer: broscience.htb
Not valid before: Jul 14 19:48:36 2022 GMT
Not valid after: Jul 14 19:48:36 2023 GMT

506
HTB/broscience/results/scans/tcp443/xml/tcp_443_https_nmap.xml Normal file
View File

File diff suppressed because one or more lines are too long