simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
HTB/investigation/results/scans/_commands.log Normal file
View File

@@ -0,0 +1,24 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/investigation/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/investigation/results/scans/xml/_quick_tcp_nmap.xml" 10.129.138.192
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/investigation/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/investigation/results/scans/xml/_full_tcp_nmap.xml" 10.129.138.192
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.129.138.192
feroxbuster -u http://10.129.138.192:80/ -t 10 -w /home/kali/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://10.129.138.192:80/.well-known/security.txt
curl -sSikf http://10.129.138.192:80/robots.txt
curl -sSik http://10.129.138.192:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.138.192
curl -sk -o /dev/null -H "Host: dRiuOofNKwDBuLCUALwW.eforenzics.htb" http://eforenzics.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://10.129.138.192:80 2>&1
wkhtmltoimage --format png http://10.129.138.192:80/ /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://eforenzics.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.eforenzics.htb" -fs 331 -noninteractive -s | tee "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_eforenzics.htb_vhosts_subdomains-top1million-110000.txt"

24
HTB/investigation/results/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,24 @@
# Nmap 7.93 scan initiated Mon Jan 23 02:12:45 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/investigation/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_full_tcp_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.061s latency).
Scanned at 2023-01-23 02:12:45 EST for 27s
Not shown: 65533 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=
| 256 274520add2faa73a8373d97c79abf30b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=
| 256 4245eb916e21020617b2748bc5834fe0 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S
80/tcp open http syn-ack Apache httpd 2.4.41
|_http-title: eForenzics - Premier Digital Forensics
| http-methods:
|_ Supported Methods: GET HEAD POST
|_http-server-header: Apache/2.4.41 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:13:12 2023 -- 1 IP address (1 host up) scanned in 27.57 seconds

32
HTB/investigation/results/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,32 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.129.138.192
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.129.138.192
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://10.129.138.192:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.129.138.192/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.129.138.192 -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.129.138.192/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.129.138.192 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://10.129.138.192:80 2>&1 | tee "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://10.129.138.192:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_wpscan.txt"

2
HTB/investigation/results/scans/_patterns.log Normal file
View File

@@ -0,0 +1,2 @@
Identified HTTP Server: Apache/2.4.41 (Ubuntu)

24
HTB/investigation/results/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,24 @@
# Nmap 7.93 scan initiated Mon Jan 23 02:12:45 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/investigation/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_quick_tcp_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.031s latency).
Scanned at 2023-01-23 02:12:45 EST for 9s
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=
| 256 274520add2faa73a8373d97c79abf30b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=
| 256 4245eb916e21020617b2748bc5834fe0 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S
80/tcp open http syn-ack Apache httpd 2.4.41
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: eForenzics - Premier Digital Forensics
| http-methods:
|_ Supported Methods: GET HEAD POST
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:12:54 2023 -- 1 IP address (1 host up) scanned in 9.62 seconds

62
HTB/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,62 @@
# Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.027s latency).
Scanned at 2023-01-23 02:12:55 EST for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=
| 256 274520add2faa73a8373d97c79abf30b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=
| 256 4245eb916e21020617b2748bc5834fe0 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S
| ssh2-enum-algos:
| kex_algorithms: (9)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
|_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:12:57 2023 -- 1 IP address (1 host up) scanned in 2.89 seconds

100
HTB/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,100 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.138.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.138.192" start="1674457975" startstr="Mon Jan 23 02:12:55 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="Connect Scan" time="1674457975"/>
<taskend task="Connect Scan" time="1674457975" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674457976"/>
<taskend task="Service scan" time="1674457976" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674457976"/>
<taskend task="NSE" time="1674457977"/>
<taskbegin task="NSE" time="1674457977"/>
<taskend task="NSE" time="1674457977"/>
<host starttime="1674457975" endtime="1674457977"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.138.192" addrtype="ipv4"/>
<hostnames>
<hostname name="eforenzics.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=&#xa; 256 274520add2faa73a8373d97c79abf30b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=&#xa; 256 4245eb916e21020617b2748bc5834fe0 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S"><table>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=</elem>
<elem key="type">ssh-rsa</elem>
<elem key="bits">3072</elem>
<elem key="fingerprint">2f1e6306aa6ebbcc0d19d4152674c6d9</elem>
</table>
<table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">274520add2faa73a8373d97c79abf30b</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">4245eb916e21020617b2748bc5834fe0</elem>
</table>
</script><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (9)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (5)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ssh-rsa&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ssh-rsa</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script><script id="banner" output="SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5"/><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script></port>
</ports>
<times srtt="26852" rttvar="26852" to="134260"/>
</host>
<taskbegin task="NSE" time="1674457977"/>
<taskend task="NSE" time="1674457977"/>
<taskbegin task="NSE" time="1674457977"/>
<taskend task="NSE" time="1674457977"/>
<runstats><finished time="1674457977" timestr="Mon Jan 23 02:12:57 2023" summary="Nmap done at Mon Jan 23 02:12:57 2023; 1 IP address (1 host up) scanned in 2.89 seconds" elapsed="2.89" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

16
HTB/investigation/results/scans/tcp80/tcp_80_http_curl-robots.txt Normal file
View File

@@ -0,0 +1,16 @@
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Jan 2023 07:12:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: http://eforenzics.htb/robots.txt
Content-Length: 320
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://eforenzics.htb/robots.txt">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at 10.129.138.192 Port 80</address>
</body></html>

17
HTB/investigation/results/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,17 @@
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Jan 2023 07:12:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: http://eforenzics.htb/
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://eforenzics.htb/">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at 10.129.138.192 Port 80</address>
</body></html>

113006
HTB/investigation/results/scans/tcp80/tcp_80_http_eforenzics.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

File diff suppressed because it is too large Load Diff

129048
HTB/investigation/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt Normal file
View File

File diff suppressed because it is too large Load Diff

16
HTB/investigation/results/scans/tcp80/tcp_80_http_known-security.txt Normal file
View File

@@ -0,0 +1,16 @@
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Jan 2023 07:12:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: http://eforenzics.htb/.well-known/security.txt
Content-Length: 334
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://eforenzics.htb/.well-known/security.txt">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at 10.129.138.192 Port 80</address>
</body></html>

215
HTB/investigation/results/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,215 @@
# Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.026s latency).
Scanned at 2023-01-23 02:12:55 EST for 173s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack Apache httpd 2.4.41
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb
| Found the following possible CSRF vulnerabilities:
|
| Path: http://eforenzics.htb:80/service.html
| Form id:
|_ Form action: upload.php
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-chrono: Request times for /; avg: 160.74ms; min: 150.93ms; max: 169.60ms
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-errors: Couldn't find any error pages.
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_ Other: 1
|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
| http-fileupload-exploiter:
|
| Couldn't find a file-type field.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
|_ Failed to upload and execute a payload.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-vhosts:
| squid.htb
|_127 names had status 301
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-title: eForenzics - Premier Digital Forensics
| http-comments-displayer:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11390
| Comment:
| /* Page Navbar*/
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11356
| Comment:
| /* forms */
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11294
| Comment:
| /* Testemonial */
|
| Path: http://eforenzics.htb:80/assets/js/efore.js
| Line number: 15
| Comment:
|
| // smooth scroll
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 14
| Comment:
| // ======================
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11015
| Comment:
| /* bg-img */
|
| Path: http://eforenzics.htb:80/assets/js/efore.js
| Line number: 1
| Comment:
| /*!
| =========================================================
| * Rubic Landing page
| =========================================================
|
| * Copyright: 2019 DevCRUD (https://devcrud.com)
| * Licensed: (https://devcrud.com/licenses)
| * Coded by www.devcrud.com
|
| =========================================================
|
| * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
| */
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11106
| Comment:
| /* social wrapper*/
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 116
| Comment:
| // AFFIX PLUGIN DEFINITION
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 136
| Comment:
| // AFFIX NO CONFLICT
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 137
| Comment:
| // =================
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 13
| Comment:
| // AFFIX CLASS DEFINITION
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 145
| Comment:
| // AFFIX DATA-API
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 146
| Comment:
| // ==============
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11213
| Comment:
| /* Pricing cards */
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 117
| Comment:
| // =======================
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 1
| Comment:
| /* ========================================================================
| * Bootstrap: affix.js v3.3.6
| * http://getbootstrap.com/javascript/#affix
| * ========================================================================
| * Copyright 2011-2015 Twitter, Inc.
| * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
| * ======================================================================== */
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11592
| Comment:
| /*Tabs nav section*/
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11361
| Comment:
|_ /*utilities*/
|_http-feed: Couldn't find any feeds.
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-mobileversion-checker: No mobile version detected.
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
| http-php-version: Logo query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c
|_Credits query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c
| http-headers:
| Date: Mon, 23 Jan 2023 07:13:02 GMT
| Server: Apache/2.4.41 (Ubuntu)
| Upgrade: h2
| Connection: Upgrade, close
| Last-Modified: Sat, 01 Oct 2022 00:31:36 GMT
| ETag: "2acd-5e9ee3baeb4fd"
| Accept-Ranges: bytes
| Content-Length: 10957
| Vary: Accept-Encoding
| Content-Type: text/html
|
|_ (Request type: HEAD)
| http-methods:
|_ Supported Methods: GET HEAD POST
|_http-malware-host: Host appears to be clean
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-date: Mon, 23 Jan 2023 07:13:04 GMT; 0s from local time.
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:15:48 2023 -- 1 IP address (1 host up) scanned in 173.32 seconds

BIN
HTB/investigation/results/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 MiB

126
HTB/investigation/results/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,126 @@
WhatWeb report for http://10.129.138.192:80
Status : 301 Moved Permanently
Title : 301 Moved Permanently
IP : 10.129.138.192
Country : RESERVED, ZZ
Summary : Apache[2.4.41], HTTPServer[Ubuntu Linux][Apache/2.4.41 (Ubuntu)], RedirectLocation[http://eforenzics.htb/]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.41 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : Apache/2.4.41 (Ubuntu) (from server string)
[ RedirectLocation ]
HTTP Server string location. used with http-status 301 and
302
String : http://eforenzics.htb/ (from location)
HTTP Headers:
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Jan 2023 07:12:59 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: http://eforenzics.htb/
Content-Length: 310
Connection: close
Content-Type: text/html; charset=iso-8859-1
WhatWeb report for http://eforenzics.htb/
Status : 200 OK
Title : eForenzics - Premier Digital Forensics
IP : 10.129.138.192
Country : RESERVED, ZZ
Summary : Apache[2.4.41], Bootstrap, HTML5, HTTPServer[Ubuntu Linux][Apache/2.4.41 (Ubuntu)], JQuery[3.4.1], Meta-Author[eForenzics], Script, UncommonHeaders[upgrade]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.41 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Website : https://getbootstrap.com/
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : Apache/2.4.41 (Ubuntu) (from server string)
[ JQuery ]
A fast, concise, JavaScript that simplifies how to traverse
HTML documents, handle events, perform animations, and add
AJAX.
Version : 3.4.1
Website : http://jquery.com/
[ Meta-Author ]
This plugin retrieves the author name from the meta name
tag - info:
http://www.webmarketingnow.com/tips/meta-tags-uncovered.html
#author
String : eForenzics
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ UncommonHeaders ]
Uncommon HTTP server headers. The blacklist includes all
the standard headers and many non standard but common ones.
Interesting but fairly common headers should have their own
plugins, eg. x-powered-by, server and x-aspnet-version.
Info about headers can be found at www.http-stats.com
String : upgrade (from headers)
HTTP Headers:
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 07:13:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Sat, 01 Oct 2022 00:31:36 GMT
ETag: "2acd-5e9ee3baeb4fd-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2457
Content-Type: text/html

92
HTB/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,92 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.138.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.138.192" start="1674457975" startstr="Mon Jan 23 02:12:55 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="Connect Scan" time="1674457975"/>
<taskend task="Connect Scan" time="1674457975" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674457975"/>
<taskend task="Service scan" time="1674457982" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674457982"/>
<taskprogress task="NSE" time="1674458013" percent="99.02" remaining="1" etc="1674458013"/>
<taskprogress task="NSE" time="1674458043" percent="99.67" remaining="1" etc="1674458043"/>
<taskprogress task="NSE" time="1674458073" percent="99.67" remaining="1" etc="1674458073"/>
<taskprogress task="NSE" time="1674458103" percent="99.67" remaining="1" etc="1674458103"/>
<taskprogress task="NSE" time="1674458133" percent="99.67" remaining="1" etc="1674458133"/>
<taskend task="NSE" time="1674458148"/>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<host starttime="1674457975" endtime="1674458148"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.138.192" addrtype="ipv4"/>
<hostnames>
<hostname name="eforenzics.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="Apache httpd" version="2.4.41" hostname="eforenzics.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.41</cpe></service><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-csrf" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb&#xa; Found the following possible CSRF vulnerabilities: &#xa; &#xa; Path: http://eforenzics.htb:80/service.html&#xa; Form id: &#xa; Form action: upload.php&#xa;"/><script id="http-useragent-tester" output="&#xa; Status for browser useragent: 200&#xa; Allowed User Agents: &#xa; Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa; libwww&#xa; lwp-trivial&#xa; libcurl-agent/1.0&#xa; PHP/&#xa; Python-urllib/2.5&#xa; GT::WWW&#xa; Snoopy&#xa; MFC_Tear_Sample&#xa; HTTP::Lite&#xa; PHPCrawl&#xa; URI::Fetch&#xa; Zend_Http_Client&#xa; http client&#xa; PECL::HTTP&#xa; Wget/1.13.4 (linux-gnu)&#xa; WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
<table key="Allowed User Agents">
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
<elem>libwww</elem>
<elem>lwp-trivial</elem>
<elem>libcurl-agent/1.0</elem>
<elem>PHP/</elem>
<elem>Python-urllib/2.5</elem>
<elem>GT::WWW</elem>
<elem>Snoopy</elem>
<elem>MFC_Tear_Sample</elem>
<elem>HTTP::Lite</elem>
<elem>PHPCrawl</elem>
<elem>URI::Fetch</elem>
<elem>Zend_Http_Client</elem>
<elem>http client</elem>
<elem>PECL::HTTP</elem>
<elem>Wget/1.13.4 (linux-gnu)</elem>
<elem>WWW-Mechanize/1.34</elem>
</table>
</script><script id="http-chrono" output="Request times for /; avg: 160.74ms; min: 150.93ms; max: 169.60ms"/><script id="http-security-headers" output=""></script><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-sitemap-generator" output="&#xa; Directory structure:&#xa; /&#xa; Other: 1&#xa; Longest directory structure:&#xa; Depth: 0&#xa; Dir: /&#xa; Total files found (by extension):&#xa; Other: 1&#xa;"/><script id="http-exif-spider" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-fileupload-exploiter" output="&#xa; &#xa; Couldn&apos;t find a file-type field.&#xa; &#xa; Failed to upload and execute a payload.&#xa; &#xa; Failed to upload and execute a payload.&#xa; &#xa; Failed to upload and execute a payload.&#xa; &#xa; Failed to upload and execute a payload."><table>
<elem>Couldn&apos;t find a file-type field.</elem>
</table>
<table>
<elem>Failed to upload and execute a payload.</elem>
</table>
<table>
<elem>Failed to upload and execute a payload.</elem>
</table>
<table>
<elem>Failed to upload and execute a payload.</elem>
</table>
<table>
<elem>Failed to upload and execute a payload.</elem>
</table>
</script><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-vhosts" output="&#xa;squid.htb&#xa;127 names had status 301"/><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-title" output="eForenzics - Premier Digital Forensics"><elem key="title">eForenzics - Premier Digital Forensics</elem>
</script><script id="http-comments-displayer" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11390&#xa; Comment: &#xa; /* Page Navbar*/&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11356&#xa; Comment: &#xa; /* forms */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11294&#xa; Comment: &#xa; /* Testemonial */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/js/efore.js&#xa; Line number: 15&#xa; Comment: &#xa; &#xa; // smooth scroll&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 14&#xa; Comment: &#xa; // ======================&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11015&#xa; Comment: &#xa; /* bg-img */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/js/efore.js&#xa; Line number: 1&#xa; Comment: &#xa; /*!&#xa; =========================================================&#xa; * Rubic Landing page&#xa; =========================================================&#xa; &#xa; * Copyright: 2019 DevCRUD (https://devcrud.com)&#xa; * Licensed: (https://devcrud.com/licenses)&#xa; * Coded by www.devcrud.com&#xa; &#xa; =========================================================&#xa; &#xa; * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.&#xa; */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11106&#xa; Comment: &#xa; /* social wrapper*/&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 116&#xa; Comment: &#xa; // AFFIX PLUGIN DEFINITION&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 136&#xa; Comment: &#xa; // AFFIX NO CONFLICT&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 137&#xa; Comment: &#xa; // =================&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 13&#xa; Comment: &#xa; // AFFIX CLASS DEFINITION&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 145&#xa; Comment: &#xa; // AFFIX DATA-API&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 146&#xa; Comment: &#xa; // ==============&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11213&#xa; Comment: &#xa; /* Pricing cards */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 117&#xa; Comment: &#xa; // =======================&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 1&#xa; Comment: &#xa; /* ========================================================================&#xa; * Bootstrap: affix.js v3.3.6&#xa; * http://getbootstrap.com/javascript/#affix&#xa; * ========================================================================&#xa; * Copyright 2011-2015 Twitter, Inc.&#xa; * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)&#xa; * ======================================================================== */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11592&#xa; Comment: &#xa; /*Tabs nav section*/&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11361&#xa; Comment: &#xa; /*utilities*/&#xa;"/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-server-header" output="Apache/2.4.41 (Ubuntu)"><elem>Apache/2.4.41 (Ubuntu)</elem>
</script><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-php-version" output="Logo query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c&#xa;Credits query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c"/><script id="http-headers" output="&#xa; Date: Mon, 23 Jan 2023 07:13:02 GMT&#xa; Server: Apache/2.4.41 (Ubuntu)&#xa; Upgrade: h2&#xa; Connection: Upgrade, close&#xa; Last-Modified: Sat, 01 Oct 2022 00:31:36 GMT&#xa; ETag: &quot;2acd-5e9ee3baeb4fd&quot;&#xa; Accept-Ranges: bytes&#xa; Content-Length: 10957&#xa; Vary: Accept-Encoding&#xa; Content-Type: text/html&#xa; &#xa; (Request type: HEAD)&#xa;"/><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
</table>
</script><script id="http-malware-host" output="Host appears to be clean"/><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-date" output="Mon, 23 Jan 2023 07:13:04 GMT; 0s from local time."><elem key="date">2023-01-23T07:13:04+00:00</elem>
<elem key="delta">0.0</elem>
</script></port>
</ports>
<times srtt="26149" rttvar="26149" to="130745"/>
</host>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<runstats><finished time="1674458148" timestr="Mon Jan 23 02:15:48 2023" summary="Nmap done at Mon Jan 23 02:15:48 2023; 1 IP address (1 host up) scanned in 173.32 seconds" elapsed="173.32" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

71
HTB/investigation/results/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Mon Jan 23 02:12:45 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/investigation/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_full_tcp_nmap.xml 10.129.138.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/investigation/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_full_tcp_nmap.xml 10.129.138.192" start="1674457965" startstr="Mon Jan 23 02:12:45 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="Connect Scan" time="1674457965"/>
<taskend task="Connect Scan" time="1674457985" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1674457985"/>
<taskend task="Service scan" time="1674457991" extrainfo="2 services on 1 host"/>
<taskbegin task="NSE" time="1674457991"/>
<taskend task="NSE" time="1674457992"/>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<host starttime="1674457965" endtime="1674457992"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.138.192" addrtype="ipv4"/>
<hostnames>
<hostname name="eforenzics.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65533">
<extrareasons reason="conn-refused" count="65533" proto="tcp" ports="1-21,23-79,81-65535"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=&#xa; 256 274520add2faa73a8373d97c79abf30b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=&#xa; 256 4245eb916e21020617b2748bc5834fe0 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S"><table>
<elem key="fingerprint">2f1e6306aa6ebbcc0d19d4152674c6d9</elem>
<elem key="type">ssh-rsa</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=</elem>
<elem key="bits">3072</elem>
</table>
<table>
<elem key="fingerprint">274520add2faa73a8373d97c79abf30b</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="fingerprint">4245eb916e21020617b2748bc5834fe0</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S</elem>
<elem key="bits">256</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="Apache httpd" version="2.4.41" hostname="eforenzics.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.41</cpe></service><script id="http-title" output="eForenzics - Premier Digital Forensics"><elem key="title">eForenzics - Premier Digital Forensics</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
</table>
</script><script id="http-server-header" output="Apache/2.4.41 (Ubuntu)"><elem>Apache/2.4.41 (Ubuntu)</elem>
</script></port>
</ports>
<times srtt="60795" rttvar="1468" to="100000"/>
</host>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<runstats><finished time="1674457992" timestr="Mon Jan 23 02:13:12 2023" summary="Nmap done at Mon Jan 23 02:13:12 2023; 1 IP address (1 host up) scanned in 27.57 seconds" elapsed="27.57" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

71
HTB/investigation/results/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Mon Jan 23 02:12:45 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/investigation/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_quick_tcp_nmap.xml 10.129.138.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/investigation/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_quick_tcp_nmap.xml 10.129.138.192" start="1674457965" startstr="Mon Jan 23 02:12:45 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="Connect Scan" time="1674457965"/>
<taskend task="Connect Scan" time="1674457966" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1674457966"/>
<taskend task="Service scan" time="1674457972" extrainfo="2 services on 1 host"/>
<taskbegin task="NSE" time="1674457972"/>
<taskend task="NSE" time="1674457974"/>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<host starttime="1674457965" endtime="1674457974"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.138.192" addrtype="ipv4"/>
<hostnames>
<hostname name="eforenzics.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="998">
<extrareasons reason="conn-refused" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=&#xa; 256 274520add2faa73a8373d97c79abf30b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=&#xa; 256 4245eb916e21020617b2748bc5834fe0 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S"><table>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=</elem>
<elem key="fingerprint">2f1e6306aa6ebbcc0d19d4152674c6d9</elem>
<elem key="bits">3072</elem>
<elem key="type">ssh-rsa</elem>
</table>
<table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=</elem>
<elem key="fingerprint">274520add2faa73a8373d97c79abf30b</elem>
<elem key="bits">256</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S</elem>
<elem key="fingerprint">4245eb916e21020617b2748bc5834fe0</elem>
<elem key="bits">256</elem>
<elem key="type">ssh-ed25519</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="Apache httpd" version="2.4.41" hostname="eforenzics.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.41</cpe></service><script id="http-server-header" output="Apache/2.4.41 (Ubuntu)"><elem>Apache/2.4.41 (Ubuntu)</elem>
</script><script id="http-title" output="eForenzics - Premier Digital Forensics"><elem key="title">eForenzics - Premier Digital Forensics</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
</table>
</script></port>
</ports>
<times srtt="30724" rttvar="4034" to="100000"/>
</host>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<runstats><finished time="1674457974" timestr="Mon Jan 23 02:12:54 2023" summary="Nmap done at Mon Jan 23 02:12:54 2023; 1 IP address (1 host up) scanned in 9.62 seconds" elapsed="9.62" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>