simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
HTB/mentor/results/report/local.txt Normal file
View File

20
HTB/mentor/results/report/notes.txt Normal file
View File

@@ -0,0 +1,20 @@
[*] ssh found on tcp/22.
[*] http found on tcp/80.
[*] ssh found on tcp/22.
[*] http found on tcp/80.
[*] snmp found on udp/161.

0
HTB/mentor/results/report/proof.txt Normal file
View File

79
HTB/mentor/results/report/report.md/mentor.htb/Commands.md Normal file
View File

@@ -0,0 +1,79 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_quick_tcp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_full_tcp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_top_100_udp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" mentor.htb
feroxbuster -u http://mentor.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://mentor.htb:80/.well-known/security.txt
curl -sSikf http://mentor.htb:80/robots.txt
curl -sSik http://mentor.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml" mentor.htb
curl -sk -o /dev/null -H "Host: DkVAlVYhhsOjIxsCpgdD.mentor.htb" http://mentor.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://mentor.htb:80 2>&1
wkhtmltoimage --format png http://mentor.htb:80/ /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://mentor.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.mentor.htb" -fs 305 -noninteractive -s | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_mentor.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_quick_tcp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_full_tcp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_top_100_udp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" mentor.htb
feroxbuster -u http://mentor.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://mentor.htb:80/.well-known/security.txt
curl -sSikf http://mentor.htb:80/robots.txt
curl -sSik http://mentor.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml" mentor.htb
curl -sk -o /dev/null -H "Host: WSNGRtYtRhMJqBsBbrHE.mentor.htb" http://mentor.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://mentor.htb:80 2>&1
wkhtmltoimage --format png http://mentor.htb:80/ /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://mentor.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.mentor.htb" -fs 305 -noninteractive -s | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_mentor.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sU -sV -p 161 --script="banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp-nmap.txt" -oX "/home/kali/htb/mentor/results/scans/udp161/xml/udp_161_snmp_nmap.xml" mentor.htb
onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd mentor.htb 2>&1
snmpwalk -c public -v 1 mentor.htb 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.1.6.0 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.4.2.1.2 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.4.2.1.4 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.2.3.1.4 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.2.3.1.4 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.4.1.77.1.2.25 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.6.13.1.3 2>&1
curl -sk -o /dev/null -H "Host: ulHLBfgwlNbtGPVJGIXe.mentorquotes.htb" http://mentorquotes.htb:80/ -w "%{size_download}"
ffuf -u http://mentorquotes.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.mentorquotes.htb" -fs 311 -noninteractive -s | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_mentorquotes.htb_vhosts_subdomains-top1million-110000.txt"
```

20
HTB/mentor/results/report/report.md/mentor.htb/Errors.md Normal file
View File

@@ -0,0 +1,20 @@
```
[*] Service scan wkhtmltoimage (tcp/80/http/wkhtmltoimage) ran a command which returned a non-zero exit code (1).
[-] Command: wkhtmltoimage --format png http://mentor.htb:80/ /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_screenshot.png
[-] Error Output:
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
Loading page (1/2)
[> ] 0%
Error: Failed to load http://mentorquotes.htb/, with network status code 3 and http status code 0 - Host mentorquotes.htb not found
[============================================================] 100%
Error: Failed loading page http://mentor.htb:80/ (sometimes it will work just to ignore this error with --load-error-handling ignore)
Exit with code 1 due to network error: HostNotFoundError
[*] Service scan OneSixtyOne (udp/161/snmp/onesixtyone) ran a command which returned a non-zero exit code (1).
[-] Command: onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd mentor.htb 2>&1
[-] Error Output:
```

67
HTB/mentor/results/report/report.md/mentor.htb/Manual Commands.md Normal file
View File

@@ -0,0 +1,67 @@
```bash
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://mentor.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h mentor.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://mentor.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://mentor.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h mentor.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://mentor.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h mentor.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://mentor.htb:80 2>&1 | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://mentor.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://mentor.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h mentor.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://mentor.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://mentor.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h mentor.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://mentor.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h mentor.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://mentor.htb:80 2>&1 | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://mentor.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_wpscan.txt"
```

4
HTB/mentor/results/report/report.md/mentor.htb/Patterns.md Normal file
View File

@@ -0,0 +1,4 @@
Identified HTTP Server: Apache/2.4.52 (Ubuntu)
Identified HTTP Server: Apache/2.4.52 (Ubuntu)

59
HTB/mentor/results/report/report.md/mentor.htb/Port Scans/PortScan - All TCP Ports.md Normal file
View File

@@ -0,0 +1,59 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_full_tcp_nmap.xml" mentor.htb
```
[/home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt](file:///home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 17:12:24 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_full_tcp_nmap.xml mentor.htb
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.056s latency).
Scanned at 2023-02-07 17:12:24 CET for 35s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 c73bfc3cf9ceee8b4818d5d1af8ec2bb (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=
| 256 4440084c0ecbd4f18e7eeda85c68a4f7 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52
|_http-title: Did not follow redirect to http://mentorquotes.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.52 (Ubuntu)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (94%), Linux 5.3 - 5.4 (94%), Linux 2.6.32 (94%), Linux 5.0 - 5.3 (93%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Crestron XPanel control system (91%), Linux 5.4 (91%), Linux 3.1 - 3.2 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2788B%P=x86_64-pc-linux-gnu)
SEQ(SP=FE%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 30.285 days (since Sun Jan 8 10:22:03 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=254 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: mentorquotes.htb; OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 111/tcp)
HOP RTT ADDRESS
1 87.00 ms 10.10.16.1
2 87.07 ms mentor.htb (10.10.11.193)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:12:59 2023 -- 1 IP address (1 host up) scanned in 35.28 seconds
```

155
HTB/mentor/results/report/report.md/mentor.htb/Port Scans/PortScan - Top 100 UDP Ports.md Normal file
View File

@@ -0,0 +1,155 @@
```bash
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_top_100_udp_nmap.xml" mentor.htb
```
[/home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt](file:///home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 17:12:24 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_top_100_udp_nmap.xml mentor.htb
Increasing send delay for 10.10.11.193 from 0 to 50 due to 11 out of 16 dropped probes since last increase.
Increasing send delay for 10.10.11.193 from 50 to 100 due to 11 out of 16 dropped probes since last increase.
adjust_timeouts2: packet supposedly had rtt of -288682 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -559589 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -559589 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -272388 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -272388 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -275261 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -275261 microseconds. Ignoring time.
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.029s latency).
Scanned at 2023-02-07 17:12:25 CET for 391s
PORT STATE SERVICE REASON VERSION
7/udp closed echo port-unreach ttl 63
9/udp open|filtered discard no-response
17/udp closed qotd port-unreach ttl 63
19/udp closed chargen port-unreach ttl 63
49/udp open|filtered tacacs no-response
53/udp open|filtered domain no-response
67/udp open|filtered dhcps no-response
68/udp open|filtered dhcpc no-response
69/udp closed tftp port-unreach ttl 63
80/udp open|filtered http no-response
88/udp open|filtered kerberos-sec no-response
111/udp open|filtered rpcbind no-response
120/udp closed cfdptkt port-unreach ttl 63
123/udp open|filtered ntp no-response
135/udp closed msrpc port-unreach ttl 63
136/udp open|filtered profile no-response
137/udp closed netbios-ns port-unreach ttl 63
138/udp closed netbios-dgm port-unreach ttl 63
139/udp closed netbios-ssn port-unreach ttl 63
158/udp open|filtered pcmail-srv no-response
161/udp open snmp udp-response ttl 63 SNMPv1 server; net-snmp SNMPv3 server (public)
| snmp-sysdescr: Linux mentor 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64
|_ System uptime: 5m59.23s (35923 timeticks)
| snmp-info:
| enterprise: net-snmp
| engineIDFormat: unknown
| engineIDData: a124f60a99b99c6200000000
| snmpEngineBoots: 67
|_ snmpEngineTime: 5m59s
162/udp open|filtered snmptrap no-response
177/udp open|filtered xdmcp no-response
427/udp open|filtered svrloc no-response
443/udp open|filtered https no-response
445/udp closed microsoft-ds port-unreach ttl 63
497/udp open|filtered retrospect no-response
500/udp closed isakmp port-unreach ttl 63
514/udp open|filtered syslog no-response
515/udp open|filtered printer no-response
518/udp closed ntalk port-unreach ttl 63
520/udp open|filtered route no-response
593/udp open|filtered http-rpc-epmap no-response
623/udp open|filtered asf-rmcp no-response
626/udp open|filtered serialnumberd no-response
631/udp open|filtered ipp no-response
996/udp open|filtered vsinet no-response
997/udp closed maitrd port-unreach ttl 63
998/udp open|filtered puparp no-response
999/udp open|filtered applix no-response
1022/udp open|filtered exp2 no-response
1023/udp open|filtered unknown no-response
1025/udp open|filtered blackjack no-response
1026/udp open|filtered win-rpc no-response
1027/udp closed unknown port-unreach ttl 63
1028/udp closed ms-lsa port-unreach ttl 63
1029/udp open|filtered solid-mux no-response
1030/udp open|filtered iad1 no-response
1433/udp closed ms-sql-s port-unreach ttl 63
1434/udp open|filtered ms-sql-m no-response
1645/udp open|filtered radius no-response
1646/udp open|filtered radacct no-response
1701/udp closed L2TP port-unreach ttl 63
1718/udp open|filtered h225gatedisc no-response
1719/udp open|filtered h323gatestat no-response
1812/udp open|filtered radius no-response
1813/udp open|filtered radacct no-response
1900/udp open|filtered upnp no-response
2000/udp closed cisco-sccp port-unreach ttl 63
2048/udp open|filtered dls-monitor no-response
2049/udp closed nfs port-unreach ttl 63
2222/udp closed msantipiracy port-unreach ttl 63
2223/udp closed rockwell-csp2 port-unreach ttl 63
3283/udp closed netassistant port-unreach ttl 63
3456/udp open|filtered IISrpc-or-vat no-response
3703/udp closed adobeserver-3 port-unreach ttl 63
4444/udp closed krb524 port-unreach ttl 63
4500/udp open|filtered nat-t-ike no-response
5000/udp closed upnp port-unreach ttl 63
5060/udp closed sip port-unreach ttl 63
5353/udp open|filtered zeroconf no-response
5632/udp open|filtered pcanywherestat no-response
9200/udp closed wap-wsp port-unreach ttl 63
10000/udp open|filtered ndmp no-response
17185/udp open|filtered wdbrpc no-response
20031/udp open|filtered bakbonenetvault no-response
30718/udp closed unknown port-unreach ttl 63
31337/udp open|filtered BackOrifice no-response
32768/udp closed omad port-unreach ttl 63
32769/udp open|filtered filenet-rpc no-response
32771/udp open|filtered sometimes-rpc6 no-response
32815/udp closed unknown port-unreach ttl 63
33281/udp open|filtered unknown no-response
49152/udp open|filtered unknown no-response
49153/udp open|filtered unknown no-response
49154/udp open|filtered unknown no-response
49156/udp open|filtered unknown no-response
49181/udp open|filtered unknown no-response
49182/udp open|filtered unknown no-response
49185/udp closed unknown port-unreach ttl 63
49186/udp open|filtered unknown no-response
49188/udp open|filtered unknown no-response
49190/udp closed unknown port-unreach ttl 63
49191/udp open|filtered unknown no-response
49192/udp closed unknown port-unreach ttl 63
49193/udp open|filtered unknown no-response
49194/udp open|filtered unknown no-response
49200/udp closed unknown port-unreach ttl 63
49201/udp open|filtered unknown no-response
65024/udp closed unknown port-unreach ttl 63
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: remote management|phone|general purpose|webcam|storage-misc
Running: Avocent embedded, Google Android 2.X, Linux 2.6.X, AXIS embedded, ZyXEL embedded
OS CPE: cpe:/o:google:android:2.2 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.17 cpe:/h:axis:210a_network_camera cpe:/h:axis:211_network_camera cpe:/h:zyxel:nsa-210
OS details: Avocent/Cyclades ACS 6000, Android 2.2 (Linux 2.6), Linux 2.6.14 - 2.6.34, Linux 2.6.17, Linux 2.6.17 (Mandriva), Linux 2.6.32, AXIS 210A or 211 Network Camera (Linux 2.6.17), ZyXEL NSA-210 NAS device
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=2/7%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E279F0%P=x86_
OS:64-pc-linux-gnu)SEQ(CI=Z)SEQ(CI=Z%II=I)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=A
OS:R%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=4
OS:0%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=
OS:G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
Service Info: Host: mentor
TRACEROUTE (using port 138/udp)
HOP RTT ADDRESS
1 24.51 ms 10.10.16.1
2 23.94 ms mentor.htb (10.10.11.193)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:18:56 2023 -- 1 IP address (1 host up) scanned in 392.24 seconds
```

63
HTB/mentor/results/report/report.md/mentor.htb/Port Scans/PortScan - Top TCP Ports.md Normal file
View File

@@ -0,0 +1,63 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_quick_tcp_nmap.xml" mentor.htb
```
[/home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt](file:///home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 17:12:24 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_quick_tcp_nmap.xml mentor.htb
adjust_timeouts2: packet supposedly had rtt of -379307 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -379307 microseconds. Ignoring time.
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.038s latency).
Scanned at 2023-02-07 17:12:24 CET for 28s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 c73bfc3cf9ceee8b4818d5d1af8ec2bb (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=
| 256 4440084c0ecbd4f18e7eeda85c68a4f7 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52
|_http-title: Did not follow redirect to http://mentorquotes.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.52 (Ubuntu)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (94%), Linux 5.3 - 5.4 (94%), Linux 2.6.32 (94%), Linux 5.0 - 5.3 (93%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 5.0 (91%), Crestron XPanel control system (91%), Linux 2.6.39 - 3.2 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E27884%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=N)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 30.285 days (since Sun Jan 8 10:22:02 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: mentorquotes.htb; OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 554/tcp)
HOP RTT ADDRESS
1 27.07 ms 10.10.16.1
2 50.43 ms mentor.htb (10.10.11.193)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:12:52 2023 -- 1 IP address (1 host up) scanned in 27.71 seconds
```

69
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - tcp-22-ssh/Nmap SSH.md Normal file
View File

@@ -0,0 +1,69 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" mentor.htb
```
[/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 17:12:52 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml mentor.htb
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.034s latency).
Scanned at 2023-02-07 17:12:52 CET for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 c73bfc3cf9ceee8b4818d5d1af8ec2bb (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=
| 256 4440084c0ecbd4f18e7eeda85c68a4f7 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv
|_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| sntrup761x25519-sha512@openssh.com
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (4)
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:12:54 2023 -- 1 IP address (1 host up) scanned in 1.70 seconds
```

25
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - tcp-80-http/Curl Robots.md Normal file
View File

@@ -0,0 +1,25 @@
```bash
curl -sSikf http://mentor.htb:80/robots.txt
```
[/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_curl-robots.txt](file:///home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_curl-robots.txt):
```
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 16:12:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: http://mentorquotes.htb/
Content-Length: 284
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://mentorquotes.htb/">here</a>.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at mentor.htb Port 80</address>
</body></html>
```

26
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - tcp-80-http/Curl.md Normal file
View File

@@ -0,0 +1,26 @@
```bash
curl -sSik http://mentor.htb:80/
```
[/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_curl.html](file:///home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_curl.html):
```
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 16:12:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: http://mentorquotes.htb/
Content-Length: 284
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://mentorquotes.htb/">here</a>.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at mentor.htb Port 80</address>
</body></html>
```

13
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - tcp-80-http/Directory Buster.md Normal file
View File

@@ -0,0 +1,13 @@
```bash
feroxbuster -u http://mentor.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
```
[/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt](file:///home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt):
```
WLD GET 9l 26w 284c Got 302 for http://mentor.htb/00c755e63ad64560b48b10265e062587 (url length: 32)
WLD - - - http://mentor.htb/00c755e63ad64560b48b10265e062587 => http://mentorquotes.htb/
WLD GET 9l 26w 284c Got 302 for http://mentor.htb/6e22794eff354e3bb2d3eaf96e7816a3aab410720213421091e219809755dcc23a26646b56b448f99820dc1b8d0582c1 (url length: 96)
WLD - - - http://mentor.htb/6e22794eff354e3bb2d3eaf96e7816a3aab410720213421091e219809755dcc23a26646b56b448f99820dc1b8d0582c1 => http://mentorquotes.htb/
```

25
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - tcp-80-http/Known Security.md Normal file
View File

@@ -0,0 +1,25 @@
```bash
curl -sSikf http://mentor.htb:80/.well-known/security.txt
```
[/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_known-security.txt](file:///home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_known-security.txt):
```
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 16:12:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: http://mentorquotes.htb/
Content-Length: 284
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://mentorquotes.htb/">here</a>.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at mentor.htb Port 80</address>
</body></html>
```

83
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - tcp-80-http/Nmap HTTP.md Normal file
View File

@@ -0,0 +1,83 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml" mentor.htb
```
[/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt](file:///home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 17:12:52 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml mentor.htb
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.065s latency).
Scanned at 2023-02-07 17:12:52 CET for 18s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52
|_http-chrono: Request times for /; avg: 164.16ms; min: 153.80ms; max: 181.69ms
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
| http-sitemap-generator:
| Directory structure:
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_
| http-headers:
| Date: Tue, 07 Feb 2023 16:13:04 GMT
| Server: Apache/2.4.52 (Ubuntu)
| Location: http://mentorquotes.htb/
| Content-Length: 284
| Connection: close
| Content-Type: text/html; charset=iso-8859-1
|
|_ (Request type: GET)
| http-vhosts:
|_128 names had status 302
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-errors: Couldn't find any error pages.
| http-useragent-tester:
| Status for browser useragent: 200
| Redirected To: http://mentorquotes.htb/
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-feed: Couldn't find any feeds.
|_http-comments-displayer: Couldn't find any comments.
|_http-mobileversion-checker: No mobile version detected.
|_http-date: Tue, 07 Feb 2023 16:13:01 GMT; 0s from local time.
|_http-server-header: Apache/2.4.52 (Ubuntu)
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-title: Did not follow redirect to http://mentorquotes.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
Service Info: Host: mentorquotes.htb
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:13:10 2023 -- 1 IP address (1 host up) scanned in 17.76 seconds
```

226049
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - tcp-80-http/Virtual Host Enumeration.md Normal file
View File

File diff suppressed because it is too large Load Diff

97
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - tcp-80-http/whatweb.md Normal file
View File

@@ -0,0 +1,97 @@
```bash
whatweb --color=never --no-errors -a 3 -v http://mentor.htb:80 2>&1
```
[/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_whatweb.txt):
```
WhatWeb report for http://mentor.htb:80
Status : 302 Found
Title : 302 Found
IP : 10.10.11.193
Country : RESERVED, ZZ
Summary : Apache[2.4.52], HTTPServer[Ubuntu Linux][Apache/2.4.52 (Ubuntu)], RedirectLocation[http://mentorquotes.htb/]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.52 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : Apache/2.4.52 (Ubuntu) (from server string)
[ RedirectLocation ]
HTTP Server string location. used with http-status 301 and
302
String : http://mentorquotes.htb/ (from location)
HTTP Headers:
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 16:12:53 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: http://mentorquotes.htb/
Content-Length: 284
Connection: close
Content-Type: text/html; charset=iso-8859-1
WhatWeb report for http://mentorquotes.htb/
Status : 200 OK
Title : MentorQuotes
IP : 10.10.11.193
Country : RESERVED, ZZ
Summary : HTML5, HTTPServer[Werkzeug/2.0.3 Python/3.6.9], Python[3.6.9], Werkzeug[2.0.3]
Detected Plugins:
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
String : Werkzeug/2.0.3 Python/3.6.9 (from server string)
[ Python ]
Python is a programming language that lets you work more
quickly and integrate your systems more effectively. You
can learn to use Python and see almost immediate gains in
productivity and lower maintenance costs.
Version : 3.6.9
Website : http://www.python.org/
[ Werkzeug ]
Werkzeug is a WSGI utility library for Python.
Version : 2.0.3
Website : http://werkzeug.pocoo.org/
HTTP Headers:
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 16:12:56 GMT
Server: Werkzeug/2.0.3 Python/3.6.9
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2029
Connection: close
```

3
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - tcp-80-http/wkhtmltoimage.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
wkhtmltoimage --format png http://mentor.htb:80/ /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_screenshot.png
```

29
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - udp-161-snmp/Nmap SNMP.md Normal file
View File

@@ -0,0 +1,29 @@
```bash
nmap -vv --reason -Pn -T4 -sU -sV -p 161 --script="banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp-nmap.txt" -oX "/home/kali/htb/mentor/results/scans/udp161/xml/udp_161_snmp_nmap.xml" mentor.htb
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp-nmap.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp-nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 17:18:56 2023 as: nmap -vv --reason -Pn -T4 -sU -sV -p 161 "--script=banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/kali/htb/mentor/results/scans/udp161/udp_161_snmp-nmap.txt -oX /home/kali/htb/mentor/results/scans/udp161/xml/udp_161_snmp_nmap.xml mentor.htb
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.042s latency).
Scanned at 2023-02-07 17:18:57 CET for 15s
PORT STATE SERVICE REASON VERSION
161/udp open snmp udp-response ttl 63 SNMPv1 server; net-snmp SNMPv3 server (public)
| snmp-info:
| enterprise: net-snmp
| engineIDFormat: unknown
| engineIDData: a124f60a99b99c6200000000
| snmpEngineBoots: 67
|_ snmpEngineTime: 8m27s
| snmp-sysdescr: Linux mentor 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64
|_ System uptime: 8m27.56s (50756 timeticks)
Service Info: Host: mentor
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:19:12 2023 -- 1 IP address (1 host up) scanned in 15.19 seconds
```

12
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - udp-161-snmp/OneSixtyOne.md Normal file
View File

@@ -0,0 +1,12 @@
```bash
onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd mentor.htb 2>&1
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_onesixtyone.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_onesixtyone.txt):
```
Debug level 2
Malformed IP address: mentor.htb
```

134
HTB/mentor/results/report/report.md/mentor.htb/Services/Service - udp-161-snmp/SNMPWalk.md Normal file
View File

@@ -0,0 +1,134 @@
```bash
snmpwalk -c public -v 1 mentor.htb 2>&1
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk.txt):
```
Created directory: /var/lib/snmp/cert_indexes
iso.3.6.1.2.1.1.1.0 = STRING: "Linux mentor 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (50699) 0:08:26.99
iso.3.6.1.2.1.1.4.0 = STRING: "Me <admin@mentorquotes.htb>"
iso.3.6.1.2.1.1.5.0 = STRING: "mentor"
iso.3.6.1.2.1.1.6.0 = STRING: "Sitting on the Dock of the Bay"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72
iso.3.6.1.2.1.1.8.0 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.10.3.1.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.11.3.1.1
iso.3.6.1.2.1.1.9.1.2.3 = OID: iso.3.6.1.6.3.15.2.1.1
iso.3.6.1.2.1.1.9.1.2.4 = OID: iso.3.6.1.6.3.1
iso.3.6.1.2.1.1.9.1.2.5 = OID: iso.3.6.1.6.3.16.2.2.1
iso.3.6.1.2.1.1.9.1.2.6 = OID: iso.3.6.1.2.1.49
iso.3.6.1.2.1.1.9.1.2.7 = OID: iso.3.6.1.2.1.50
iso.3.6.1.2.1.1.9.1.2.8 = OID: iso.3.6.1.2.1.4
iso.3.6.1.2.1.1.9.1.2.9 = OID: iso.3.6.1.6.3.13.3.1.3
iso.3.6.1.2.1.1.9.1.2.10 = OID: iso.3.6.1.2.1.92
iso.3.6.1.2.1.1.9.1.3.1 = STRING: "The SNMP Management Architecture MIB."
iso.3.6.1.2.1.1.9.1.3.2 = STRING: "The MIB for Message Processing and Dispatching."
iso.3.6.1.2.1.1.9.1.3.3 = STRING: "The management information definitions for the SNMP User-based Security Model."
iso.3.6.1.2.1.1.9.1.3.4 = STRING: "The MIB module for SNMPv2 entities"
iso.3.6.1.2.1.1.9.1.3.5 = STRING: "View-based Access Control Model for SNMP."
iso.3.6.1.2.1.1.9.1.3.6 = STRING: "The MIB module for managing TCP implementations"
iso.3.6.1.2.1.1.9.1.3.7 = STRING: "The MIB module for managing UDP implementations"
iso.3.6.1.2.1.1.9.1.3.8 = STRING: "The MIB module for managing IP and ICMP implementations"
iso.3.6.1.2.1.1.9.1.3.9 = STRING: "The MIB modules for managing SNMP Notification, plus filtering."
iso.3.6.1.2.1.1.9.1.3.10 = STRING: "The MIB module for logging SNMP Notifications."
iso.3.6.1.2.1.1.9.1.4.1 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.2 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.3 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.4 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.5 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.6 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.7 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.8 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.9 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.1.9.1.4.10 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.25.1.1.0 = Timeticks: (52639) 0:08:46.39
iso.3.6.1.2.1.25.1.2.0 = Hex-STRING: 07 E7 02 07 10 12 3A 00 2B 00 00
iso.3.6.1.2.1.25.1.3.0 = INTEGER: 393216
iso.3.6.1.2.1.25.1.4.0 = STRING: "BOOT_IMAGE=/vmlinuz-5.15.0-56-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro net.ifnames=0 biosdevname=0
"
iso.3.6.1.2.1.25.1.5.0 = Gauge32: 0
iso.3.6.1.2.1.25.1.6.0 = Gauge32: 235
iso.3.6.1.2.1.25.1.7.0 = INTEGER: 0
End of MIB
```
```bash
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.1.6.0 2>&1
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_system_processes.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_system_processes.txt):
```
iso.3.6.1.2.1.25.1.6.0 = Gauge32: 235
```
```bash
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.4.2.1.2 2>&1
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_running_processes.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_running_processes.txt):
```
End of MIB
```
```bash
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.4.2.1.4 2>&1
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_process_paths.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_process_paths.txt):
```
End of MIB
```
```bash
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.2.3.1.4 2>&1
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_storage_units.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_storage_units.txt):
```
End of MIB
```
```bash
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.2.3.1.4 2>&1
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_software_names.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_software_names.txt):
```
End of MIB
```
```bash
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.4.1.77.1.2.25 2>&1
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_user_accounts.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_user_accounts.txt):
```
End of MIB
```
```bash
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.6.13.1.3 2>&1
```
[/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_tcp_ports.txt](file:///home/kali/htb/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_tcp_ports.txt):
```
```