simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
HTB/mentor/results/scans/_commands.log Normal file
View File

@@ -0,0 +1,76 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_quick_tcp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_full_tcp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_top_100_udp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" mentor.htb
feroxbuster -u http://mentor.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://mentor.htb:80/.well-known/security.txt
curl -sSikf http://mentor.htb:80/robots.txt
curl -sSik http://mentor.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml" mentor.htb
curl -sk -o /dev/null -H "Host: DkVAlVYhhsOjIxsCpgdD.mentor.htb" http://mentor.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://mentor.htb:80 2>&1
wkhtmltoimage --format png http://mentor.htb:80/ /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://mentor.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.mentor.htb" -fs 305 -noninteractive -s | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_mentor.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_quick_tcp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_full_tcp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/xml/_top_100_udp_nmap.xml" mentor.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" mentor.htb
feroxbuster -u http://mentor.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://mentor.htb:80/.well-known/security.txt
curl -sSikf http://mentor.htb:80/robots.txt
curl -sSik http://mentor.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml" mentor.htb
curl -sk -o /dev/null -H "Host: WSNGRtYtRhMJqBsBbrHE.mentor.htb" http://mentor.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://mentor.htb:80 2>&1
wkhtmltoimage --format png http://mentor.htb:80/ /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://mentor.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.mentor.htb" -fs 305 -noninteractive -s | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_mentor.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sU -sV -p 161 --script="banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/kali/htb/mentor/results/scans/udp161/udp_161_snmp-nmap.txt" -oX "/home/kali/htb/mentor/results/scans/udp161/xml/udp_161_snmp_nmap.xml" mentor.htb
onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd mentor.htb 2>&1
snmpwalk -c public -v 1 mentor.htb 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.1.6.0 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.4.2.1.2 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.4.2.1.4 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.2.3.1.4 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.25.2.3.1.4 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.4.1.77.1.2.25 2>&1
snmpwalk -c public -v 1 mentor.htb 1.3.6.1.2.1.6.13.1.3 2>&1
curl -sk -o /dev/null -H "Host: ulHLBfgwlNbtGPVJGIXe.mentorquotes.htb" http://mentorquotes.htb:80/ -w "%{size_download}"
ffuf -u http://mentorquotes.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.mentorquotes.htb" -fs 311 -noninteractive -s | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_mentorquotes.htb_vhosts_subdomains-top1million-110000.txt"

15
HTB/mentor/results/scans/_errors.log Normal file
View File

@@ -0,0 +1,15 @@
[*] Service scan wkhtmltoimage (tcp/80/http/wkhtmltoimage) ran a command which returned a non-zero exit code (1).
[-] Command: wkhtmltoimage --format png http://mentor.htb:80/ /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_screenshot.png
[-] Error Output:
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
Loading page (1/2)
[> ] 0%
Error: Failed to load http://mentorquotes.htb/, with network status code 3 and http status code 0 - Host mentorquotes.htb not found
[============================================================] 100%
Error: Failed loading page http://mentor.htb:80/ (sometimes it will work just to ignore this error with --load-error-handling ignore)
Exit with code 1 due to network error: HostNotFoundError
[*] Service scan OneSixtyOne (udp/161/snmp/onesixtyone) ran a command which returned a non-zero exit code (1).
[-] Command: onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd mentor.htb 2>&1
[-] Error Output:

50
HTB/mentor/results/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,50 @@
# Nmap 7.93 scan initiated Tue Feb 7 17:12:24 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_full_tcp_nmap.xml mentor.htb
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.056s latency).
Scanned at 2023-02-07 17:12:24 CET for 35s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 c73bfc3cf9ceee8b4818d5d1af8ec2bb (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=
| 256 4440084c0ecbd4f18e7eeda85c68a4f7 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52
|_http-title: Did not follow redirect to http://mentorquotes.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.52 (Ubuntu)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (94%), Linux 5.3 - 5.4 (94%), Linux 2.6.32 (94%), Linux 5.0 - 5.3 (93%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Crestron XPanel control system (91%), Linux 5.4 (91%), Linux 3.1 - 3.2 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2788B%P=x86_64-pc-linux-gnu)
SEQ(SP=FE%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 30.285 days (since Sun Jan 8 10:22:03 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=254 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: mentorquotes.htb; OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 111/tcp)
HOP RTT ADDRESS
1 87.00 ms 10.10.16.1
2 87.07 ms mentor.htb (10.10.11.193)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:12:59 2023 -- 1 IP address (1 host up) scanned in 35.28 seconds

64
HTB/mentor/results/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,64 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://mentor.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h mentor.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://mentor.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://mentor.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h mentor.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://mentor.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h mentor.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://mentor.htb:80 2>&1 | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://mentor.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://mentor.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h mentor.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://mentor.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://mentor.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h mentor.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://mentor.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h mentor.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://mentor.htb:80 2>&1 | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://mentor.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_wpscan.txt"

4
HTB/mentor/results/scans/_patterns.log Normal file
View File

@@ -0,0 +1,4 @@
Identified HTTP Server: Apache/2.4.52 (Ubuntu)
Identified HTTP Server: Apache/2.4.52 (Ubuntu)

54
HTB/mentor/results/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,54 @@
# Nmap 7.93 scan initiated Tue Feb 7 17:12:24 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_quick_tcp_nmap.xml mentor.htb
adjust_timeouts2: packet supposedly had rtt of -379307 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -379307 microseconds. Ignoring time.
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.038s latency).
Scanned at 2023-02-07 17:12:24 CET for 28s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 c73bfc3cf9ceee8b4818d5d1af8ec2bb (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=
| 256 4440084c0ecbd4f18e7eeda85c68a4f7 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52
|_http-title: Did not follow redirect to http://mentorquotes.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.52 (Ubuntu)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (94%), Linux 5.3 - 5.4 (94%), Linux 2.6.32 (94%), Linux 5.0 - 5.3 (93%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 5.0 (91%), Crestron XPanel control system (91%), Linux 2.6.39 - 3.2 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E27884%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=N)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 30.285 days (since Sun Jan 8 10:22:02 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: mentorquotes.htb; OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 554/tcp)
HOP RTT ADDRESS
1 27.07 ms 10.10.16.1
2 50.43 ms mentor.htb (10.10.11.193)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:12:52 2023 -- 1 IP address (1 host up) scanned in 27.71 seconds

146
HTB/mentor/results/scans/_top_100_udp_nmap.txt Normal file
View File

@@ -0,0 +1,146 @@
# Nmap 7.93 scan initiated Tue Feb 7 17:12:24 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_top_100_udp_nmap.xml mentor.htb
Increasing send delay for 10.10.11.193 from 0 to 50 due to 11 out of 16 dropped probes since last increase.
Increasing send delay for 10.10.11.193 from 50 to 100 due to 11 out of 16 dropped probes since last increase.
adjust_timeouts2: packet supposedly had rtt of -288682 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -559589 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -559589 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -272388 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -272388 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -275261 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -275261 microseconds. Ignoring time.
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.029s latency).
Scanned at 2023-02-07 17:12:25 CET for 391s
PORT STATE SERVICE REASON VERSION
7/udp closed echo port-unreach ttl 63
9/udp open|filtered discard no-response
17/udp closed qotd port-unreach ttl 63
19/udp closed chargen port-unreach ttl 63
49/udp open|filtered tacacs no-response
53/udp open|filtered domain no-response
67/udp open|filtered dhcps no-response
68/udp open|filtered dhcpc no-response
69/udp closed tftp port-unreach ttl 63
80/udp open|filtered http no-response
88/udp open|filtered kerberos-sec no-response
111/udp open|filtered rpcbind no-response
120/udp closed cfdptkt port-unreach ttl 63
123/udp open|filtered ntp no-response
135/udp closed msrpc port-unreach ttl 63
136/udp open|filtered profile no-response
137/udp closed netbios-ns port-unreach ttl 63
138/udp closed netbios-dgm port-unreach ttl 63
139/udp closed netbios-ssn port-unreach ttl 63
158/udp open|filtered pcmail-srv no-response
161/udp open snmp udp-response ttl 63 SNMPv1 server; net-snmp SNMPv3 server (public)
| snmp-sysdescr: Linux mentor 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64
|_ System uptime: 5m59.23s (35923 timeticks)
| snmp-info:
| enterprise: net-snmp
| engineIDFormat: unknown
| engineIDData: a124f60a99b99c6200000000
| snmpEngineBoots: 67
|_ snmpEngineTime: 5m59s
162/udp open|filtered snmptrap no-response
177/udp open|filtered xdmcp no-response
427/udp open|filtered svrloc no-response
443/udp open|filtered https no-response
445/udp closed microsoft-ds port-unreach ttl 63
497/udp open|filtered retrospect no-response
500/udp closed isakmp port-unreach ttl 63
514/udp open|filtered syslog no-response
515/udp open|filtered printer no-response
518/udp closed ntalk port-unreach ttl 63
520/udp open|filtered route no-response
593/udp open|filtered http-rpc-epmap no-response
623/udp open|filtered asf-rmcp no-response
626/udp open|filtered serialnumberd no-response
631/udp open|filtered ipp no-response
996/udp open|filtered vsinet no-response
997/udp closed maitrd port-unreach ttl 63
998/udp open|filtered puparp no-response
999/udp open|filtered applix no-response
1022/udp open|filtered exp2 no-response
1023/udp open|filtered unknown no-response
1025/udp open|filtered blackjack no-response
1026/udp open|filtered win-rpc no-response
1027/udp closed unknown port-unreach ttl 63
1028/udp closed ms-lsa port-unreach ttl 63
1029/udp open|filtered solid-mux no-response
1030/udp open|filtered iad1 no-response
1433/udp closed ms-sql-s port-unreach ttl 63
1434/udp open|filtered ms-sql-m no-response
1645/udp open|filtered radius no-response
1646/udp open|filtered radacct no-response
1701/udp closed L2TP port-unreach ttl 63
1718/udp open|filtered h225gatedisc no-response
1719/udp open|filtered h323gatestat no-response
1812/udp open|filtered radius no-response
1813/udp open|filtered radacct no-response
1900/udp open|filtered upnp no-response
2000/udp closed cisco-sccp port-unreach ttl 63
2048/udp open|filtered dls-monitor no-response
2049/udp closed nfs port-unreach ttl 63
2222/udp closed msantipiracy port-unreach ttl 63
2223/udp closed rockwell-csp2 port-unreach ttl 63
3283/udp closed netassistant port-unreach ttl 63
3456/udp open|filtered IISrpc-or-vat no-response
3703/udp closed adobeserver-3 port-unreach ttl 63
4444/udp closed krb524 port-unreach ttl 63
4500/udp open|filtered nat-t-ike no-response
5000/udp closed upnp port-unreach ttl 63
5060/udp closed sip port-unreach ttl 63
5353/udp open|filtered zeroconf no-response
5632/udp open|filtered pcanywherestat no-response
9200/udp closed wap-wsp port-unreach ttl 63
10000/udp open|filtered ndmp no-response
17185/udp open|filtered wdbrpc no-response
20031/udp open|filtered bakbonenetvault no-response
30718/udp closed unknown port-unreach ttl 63
31337/udp open|filtered BackOrifice no-response
32768/udp closed omad port-unreach ttl 63
32769/udp open|filtered filenet-rpc no-response
32771/udp open|filtered sometimes-rpc6 no-response
32815/udp closed unknown port-unreach ttl 63
33281/udp open|filtered unknown no-response
49152/udp open|filtered unknown no-response
49153/udp open|filtered unknown no-response
49154/udp open|filtered unknown no-response
49156/udp open|filtered unknown no-response
49181/udp open|filtered unknown no-response
49182/udp open|filtered unknown no-response
49185/udp closed unknown port-unreach ttl 63
49186/udp open|filtered unknown no-response
49188/udp open|filtered unknown no-response
49190/udp closed unknown port-unreach ttl 63
49191/udp open|filtered unknown no-response
49192/udp closed unknown port-unreach ttl 63
49193/udp open|filtered unknown no-response
49194/udp open|filtered unknown no-response
49200/udp closed unknown port-unreach ttl 63
49201/udp open|filtered unknown no-response
65024/udp closed unknown port-unreach ttl 63
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: remote management|phone|general purpose|webcam|storage-misc
Running: Avocent embedded, Google Android 2.X, Linux 2.6.X, AXIS embedded, ZyXEL embedded
OS CPE: cpe:/o:google:android:2.2 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.17 cpe:/h:axis:210a_network_camera cpe:/h:axis:211_network_camera cpe:/h:zyxel:nsa-210
OS details: Avocent/Cyclades ACS 6000, Android 2.2 (Linux 2.6), Linux 2.6.14 - 2.6.34, Linux 2.6.17, Linux 2.6.17 (Mandriva), Linux 2.6.32, AXIS 210A or 211 Network Camera (Linux 2.6.17), ZyXEL NSA-210 NAS device
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=2/7%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E279F0%P=x86_
OS:64-pc-linux-gnu)SEQ(CI=Z)SEQ(CI=Z%II=I)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=A
OS:R%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=4
OS:0%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=
OS:G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
Service Info: Host: mentor
TRACEROUTE (using port 138/udp)
HOP RTT ADDRESS
1 24.51 ms 10.10.16.1
2 23.94 ms mentor.htb (10.10.11.193)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:18:56 2023 -- 1 IP address (1 host up) scanned in 392.24 seconds

60
HTB/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,60 @@
# Nmap 7.93 scan initiated Tue Feb 7 17:12:52 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml mentor.htb
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.034s latency).
Scanned at 2023-02-07 17:12:52 CET for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 c73bfc3cf9ceee8b4818d5d1af8ec2bb (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=
| 256 4440084c0ecbd4f18e7eeda85c68a4f7 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv
|_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| sntrup761x25519-sha512@openssh.com
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (4)
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:12:54 2023 -- 1 IP address (1 host up) scanned in 1.70 seconds

95
HTB/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,95 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 17:12:52 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml mentor.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/mentor/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/mentor/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml mentor.htb" start="1675786372" startstr="Tue Feb 7 17:12:52 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786372"/>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786372"/>
<taskbegin task="SYN Stealth Scan" time="1675786372"/>
<taskend task="SYN Stealth Scan" time="1675786372" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675786372"/>
<taskend task="Service scan" time="1675786372" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786374"/>
<taskbegin task="NSE" time="1675786374"/>
<taskend task="NSE" time="1675786374"/>
<host starttime="1675786372" endtime="1675786374"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.193" addrtype="ipv4"/>
<hostnames>
<hostname name="mentor.htb" type="user"/>
<hostname name="mentor.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 c73bfc3cf9ceee8b4818d5d1af8ec2bb (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=&#xa; 256 4440084c0ecbd4f18e7eeda85c68a4f7 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv"><table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=</elem>
<elem key="fingerprint">c73bfc3cf9ceee8b4818d5d1af8ec2bb</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv</elem>
<elem key="fingerprint">4440084c0ecbd4f18e7eeda85c68a4f7</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
</table>
</script><script id="banner" output="SSH-2.0-OpenSSH_8.9p1 Ubuntu-3"/><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (10)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; sntrup761x25519-sha512@openssh.com&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (4)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>sntrup761x25519-sha512@openssh.com</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script></port>
</ports>
<times srtt="34247" rttvar="34247" to="171235"/>
</host>
<taskbegin task="NSE" time="1675786374"/>
<taskend task="NSE" time="1675786374"/>
<taskbegin task="NSE" time="1675786374"/>
<taskend task="NSE" time="1675786374"/>
<runstats><finished time="1675786374" timestr="Tue Feb 7 17:12:54 2023" summary="Nmap done at Tue Feb 7 17:12:54 2023; 1 IP address (1 host up) scanned in 1.70 seconds" elapsed="1.70" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

16
HTB/mentor/results/scans/tcp80/tcp_80_http_curl-robots.txt Normal file
View File

@@ -0,0 +1,16 @@
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 16:12:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: http://mentorquotes.htb/
Content-Length: 284
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://mentorquotes.htb/">here</a>.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at mentor.htb Port 80</address>
</body></html>

17
HTB/mentor/results/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,17 @@
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 16:12:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: http://mentorquotes.htb/
Content-Length: 284
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://mentorquotes.htb/">here</a>.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at mentor.htb Port 80</address>
</body></html>

4
HTB/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt Normal file
View File

@@ -0,0 +1,4 @@
WLD GET 9l 26w 284c Got 302 for http://mentor.htb/00c755e63ad64560b48b10265e062587 (url length: 32)
WLD - - - http://mentor.htb/00c755e63ad64560b48b10265e062587 => http://mentorquotes.htb/
WLD GET 9l 26w 284c Got 302 for http://mentor.htb/6e22794eff354e3bb2d3eaf96e7816a3aab410720213421091e219809755dcc23a26646b56b448f99820dc1b8d0582c1 (url length: 96)
WLD - - - http://mentor.htb/6e22794eff354e3bb2d3eaf96e7816a3aab410720213421091e219809755dcc23a26646b56b448f99820dc1b8d0582c1 => http://mentorquotes.htb/

16
HTB/mentor/results/scans/tcp80/tcp_80_http_known-security.txt Normal file
View File

@@ -0,0 +1,16 @@
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 16:12:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: http://mentorquotes.htb/
Content-Length: 284
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://mentorquotes.htb/">here</a>.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at mentor.htb Port 80</address>
</body></html>

113014
HTB/mentor/results/scans/tcp80/tcp_80_http_mentor.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

File diff suppressed because it is too large Load Diff

113013
HTB/mentor/results/scans/tcp80/tcp_80_http_mentorquotes.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

File diff suppressed because it is too large Load Diff

74
HTB/mentor/results/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,74 @@
# Nmap 7.93 scan initiated Tue Feb 7 17:12:52 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml mentor.htb
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.065s latency).
Scanned at 2023-02-07 17:12:52 CET for 18s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52
|_http-chrono: Request times for /; avg: 164.16ms; min: 153.80ms; max: 181.69ms
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
| http-sitemap-generator:
| Directory structure:
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_
| http-headers:
| Date: Tue, 07 Feb 2023 16:13:04 GMT
| Server: Apache/2.4.52 (Ubuntu)
| Location: http://mentorquotes.htb/
| Content-Length: 284
| Connection: close
| Content-Type: text/html; charset=iso-8859-1
|
|_ (Request type: GET)
| http-vhosts:
|_128 names had status 302
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-errors: Couldn't find any error pages.
| http-useragent-tester:
| Status for browser useragent: 200
| Redirected To: http://mentorquotes.htb/
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-feed: Couldn't find any feeds.
|_http-comments-displayer: Couldn't find any comments.
|_http-mobileversion-checker: No mobile version detected.
|_http-date: Tue, 07 Feb 2023 16:13:01 GMT; 0s from local time.
|_http-server-header: Apache/2.4.52 (Ubuntu)
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-title: Did not follow redirect to http://mentorquotes.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
Service Info: Host: mentorquotes.htb
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:13:10 2023 -- 1 IP address (1 host up) scanned in 17.76 seconds

BIN
HTB/mentor/results/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 MiB

88
HTB/mentor/results/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,88 @@
WhatWeb report for http://mentor.htb:80
Status : 302 Found
Title : 302 Found
IP : 10.10.11.193
Country : RESERVED, ZZ
Summary : Apache[2.4.52], HTTPServer[Ubuntu Linux][Apache/2.4.52 (Ubuntu)], RedirectLocation[http://mentorquotes.htb/]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.52 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : Apache/2.4.52 (Ubuntu) (from server string)
[ RedirectLocation ]
HTTP Server string location. used with http-status 301 and
302
String : http://mentorquotes.htb/ (from location)
HTTP Headers:
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 16:12:53 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: http://mentorquotes.htb/
Content-Length: 284
Connection: close
Content-Type: text/html; charset=iso-8859-1
WhatWeb report for http://mentorquotes.htb/
Status : 200 OK
Title : MentorQuotes
IP : 10.10.11.193
Country : RESERVED, ZZ
Summary : HTML5, HTTPServer[Werkzeug/2.0.3 Python/3.6.9], Python[3.6.9], Werkzeug[2.0.3]
Detected Plugins:
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
String : Werkzeug/2.0.3 Python/3.6.9 (from server string)
[ Python ]
Python is a programming language that lets you work more
quickly and integrate your systems more effectively. You
can learn to use Python and see almost immediate gains in
productivity and lower maintenance costs.
Version : 3.6.9
Website : http://www.python.org/
[ Werkzeug ]
Werkzeug is a WSGI utility library for Python.
Version : 2.0.3
Website : http://werkzeug.pocoo.org/
HTTP Headers:
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 16:12:56 GMT
Server: Werkzeug/2.0.3 Python/3.6.9
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2029
Connection: close

75
HTB/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 17:12:52 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml mentor.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/mentor/results/scans/tcp80/xml/tcp_80_http_nmap.xml mentor.htb" start="1675786372" startstr="Tue Feb 7 17:12:52 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786372"/>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786372"/>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786372"/>
<taskbegin task="SYN Stealth Scan" time="1675786372"/>
<taskend task="SYN Stealth Scan" time="1675786372" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675786372"/>
<taskend task="Service scan" time="1675786379" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675786379"/>
<taskend task="NSE" time="1675786390"/>
<taskbegin task="NSE" time="1675786390"/>
<taskend task="NSE" time="1675786390"/>
<taskbegin task="NSE" time="1675786390"/>
<taskend task="NSE" time="1675786390"/>
<host starttime="1675786372" endtime="1675786390"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.193" addrtype="ipv4"/>
<hostnames>
<hostname name="mentor.htb" type="user"/>
<hostname name="mentor.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="Apache httpd" version="2.4.52" hostname="mentorquotes.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.52</cpe></service><script id="http-chrono" output="Request times for /; avg: 164.16ms; min: 153.80ms; max: 181.69ms"/><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-sitemap-generator" output="&#xa; Directory structure:&#xa; Longest directory structure:&#xa; Depth: 0&#xa; Dir: /&#xa; Total files found (by extension):&#xa; &#xa;"/><script id="http-headers" output="&#xa; Date: Tue, 07 Feb 2023 16:13:04 GMT&#xa; Server: Apache/2.4.52 (Ubuntu)&#xa; Location: http://mentorquotes.htb/&#xa; Content-Length: 284&#xa; Connection: close&#xa; Content-Type: text/html; charset=iso-8859-1&#xa; &#xa; (Request type: GET)&#xa;"/><script id="http-vhosts" output="&#xa;128 names had status 302"/><script id="http-security-headers" output=""></script><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-useragent-tester" output="&#xa; Status for browser useragent: 200&#xa; Redirected To: http://mentorquotes.htb/&#xa; Allowed User Agents: &#xa; Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa; libwww&#xa; lwp-trivial&#xa; libcurl-agent/1.0&#xa; PHP/&#xa; Python-urllib/2.5&#xa; GT::WWW&#xa; Snoopy&#xa; MFC_Tear_Sample&#xa; HTTP::Lite&#xa; PHPCrawl&#xa; URI::Fetch&#xa; Zend_Http_Client&#xa; http client&#xa; PECL::HTTP&#xa; Wget/1.13.4 (linux-gnu)&#xa; WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
<elem key="Redirected To">http://mentorquotes.htb/</elem>
<table key="Allowed User Agents">
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
<elem>libwww</elem>
<elem>lwp-trivial</elem>
<elem>libcurl-agent/1.0</elem>
<elem>PHP/</elem>
<elem>Python-urllib/2.5</elem>
<elem>GT::WWW</elem>
<elem>Snoopy</elem>
<elem>MFC_Tear_Sample</elem>
<elem>HTTP::Lite</elem>
<elem>PHPCrawl</elem>
<elem>URI::Fetch</elem>
<elem>Zend_Http_Client</elem>
<elem>http client</elem>
<elem>PECL::HTTP</elem>
<elem>Wget/1.13.4 (linux-gnu)</elem>
<elem>WWW-Mechanize/1.34</elem>
</table>
</script><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-comments-displayer" output="Couldn&apos;t find any comments."/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-date" output="Tue, 07 Feb 2023 16:13:01 GMT; 0s from local time."><elem key="date">2023-02-07T16:13:01+00:00</elem>
<elem key="delta">0.0</elem>
</script><script id="http-server-header" output="Apache/2.4.52 (Ubuntu)"><elem>Apache/2.4.52 (Ubuntu)</elem>
</script><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-title" output="Did not follow redirect to http://mentorquotes.htb/"><elem key="redirect_url">http://mentorquotes.htb/</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script></port>
</ports>
<times srtt="64528" rttvar="64528" to="322640"/>
</host>
<taskbegin task="NSE" time="1675786390"/>
<taskend task="NSE" time="1675786390"/>
<taskbegin task="NSE" time="1675786390"/>
<taskend task="NSE" time="1675786390"/>
<taskbegin task="NSE" time="1675786390"/>
<taskend task="NSE" time="1675786390"/>
<runstats><finished time="1675786390" timestr="Tue Feb 7 17:13:10 2023" summary="Nmap done at Tue Feb 7 17:13:10 2023; 1 IP address (1 host up) scanned in 17.76 seconds" elapsed="17.76" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

20
HTB/mentor/results/scans/udp161/udp_161_snmp-nmap.txt Normal file
View File

@@ -0,0 +1,20 @@
# Nmap 7.93 scan initiated Tue Feb 7 17:18:56 2023 as: nmap -vv --reason -Pn -T4 -sU -sV -p 161 "--script=banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/kali/htb/mentor/results/scans/udp161/udp_161_snmp-nmap.txt -oX /home/kali/htb/mentor/results/scans/udp161/xml/udp_161_snmp_nmap.xml mentor.htb
Nmap scan report for mentor.htb (10.10.11.193)
Host is up, received user-set (0.042s latency).
Scanned at 2023-02-07 17:18:57 CET for 15s
PORT STATE SERVICE REASON VERSION
161/udp open snmp udp-response ttl 63 SNMPv1 server; net-snmp SNMPv3 server (public)
| snmp-info:
| enterprise: net-snmp
| engineIDFormat: unknown
| engineIDData: a124f60a99b99c6200000000
| snmpEngineBoots: 67
|_ snmpEngineTime: 8m27s
| snmp-sysdescr: Linux mentor 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64
|_ System uptime: 8m27.56s (50756 timeticks)
Service Info: Host: mentor
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 17:19:12 2023 -- 1 IP address (1 host up) scanned in 15.19 seconds

3
HTB/mentor/results/scans/udp161/udp_161_snmp_onesixtyone.txt Normal file
View File

@@ -0,0 +1,3 @@
Debug level 2
Malformed IP address: mentor.htb

49
HTB/mentor/results/scans/udp161/udp_161_snmp_snmpwalk.txt Normal file
View File

@@ -0,0 +1,49 @@
Created directory: /var/lib/snmp/cert_indexes
iso.3.6.1.2.1.1.1.0 = STRING: "Linux mentor 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (50699) 0:08:26.99
iso.3.6.1.2.1.1.4.0 = STRING: "Me <admin@mentorquotes.htb>"
iso.3.6.1.2.1.1.5.0 = STRING: "mentor"
iso.3.6.1.2.1.1.6.0 = STRING: "Sitting on the Dock of the Bay"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72
iso.3.6.1.2.1.1.8.0 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.10.3.1.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.11.3.1.1
iso.3.6.1.2.1.1.9.1.2.3 = OID: iso.3.6.1.6.3.15.2.1.1
iso.3.6.1.2.1.1.9.1.2.4 = OID: iso.3.6.1.6.3.1
iso.3.6.1.2.1.1.9.1.2.5 = OID: iso.3.6.1.6.3.16.2.2.1
iso.3.6.1.2.1.1.9.1.2.6 = OID: iso.3.6.1.2.1.49
iso.3.6.1.2.1.1.9.1.2.7 = OID: iso.3.6.1.2.1.50
iso.3.6.1.2.1.1.9.1.2.8 = OID: iso.3.6.1.2.1.4
iso.3.6.1.2.1.1.9.1.2.9 = OID: iso.3.6.1.6.3.13.3.1.3
iso.3.6.1.2.1.1.9.1.2.10 = OID: iso.3.6.1.2.1.92
iso.3.6.1.2.1.1.9.1.3.1 = STRING: "The SNMP Management Architecture MIB."
iso.3.6.1.2.1.1.9.1.3.2 = STRING: "The MIB for Message Processing and Dispatching."
iso.3.6.1.2.1.1.9.1.3.3 = STRING: "The management information definitions for the SNMP User-based Security Model."
iso.3.6.1.2.1.1.9.1.3.4 = STRING: "The MIB module for SNMPv2 entities"
iso.3.6.1.2.1.1.9.1.3.5 = STRING: "View-based Access Control Model for SNMP."
iso.3.6.1.2.1.1.9.1.3.6 = STRING: "The MIB module for managing TCP implementations"
iso.3.6.1.2.1.1.9.1.3.7 = STRING: "The MIB module for managing UDP implementations"
iso.3.6.1.2.1.1.9.1.3.8 = STRING: "The MIB module for managing IP and ICMP implementations"
iso.3.6.1.2.1.1.9.1.3.9 = STRING: "The MIB modules for managing SNMP Notification, plus filtering."
iso.3.6.1.2.1.1.9.1.3.10 = STRING: "The MIB module for logging SNMP Notifications."
iso.3.6.1.2.1.1.9.1.4.1 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.2 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.3 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.4 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.5 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.6 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.7 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.8 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.9 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.1.9.1.4.10 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.25.1.1.0 = Timeticks: (52639) 0:08:46.39
iso.3.6.1.2.1.25.1.2.0 = Hex-STRING: 07 E7 02 07 10 12 3A 00 2B 00 00
iso.3.6.1.2.1.25.1.3.0 = INTEGER: 393216
iso.3.6.1.2.1.25.1.4.0 = STRING: "BOOT_IMAGE=/vmlinuz-5.15.0-56-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro net.ifnames=0 biosdevname=0
"
iso.3.6.1.2.1.25.1.5.0 = Gauge32: 0
iso.3.6.1.2.1.25.1.6.0 = Gauge32: 235
iso.3.6.1.2.1.25.1.7.0 = INTEGER: 0
End of MIB

2
HTB/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_process_paths.txt Normal file
View File

@@ -0,0 +1,2 @@
End of MIB

2
HTB/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_running_processes.txt Normal file
View File

@@ -0,0 +1,2 @@
End of MIB

2
HTB/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_software_names.txt Normal file
View File

@@ -0,0 +1,2 @@
End of MIB

2
HTB/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_storage_units.txt Normal file
View File

@@ -0,0 +1,2 @@
End of MIB

2
HTB/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_system_processes.txt Normal file
View File

@@ -0,0 +1,2 @@
iso.3.6.1.2.1.25.1.6.0 = Gauge32: 235

1
HTB/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_tcp_ports.txt Normal file
View File

@@ -0,0 +1 @@

2
HTB/mentor/results/scans/udp161/udp_161_snmp_snmpwalk_user_accounts.txt Normal file
View File

@@ -0,0 +1,2 @@
End of MIB

48
HTB/mentor/results/scans/udp161/xml/udp_161_snmp_nmap.xml Normal file
View File

@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 17:18:56 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -sV -p 161 &quot;-&#45;script=banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/kali/htb/mentor/results/scans/udp161/udp_161_snmp-nmap.txt -oX /home/kali/htb/mentor/results/scans/udp161/xml/udp_161_snmp_nmap.xml mentor.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -sV -p 161 &quot;-&#45;script=banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/kali/htb/mentor/results/scans/udp161/udp_161_snmp-nmap.txt -oX /home/kali/htb/mentor/results/scans/udp161/xml/udp_161_snmp_nmap.xml mentor.htb" start="1675786736" startstr="Tue Feb 7 17:18:56 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="udp" protocol="udp" numservices="1" services="161"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675786737"/>
<taskend task="NSE" time="1675786737"/>
<taskbegin task="NSE" time="1675786737"/>
<taskend task="NSE" time="1675786737"/>
<taskbegin task="NSE" time="1675786737"/>
<taskend task="NSE" time="1675786737"/>
<taskbegin task="UDP Scan" time="1675786737"/>
<taskend task="UDP Scan" time="1675786737" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675786737"/>
<taskend task="Service scan" time="1675786737" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675786737"/>
<taskend task="NSE" time="1675786752"/>
<taskbegin task="NSE" time="1675786752"/>
<taskend task="NSE" time="1675786752"/>
<taskbegin task="NSE" time="1675786752"/>
<taskend task="NSE" time="1675786752"/>
<host starttime="1675786737" endtime="1675786752"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.193" addrtype="ipv4"/>
<hostnames>
<hostname name="mentor.htb" type="user"/>
<hostname name="mentor.htb" type="PTR"/>
</hostnames>
<ports><port protocol="udp" portid="161"><state state="open" reason="udp-response" reason_ttl="63"/><service name="snmp" product="SNMPv1 server; net-snmp SNMPv3 server" extrainfo="public" hostname="mentor" method="probed" conf="10"/><script id="snmp-info" output="&#xa; enterprise: net-snmp&#xa; engineIDFormat: unknown&#xa; engineIDData: a124f60a99b99c6200000000&#xa; snmpEngineBoots: 67&#xa; snmpEngineTime: 8m27s"><elem key="enterprise">net-snmp</elem>
<elem key="engineIDFormat">unknown</elem>
<elem key="engineIDData">a124f60a99b99c6200000000</elem>
<elem key="snmpEngineBoots">67</elem>
<elem key="snmpEngineTime">8m27s</elem>
</script><script id="snmp-sysdescr" output="Linux mentor 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64&#xa; System uptime: 8m27.56s (50756 timeticks)"/></port>
</ports>
<times srtt="41712" rttvar="41712" to="208560"/>
</host>
<taskbegin task="NSE" time="1675786752"/>
<taskend task="NSE" time="1675786752"/>
<taskbegin task="NSE" time="1675786752"/>
<taskend task="NSE" time="1675786752"/>
<taskbegin task="NSE" time="1675786752"/>
<taskend task="NSE" time="1675786752"/>
<runstats><finished time="1675786752" timestr="Tue Feb 7 17:19:12 2023" summary="Nmap done at Tue Feb 7 17:19:12 2023; 1 IP address (1 host up) scanned in 15.19 seconds" elapsed="15.19" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

116
HTB/mentor/results/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,116 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 17:12:24 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_full_tcp_nmap.xml mentor.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/mentor/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_full_tcp_nmap.xml mentor.htb" start="1675786344" startstr="Tue Feb 7 17:12:24 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675786344"/>
<taskend task="NSE" time="1675786344"/>
<taskbegin task="NSE" time="1675786344"/>
<taskend task="NSE" time="1675786344"/>
<taskbegin task="NSE" time="1675786344"/>
<taskend task="NSE" time="1675786344"/>
<taskbegin task="SYN Stealth Scan" time="1675786344"/>
<taskend task="SYN Stealth Scan" time="1675786353" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1675786353"/>
<taskend task="Service scan" time="1675786359" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1675786363"/>
<taskend task="Traceroute" time="1675786363"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675786363"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675786374"/>
<taskbegin task="NSE" time="1675786374"/>
<taskend task="NSE" time="1675786379"/>
<taskbegin task="NSE" time="1675786379"/>
<taskend task="NSE" time="1675786379"/>
<taskbegin task="NSE" time="1675786379"/>
<taskend task="NSE" time="1675786379"/>
<host starttime="1675786344" endtime="1675786379"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.193" addrtype="ipv4"/>
<hostnames>
<hostname name="mentor.htb" type="user"/>
<hostname name="mentor.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65533">
<extrareasons reason="reset" count="65533" proto="tcp" ports="1-21,23-79,81-65535"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 c73bfc3cf9ceee8b4818d5d1af8ec2bb (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=&#xa; 256 4440084c0ecbd4f18e7eeda85c68a4f7 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv"><table>
<elem key="fingerprint">c73bfc3cf9ceee8b4818d5d1af8ec2bb</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=</elem>
<elem key="bits">256</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
</table>
<table>
<elem key="fingerprint">4440084c0ecbd4f18e7eeda85c68a4f7</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv</elem>
<elem key="bits">256</elem>
<elem key="type">ssh-ed25519</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="Apache httpd" version="2.4.52" hostname="mentorquotes.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.52</cpe></service><script id="http-title" output="Did not follow redirect to http://mentorquotes.htb/"><elem key="redirect_url">http://mentorquotes.htb/</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-server-header" output="Apache/2.4.52 (Ubuntu)"><elem>Apache/2.4.52 (Ubuntu)</elem>
</script></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<osmatch name="Linux 4.15 - 5.6" accuracy="94" line="67238">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.3 - 5.4" accuracy="94" line="68140">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="94" line="55653">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.3" accuracy="93" line="68082">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1" accuracy="93" line="62917">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.1</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.2" accuracy="93" line="64664">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.2</cpe></osclass>
</osmatch>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="92" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="92"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="Crestron XPanel control system" accuracy="91" line="19543">
<osclass type="specialized" vendor="Crestron" osfamily="2-Series" accuracy="91"><cpe>cpe:/o:crestron:2_series</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.4" accuracy="91" line="68194">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:5.4</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1 - 3.2" accuracy="90" line="62937">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:3</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2788B%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=FE%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)&#xa;OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=40%CD=S)&#xa;"/>
</os>
<uptime seconds="2616656" lastboot="Sun Jan 8 10:22:03 2023"/>
<distance value="2"/>
<tcpsequence index="254" difficulty="Good luck!" values="3F47337F,61DF16F3,A19C10D9,4C817537,2B071090,F03FE966"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="9BF6C1C0,9BF6C223,9BF6C289,9BF6C2ED,9BF6C351,9BF6C3B6"/>
<trace port="111" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="87.00"/>
<hop ttl="2" ipaddr="10.10.11.193" rtt="87.07" host="mentor.htb"/>
</trace>
<times srtt="55824" rttvar="34662" to="194472"/>
</host>
<taskbegin task="NSE" time="1675786379"/>
<taskend task="NSE" time="1675786379"/>
<taskbegin task="NSE" time="1675786379"/>
<taskend task="NSE" time="1675786379"/>
<taskbegin task="NSE" time="1675786379"/>
<taskend task="NSE" time="1675786379"/>
<runstats><finished time="1675786379" timestr="Tue Feb 7 17:12:59 2023" summary="Nmap done at Tue Feb 7 17:12:59 2023; 1 IP address (1 host up) scanned in 35.28 seconds" elapsed="35.28" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

117
HTB/mentor/results/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,117 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 17:12:24 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_quick_tcp_nmap.xml mentor.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/mentor/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_quick_tcp_nmap.xml mentor.htb" start="1675786344" startstr="Tue Feb 7 17:12:24 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675786344"/>
<taskend task="NSE" time="1675786344"/>
<taskbegin task="NSE" time="1675786344"/>
<taskend task="NSE" time="1675786344"/>
<taskbegin task="NSE" time="1675786344"/>
<taskend task="NSE" time="1675786344"/>
<taskbegin task="SYN Stealth Scan" time="1675786344"/>
<taskend task="SYN Stealth Scan" time="1675786345" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1675786345"/>
<taskend task="Service scan" time="1675786351" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1675786355"/>
<taskend task="Traceroute" time="1675786355"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675786355"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675786366"/>
<taskbegin task="NSE" time="1675786366"/>
<taskend task="NSE" time="1675786371"/>
<taskbegin task="NSE" time="1675786371"/>
<taskend task="NSE" time="1675786372"/>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786372"/>
<host starttime="1675786344" endtime="1675786372"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.193" addrtype="ipv4"/>
<hostnames>
<hostname name="mentor.htb" type="user"/>
<hostname name="mentor.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="998">
<extrareasons reason="reset" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 c73bfc3cf9ceee8b4818d5d1af8ec2bb (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=&#xa; 256 4440084c0ecbd4f18e7eeda85c68a4f7 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv"><table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO6yWCATcj2UeU/SgSa+wK2fP5ixsrHb6pgufdO378n+BLNiDB6ljwm3U3PPdbdQqGZo1K7Tfsz+ejZj1nV80RY=</elem>
<elem key="fingerprint">c73bfc3cf9ceee8b4818d5d1af8ec2bb</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJjv9f3Jbxj42smHEXcChFPMNh1bqlAFHLi4Nr7w9fdv</elem>
<elem key="fingerprint">4440084c0ecbd4f18e7eeda85c68a4f7</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="Apache httpd" version="2.4.52" hostname="mentorquotes.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.52</cpe></service><script id="http-title" output="Did not follow redirect to http://mentorquotes.htb/"><elem key="redirect_url">http://mentorquotes.htb/</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-server-header" output="Apache/2.4.52 (Ubuntu)"><elem>Apache/2.4.52 (Ubuntu)</elem>
</script></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<osmatch name="Linux 4.15 - 5.6" accuracy="94" line="67238">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.3 - 5.4" accuracy="94" line="68140">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="94" line="55653">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.3" accuracy="93" line="68082">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1" accuracy="93" line="62917">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.1</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.2" accuracy="93" line="64664">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.2</cpe></osclass>
</osmatch>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="92" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="92"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0" accuracy="91" line="68042">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:5.0</cpe></osclass>
</osmatch>
<osmatch name="Crestron XPanel control system" accuracy="91" line="19543">
<osclass type="specialized" vendor="Crestron" osfamily="2-Series" accuracy="91"><cpe>cpe:/o:crestron:2_series</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.39 - 3.2" accuracy="90" line="58264">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:2.6</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:3</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E27884%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=107%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A)&#xa;OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=N)&#xa;T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=N)&#xa;T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=40%CD=S)&#xa;"/>
</os>
<uptime seconds="2616650" lastboot="Sun Jan 8 10:22:02 2023"/>
<distance value="2"/>
<tcpsequence index="263" difficulty="Good luck!" values="68D66834,40FFA2CA,E00CB310,AED064A1,27D0D915,2D7F7905"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="9BF6A37F,9BF6A3ED,9BF6A452,9BF6A4B5,9BF6A51B,9BF6A582"/>
<trace port="554" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="27.07"/>
<hop ttl="2" ipaddr="10.10.11.193" rtt="50.43" host="mentor.htb"/>
</trace>
<times srtt="37601" rttvar="13807" to="100000"/>
</host>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786372"/>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786372"/>
<taskbegin task="NSE" time="1675786372"/>
<taskend task="NSE" time="1675786372"/>
<runstats><finished time="1675786372" timestr="Tue Feb 7 17:12:52 2023" summary="Nmap done at Tue Feb 7 17:12:52 2023; 1 IP address (1 host up) scanned in 27.71 seconds" elapsed="27.71" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

193
HTB/mentor/results/scans/xml/_top_100_udp_nmap.xml Normal file
View File

@@ -0,0 +1,193 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 17:12:24 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_top_100_udp_nmap.xml mentor.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/mentor/results/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/mentor/results/scans/xml/_top_100_udp_nmap.xml mentor.htb" start="1675786344" startstr="Tue Feb 7 17:12:24 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="udp" protocol="udp" numservices="100" services="7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675786344"/>
<taskend task="NSE" time="1675786344"/>
<taskbegin task="NSE" time="1675786344"/>
<taskend task="NSE" time="1675786344"/>
<taskbegin task="NSE" time="1675786344"/>
<taskend task="NSE" time="1675786344"/>
<taskbegin task="UDP Scan" time="1675786344"/>
<taskend task="UDP Scan" time="1675786375" extrainfo="100 total ports"/>
<taskbegin task="Service scan" time="1675786375"/>
<taskprogress task="Service scan" time="1675786441" percent="3.08" remaining="2080" etc="1675788520"/>
<taskprogress task="Service scan" time="1675786473" percent="47.69" remaining="108" etc="1675786580"/>
<taskprogress task="Service scan" time="1675786523" percent="53.85" remaining="127" etc="1675786650"/>
<taskprogress task="Service scan" time="1675786556" percent="76.92" remaining="55" etc="1675786610"/>
<taskend task="Service scan" time="1675786571" extrainfo="65 services on 1 host"/>
<taskbegin task="Traceroute" time="1675786573"/>
<taskend task="Traceroute" time="1675786575"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675786575"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675786586"/>
<taskbegin task="NSE" time="1675786586"/>
<taskprogress task="NSE" time="1675786617" percent="98.75" remaining="1" etc="1675786617"/>
<taskprogress task="NSE" time="1675786647" percent="99.14" remaining="1" etc="1675786648"/>
<taskprogress task="NSE" time="1675786677" percent="99.48" remaining="1" etc="1675786677"/>
<taskprogress task="NSE" time="1675786707" percent="99.76" remaining="1" etc="1675786707"/>
<taskend task="NSE" time="1675786732"/>
<taskbegin task="NSE" time="1675786732"/>
<taskend task="NSE" time="1675786736"/>
<taskbegin task="NSE" time="1675786736"/>
<taskend task="NSE" time="1675786736"/>
<host starttime="1675786345" endtime="1675786736"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.193" addrtype="ipv4"/>
<hostnames>
<hostname name="mentor.htb" type="user"/>
<hostname name="mentor.htb" type="PTR"/>
</hostnames>
<ports><port protocol="udp" portid="7"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="echo" method="table" conf="3"/></port>
<port protocol="udp" portid="9"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="discard" method="table" conf="3"/></port>
<port protocol="udp" portid="17"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="qotd" method="table" conf="3"/></port>
<port protocol="udp" portid="19"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="chargen" method="table" conf="3"/></port>
<port protocol="udp" portid="49"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="tacacs" method="table" conf="3"/></port>
<port protocol="udp" portid="53"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
<port protocol="udp" portid="67"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="dhcps" method="table" conf="3"/></port>
<port protocol="udp" portid="68"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="dhcpc" method="table" conf="3"/></port>
<port protocol="udp" portid="69"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="tftp" method="table" conf="3"/></port>
<port protocol="udp" portid="80"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
<port protocol="udp" portid="88"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="kerberos-sec" method="table" conf="3"/></port>
<port protocol="udp" portid="111"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
<port protocol="udp" portid="120"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="cfdptkt" method="table" conf="3"/></port>
<port protocol="udp" portid="123"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="ntp" method="table" conf="3"/></port>
<port protocol="udp" portid="135"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="msrpc" method="table" conf="3"/></port>
<port protocol="udp" portid="136"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="profile" method="table" conf="3"/></port>
<port protocol="udp" portid="137"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="netbios-ns" method="table" conf="3"/></port>
<port protocol="udp" portid="138"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="netbios-dgm" method="table" conf="3"/></port>
<port protocol="udp" portid="139"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="netbios-ssn" method="table" conf="3"/></port>
<port protocol="udp" portid="158"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="pcmail-srv" method="table" conf="3"/></port>
<port protocol="udp" portid="161"><state state="open" reason="udp-response" reason_ttl="63"/><service name="snmp" product="SNMPv1 server; net-snmp SNMPv3 server" extrainfo="public" hostname="mentor" method="probed" conf="10"/><script id="snmp-sysdescr" output="Linux mentor 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64&#xa; System uptime: 5m59.23s (35923 timeticks)"/><script id="snmp-info" output="&#xa; enterprise: net-snmp&#xa; engineIDFormat: unknown&#xa; engineIDData: a124f60a99b99c6200000000&#xa; snmpEngineBoots: 67&#xa; snmpEngineTime: 5m59s"><elem key="enterprise">net-snmp</elem>
<elem key="engineIDFormat">unknown</elem>
<elem key="engineIDData">a124f60a99b99c6200000000</elem>
<elem key="snmpEngineBoots">67</elem>
<elem key="snmpEngineTime">5m59s</elem>
</script></port>
<port protocol="udp" portid="162"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="snmptrap" method="table" conf="3"/></port>
<port protocol="udp" portid="177"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="xdmcp" method="table" conf="3"/></port>
<port protocol="udp" portid="427"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="svrloc" method="table" conf="3"/></port>
<port protocol="udp" portid="443"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
<port protocol="udp" portid="445"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="microsoft-ds" method="table" conf="3"/></port>
<port protocol="udp" portid="497"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="retrospect" method="table" conf="3"/></port>
<port protocol="udp" portid="500"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="isakmp" method="table" conf="3"/></port>
<port protocol="udp" portid="514"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="syslog" method="table" conf="3"/></port>
<port protocol="udp" portid="515"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="printer" method="table" conf="3"/></port>
<port protocol="udp" portid="518"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="ntalk" method="table" conf="3"/></port>
<port protocol="udp" portid="520"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="route" method="table" conf="3"/></port>
<port protocol="udp" portid="593"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
<port protocol="udp" portid="623"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="asf-rmcp" method="table" conf="3"/></port>
<port protocol="udp" portid="626"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="serialnumberd" method="table" conf="3"/></port>
<port protocol="udp" portid="631"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="ipp" method="table" conf="3"/></port>
<port protocol="udp" portid="996"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="vsinet" method="table" conf="3"/></port>
<port protocol="udp" portid="997"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="maitrd" method="table" conf="3"/></port>
<port protocol="udp" portid="998"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="puparp" method="table" conf="3"/></port>
<port protocol="udp" portid="999"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="applix" method="table" conf="3"/></port>
<port protocol="udp" portid="1022"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="exp2" method="table" conf="3"/></port>
<port protocol="udp" portid="1023"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="1025"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="blackjack" method="table" conf="3"/></port>
<port protocol="udp" portid="1026"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="win-rpc" method="table" conf="3"/></port>
<port protocol="udp" portid="1027"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="1028"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="ms-lsa" method="table" conf="3"/></port>
<port protocol="udp" portid="1029"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="solid-mux" method="table" conf="3"/></port>
<port protocol="udp" portid="1030"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="iad1" method="table" conf="3"/></port>
<port protocol="udp" portid="1433"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="ms-sql-s" method="table" conf="3"/></port>
<port protocol="udp" portid="1434"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
<port protocol="udp" portid="1645"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="radius" method="table" conf="3"/></port>
<port protocol="udp" portid="1646"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="radacct" method="table" conf="3"/></port>
<port protocol="udp" portid="1701"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="L2TP" method="table" conf="3"/></port>
<port protocol="udp" portid="1718"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="h225gatedisc" method="table" conf="3"/></port>
<port protocol="udp" portid="1719"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="h323gatestat" method="table" conf="3"/></port>
<port protocol="udp" portid="1812"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="radius" method="table" conf="3"/></port>
<port protocol="udp" portid="1813"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="radacct" method="table" conf="3"/></port>
<port protocol="udp" portid="1900"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
<port protocol="udp" portid="2000"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="cisco-sccp" method="table" conf="3"/></port>
<port protocol="udp" portid="2048"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="dls-monitor" method="table" conf="3"/></port>
<port protocol="udp" portid="2049"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="nfs" method="table" conf="3"/></port>
<port protocol="udp" portid="2222"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="msantipiracy" method="table" conf="3"/></port>
<port protocol="udp" portid="2223"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="rockwell-csp2" method="table" conf="3"/></port>
<port protocol="udp" portid="3283"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="netassistant" method="table" conf="3"/></port>
<port protocol="udp" portid="3456"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="IISrpc-or-vat" method="table" conf="3"/></port>
<port protocol="udp" portid="3703"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="adobeserver-3" method="table" conf="3"/></port>
<port protocol="udp" portid="4444"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="krb524" method="table" conf="3"/></port>
<port protocol="udp" portid="4500"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="nat-t-ike" method="table" conf="3"/></port>
<port protocol="udp" portid="5000"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="upnp" method="table" conf="3"/></port>
<port protocol="udp" portid="5060"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="sip" method="table" conf="3"/></port>
<port protocol="udp" portid="5353"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="zeroconf" method="table" conf="3"/></port>
<port protocol="udp" portid="5632"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="pcanywherestat" method="table" conf="3"/></port>
<port protocol="udp" portid="9200"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="wap-wsp" method="table" conf="3"/></port>
<port protocol="udp" portid="10000"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="ndmp" method="table" conf="3"/></port>
<port protocol="udp" portid="17185"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="wdbrpc" method="table" conf="3"/></port>
<port protocol="udp" portid="20031"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="bakbonenetvault" method="table" conf="3"/></port>
<port protocol="udp" portid="30718"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="31337"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="BackOrifice" method="table" conf="3"/></port>
<port protocol="udp" portid="32768"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="omad" method="table" conf="3"/></port>
<port protocol="udp" portid="32769"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="filenet-rpc" method="table" conf="3"/></port>
<port protocol="udp" portid="32771"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="sometimes-rpc6" method="table" conf="3"/></port>
<port protocol="udp" portid="32815"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="33281"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49152"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49153"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49154"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49156"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49181"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49182"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49185"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49186"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49188"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49190"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49191"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49192"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49193"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49194"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49200"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49201"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="65024"><state state="closed" reason="port-unreach" reason_ttl="63"/><service name="unknown" method="table" conf="3"/></port>
</ports>
<os><portused state="closed" proto="udp" portid="7"/>
<osmatch name="Avocent/Cyclades ACS 6000" accuracy="100" line="9077">
<osclass type="remote management" vendor="Avocent" osfamily="embedded" accuracy="100"/>
</osmatch>
<osmatch name="Android 2.2 (Linux 2.6)" accuracy="100" line="30692">
<osclass type="phone" vendor="Google" osfamily="Android" osgen="2.X" accuracy="100"><cpe>cpe:/o:google:android:2.2</cpe></osclass>
<osclass type="phone" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"><cpe>cpe:/o:google:android:2.2</cpe><cpe>cpe:/o:linux:linux_kernel:2.6</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.14 - 2.6.34" accuracy="100" line="47983">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"><cpe>cpe:/o:linux:linux_kernel:2.6</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.17" accuracy="100" line="48509">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.17 (Mandriva)" accuracy="100" line="48545">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="100" line="55418">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="100" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="100"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="ZyXEL NSA-210 NAS device" accuracy="100" line="107455">
<osclass type="storage-misc" vendor="ZyXEL" osfamily="embedded" accuracy="100"><cpe>cpe:/h:zyxel:nsa-210</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="OS:SCAN(V=7.93%E=4%D=2/7%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E279F0%P=x86_&#xa;OS:64-pc-linux-gnu)SEQ(CI=Z)SEQ(CI=Z%II=I)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=A&#xa;OS:R%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=4&#xa;OS:0%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=&#xa;OS:G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)&#xa;"/>
</os>
<distance value="2"/>
<trace port="138" proto="udp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="24.51"/>
<hop ttl="2" ipaddr="10.10.11.193" rtt="23.94" host="mentor.htb"/>
</trace>
<times srtt="28751" rttvar="5243" to="100000"/>
</host>
<taskbegin task="NSE" time="1675786736"/>
<taskend task="NSE" time="1675786736"/>
<taskbegin task="NSE" time="1675786736"/>
<taskend task="NSE" time="1675786736"/>
<taskbegin task="NSE" time="1675786736"/>
<taskend task="NSE" time="1675786736"/>
<runstats><finished time="1675786736" timestr="Tue Feb 7 17:18:56 2023" summary="Nmap done at Tue Feb 7 17:18:56 2023; 1 IP address (1 host up) scanned in 392.24 seconds" elapsed="392.24" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>