simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
HTB/metatwo/results/scans/_commands.log Normal file
View File

@@ -0,0 +1,30 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.186
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.186
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.186
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.186
nmap -vv --reason -Pn -T4 -sV -p 21 --script="banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml" 10.10.11.186
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.186
feroxbuster -u http://10.10.11.186:80/ -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
curl -sSikf http://10.10.11.186:80/.well-known/security.txt
curl -sSikf http://10.10.11.186:80/robots.txt
curl -sSik http://10.10.11.186:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.186
curl -sk -o /dev/null -H "Host: yQBDdkqpvKEGuxwSOHam.metapress.htb" http://metapress.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://10.10.11.186:80 2>&1
wkhtmltoimage --format png http://10.10.11.186:80/ /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://metapress.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.metapress.htb" -fs 145 -noninteractive -s | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_metapress.htb_vhosts_subdomains-top1million-110000.txt"

39
HTB/metatwo/results/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,39 @@
# Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml 10.10.11.186
Nmap scan report for metatwo.htb (10.10.11.186)
Host is up, received user-set (0.037s latency).
Scanned at 2023-01-25 11:09:20 EST for 565s
Not shown: 65532 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
21/tcp open ftp syn-ack
| fingerprint-strings:
| GenericLines:
| 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
| Invalid command: try being more creative
| Invalid command: try being more creative
| Verifier:
|_ 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
22/tcp open ssh syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey:
| 3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=
| 256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=
| 256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2
80/tcp open http syn-ack nginx 1.18.0
|_http-title: Did not follow redirect to http://metapress.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.18.0
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D15443%P=x86_64-pc-linux-gnu%r(Gene
SF:ricLines,8F,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\
SF:.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20cre
SF:ative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative
SF:\r\n")%r(Verifier,33,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::fff
SF:f:10\.10\.11\.186\]\r\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Jan 25 11:18:46 2023 -- 1 IP address (1 host up) scanned in 565.53 seconds

40
HTB/metatwo/results/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,40 @@
[*] ftp on tcp/21
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_hydra.txt" ftp://10.10.11.186
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 21 -O "/home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_medusa.txt" -M ftp -h 10.10.11.186
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.10.11.186
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.10.11.186
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://10.10.11.186:80 -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.10.11.186/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.10.11.186 -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.10.11.186/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.10.11.186 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://10.10.11.186:80 2>&1 | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://10.10.11.186:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_wpscan.txt"

2
HTB/metatwo/results/scans/_patterns.log Normal file
View File

@@ -0,0 +1,2 @@
Identified HTTP Server: nginx/1.18.0

39
HTB/metatwo/results/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,39 @@
# Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.186
Nmap scan report for metatwo.htb (10.10.11.186)
Host is up, received user-set (0.026s latency).
Scanned at 2023-01-25 11:09:20 EST for 559s
Not shown: 997 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
21/tcp open ftp syn-ack
| fingerprint-strings:
| GenericLines:
| 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
| Invalid command: try being more creative
| Invalid command: try being more creative
| Verifier:
|_ 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
22/tcp open ssh syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey:
| 3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=
| 256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=
| 256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2
80/tcp open http syn-ack nginx 1.18.0
|_http-title: Did not follow redirect to http://metapress.htb/
|_http-server-header: nginx/1.18.0
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D1543C%P=x86_64-pc-linux-gnu%r(Gene
SF:ricLines,8F,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\
SF:.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20cre
SF:ative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative
SF:\r\n")%r(Verifier,33,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::fff
SF:f:10\.10\.11\.186\]\r\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Jan 25 11:18:39 2023 -- 1 IP address (1 host up) scanned in 559.05 seconds

22
HTB/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt Normal file
View File

@@ -0,0 +1,22 @@
# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 21 "--script=banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml 10.10.11.186
Nmap scan report for metatwo.htb (10.10.11.186)
Host is up, received user-set (0.037s latency).
Scanned at 2023-01-25 11:18:40 EST for 333s
PORT STATE SERVICE REASON VERSION
21/tcp open ftp? syn-ack
| fingerprint-strings:
| GenericLines:
| 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]
| Invalid command: try being more creative
|_ Invalid command: try being more creative
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port21-TCP:V=7.93%I=7%D=1/25%Time=63D1566B%P=x86_64-pc-linux-gnu%r(Gene
SF:ricLines,8F,"220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\
SF:.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20cre
SF:ative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative
SF:\r\n");
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Jan 25 11:24:13 2023 -- 1 IP address (1 host up) scanned in 333.35 seconds

48
HTB/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml Normal file
View File

@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 21 &quot;-&#45;script=banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml 10.10.11.186 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 21 &quot;-&#45;script=banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp21/tcp_21_ftp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp21/xml/tcp_21_ftp_nmap.xml 10.10.11.186" start="1674663519" startstr="Wed Jan 25 11:18:39 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="21"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674663520"/>
<taskend task="NSE" time="1674663520"/>
<taskbegin task="NSE" time="1674663520"/>
<taskend task="NSE" time="1674663520"/>
<taskbegin task="NSE" time="1674663520"/>
<taskend task="NSE" time="1674663520"/>
<taskbegin task="Connect Scan" time="1674663520"/>
<taskend task="Connect Scan" time="1674663520" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674663520"/>
<taskend task="Service scan" time="1674663677" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674663677"/>
<taskend task="NSE" time="1674663700"/>
<taskbegin task="NSE" time="1674663700"/>
<taskprogress task="NSE" time="1674663731" percent="43.75" remaining="40" etc="1674663771"/>
<taskprogress task="NSE" time="1674663761" percent="62.50" remaining="37" etc="1674663798"/>
<taskprogress task="NSE" time="1674663791" percent="87.50" remaining="14" etc="1674663804"/>
<taskprogress task="NSE" time="1674663821" percent="93.75" remaining="9" etc="1674663829"/>
<taskend task="NSE" time="1674663821"/>
<taskbegin task="NSE" time="1674663821"/>
<taskprogress task="NSE" time="1674663852" percent="0.00"/>
<taskend task="NSE" time="1674663853"/>
<host starttime="1674663520" endtime="1674663853"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.186" addrtype="ipv4"/>
<hostnames>
<hostname name="metatwo.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" servicefp="SF-Port21-TCP:V=7.93%I=7%D=1/25%Time=63D1566B%P=x86_64-pc-linux-gnu%r(GenericLines,8F,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n&quot;);" method="table" conf="3"/><script id="fingerprint-strings" output="&#xa; GenericLines: &#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa; Invalid command: try being more creative&#xa; Invalid command: try being more creative"><elem key="GenericLines">&#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa; Invalid command: try being more creative&#xa; Invalid command: try being more creative</elem>
</script></port>
</ports>
<times srtt="36866" rttvar="36866" to="184330"/>
</host>
<taskbegin task="NSE" time="1674663853"/>
<taskend task="NSE" time="1674663853"/>
<taskbegin task="NSE" time="1674663853"/>
<taskend task="NSE" time="1674663853"/>
<taskbegin task="NSE" time="1674663853"/>
<taskend task="NSE" time="1674663853"/>
<runstats><finished time="1674663853" timestr="Wed Jan 25 11:24:13 2023" summary="Nmap done at Wed Jan 25 11:24:13 2023; 1 IP address (1 host up) scanned in 333.35 seconds" elapsed="333.35" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

62
HTB/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,62 @@
# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.186
Nmap scan report for metatwo.htb (10.10.11.186)
Host is up, received user-set (0.023s latency).
Scanned at 2023-01-25 11:18:40 EST for 1s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey:
| 3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=
| 256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=
| 256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2
|_banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
| ssh2-enum-algos:
| kex_algorithms: (9)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Jan 25 11:18:41 2023 -- 1 IP address (1 host up) scanned in 1.82 seconds

100
HTB/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,100 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.186 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/metatwo/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.186" start="1674663519" startstr="Wed Jan 25 11:18:39 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674663520"/>
<taskend task="NSE" time="1674663520"/>
<taskbegin task="NSE" time="1674663520"/>
<taskend task="NSE" time="1674663520"/>
<taskbegin task="Connect Scan" time="1674663520"/>
<taskend task="Connect Scan" time="1674663520" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674663520"/>
<taskend task="Service scan" time="1674663520" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674663520"/>
<taskend task="NSE" time="1674663521"/>
<taskbegin task="NSE" time="1674663521"/>
<taskend task="NSE" time="1674663521"/>
<host starttime="1674663520" endtime="1674663521"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.186" addrtype="ipv4"/>
<hostnames>
<hostname name="metatwo.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.4p1 Debian 5+deb11u1" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.4p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=&#xa; 256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=&#xa; 256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2"><table>
<elem key="fingerprint">c4b44617d2102d8fec1dc927fecd79ee</elem>
<elem key="bits">3072</elem>
<elem key="type">ssh-rsa</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=</elem>
</table>
<table>
<elem key="fingerprint">2aea2fcb23e8c529409cab866dcd4411</elem>
<elem key="bits">256</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=</elem>
</table>
<table>
<elem key="fingerprint">fd78c0b0e22016fa050debd83f12a4ab</elem>
<elem key="bits">256</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2</elem>
</table>
</script><script id="banner" output="SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1"/><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (9)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (5)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ssh-rsa&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ssh-rsa</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script></port>
</ports>
<times srtt="22897" rttvar="22897" to="114485"/>
</host>
<taskbegin task="NSE" time="1674663521"/>
<taskend task="NSE" time="1674663521"/>
<taskbegin task="NSE" time="1674663521"/>
<taskend task="NSE" time="1674663521"/>
<runstats><finished time="1674663521" timestr="Wed Jan 25 11:18:41 2023" summary="Nmap done at Wed Jan 25 11:18:41 2023; 1 IP address (1 host up) scanned in 1.82 seconds" elapsed="1.82" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

15
HTB/metatwo/results/scans/tcp80/tcp_80_http_curl-robots.txt Normal file
View File

@@ -0,0 +1,15 @@
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0
Date: Wed, 25 Jan 2023 16:18:41 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://metapress.htb/
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

16
HTB/metatwo/results/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,16 @@
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0
Date: Wed, 25 Jan 2023 16:18:41 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://metapress.htb/
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

4
HTB/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt Normal file
View File

@@ -0,0 +1,4 @@
WLD GET 7l 9w 145c Got 302 for http://10.10.11.186/e578455e6e054d249578bf7e6c0cd509 (url length: 32)
WLD - - - http://10.10.11.186/e578455e6e054d249578bf7e6c0cd509 => http://metapress.htb/
WLD GET 7l 9w 145c Got 302 for http://10.10.11.186/fd84f08f2434479395436880d4806dcb22b8a6a25bd84c0ab30854d5a635138e9e033de8f46a4034a7119bf91a8e07fb (url length: 96)
WLD - - - http://10.10.11.186/fd84f08f2434479395436880d4806dcb22b8a6a25bd84c0ab30854d5a635138e9e033de8f46a4034a7119bf91a8e07fb => http://metapress.htb/

15
HTB/metatwo/results/scans/tcp80/tcp_80_http_known-security.txt Normal file
View File

@@ -0,0 +1,15 @@
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0
Date: Wed, 25 Jan 2023 16:18:41 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://metapress.htb/
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

0
HTB/metatwo/results/scans/tcp80/tcp_80_http_metapress.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

79
HTB/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,79 @@
# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186
Nmap scan report for metatwo.htb (10.10.11.186)
Host is up, received user-set (0.028s latency).
Scanned at 2023-01-25 11:18:40 EST for 81s
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack nginx 1.18.0
| http-vhosts:
|_128 names had status 302
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-sitemap-generator:
| Directory structure:
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-chrono: Request times for /; avg: 215.68ms; min: 203.92ms; max: 255.33ms
|_http-server-header: nginx/1.18.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-mobileversion-checker: No mobile version detected.
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-title: Did not follow redirect to http://metapress.htb/
|_http-errors: Couldn't find any error pages.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-comments-displayer: Couldn't find any comments.
|_http-feed: Couldn't find any feeds.
| http-headers:
| Server: nginx/1.18.0
| Date: Wed, 25 Jan 2023 16:18:51 GMT
| Content-Type: text/html
| Content-Length: 145
| Connection: close
| Location: http://metapress.htb/
|
|_ (Request type: GET)
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-date: Wed, 25 Jan 2023 16:18:48 GMT; +2s from local time.
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-useragent-tester:
| Status for browser useragent: 200
| Redirected To: http://metapress.htb/
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
| http-security-headers:
| Cache_Control:
| Header: Cache-Control: no-store, no-cache, must-revalidate
| Pragma:
| Header: Pragma: no-cache
| Expires:
|_ Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Jan 25 11:20:01 2023 -- 1 IP address (1 host up) scanned in 81.17 seconds

BIN
HTB/metatwo/results/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.1 MiB

138
HTB/metatwo/results/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,138 @@
WhatWeb report for http://10.10.11.186:80
Status : 302 Found
Title : 302 Found
IP : 10.10.11.186
Country : RESERVED, ZZ
Summary : HTTPServer[nginx/1.18.0], nginx[1.18.0], RedirectLocation[http://metapress.htb/]
Detected Plugins:
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
String : nginx/1.18.0 (from server string)
[ RedirectLocation ]
HTTP Server string location. used with http-status 301 and
302
String : http://metapress.htb/ (from location)
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.18.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0
Date: Wed, 25 Jan 2023 16:18:42 GMT
Content-Type: text/html
Content-Length: 145
Connection: close
Location: http://metapress.htb/
WhatWeb report for http://metapress.htb/
Status : 200 OK
Title : MetaPress &#8211; Official company site
IP : 10.10.11.186
Country : RESERVED, ZZ
Summary : Cookies[PHPSESSID], HTML5, HTTPServer[nginx/1.18.0], MetaGenerator[WordPress 5.6.2], nginx[1.18.0], PHP[8.0.24], PoweredBy[--], Script, UncommonHeaders[link], WordPress[5.6.2], X-Powered-By[PHP/8.0.24]
Detected Plugins:
[ Cookies ]
Display the names of cookies in the HTTP headers. The
values are not returned to save on space.
String : PHPSESSID
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
String : nginx/1.18.0 (from server string)
[ MetaGenerator ]
This plugin identifies meta generator tags and extracts its
value.
String : WordPress 5.6.2
[ PHP ]
PHP is a widely-used general-purpose scripting language
that is especially suited for Web development and can be
embedded into HTML. This plugin identifies PHP errors,
modules and versions and extracts the local file path and
username if present.
Version : 8.0.24
Google Dorks: (2)
Website : http://www.php.net/
[ PoweredBy ]
This plugin identifies instances of 'Powered by x' text and
attempts to extract the value for x.
String : --
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ UncommonHeaders ]
Uncommon HTTP server headers. The blacklist includes all
the standard headers and many non standard but common ones.
Interesting but fairly common headers should have their own
plugins, eg. x-powered-by, server and x-aspnet-version.
Info about headers can be found at www.http-stats.com
String : link (from headers)
[ WordPress ]
WordPress is an opensource blogging system commonly used as
a CMS.
Version : 5.6.2
Aggressive function available (check plugin file or details).
Google Dorks: (1)
Website : http://www.wordpress.org/
[ X-Powered-By ]
X-Powered-By HTTP header
String : PHP/8.0.24 (from x-powered-by string)
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.18.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 25 Jan 2023 16:18:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/8.0.24
Set-Cookie: PHPSESSID=2ov58ptej4gtfom05meggtjkus; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <http://metapress.htb/wp-json/>; rel="https://api.w.org/"
Content-Encoding: gzip

85
HTB/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,85 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186" start="1674663519" startstr="Wed Jan 25 11:18:39 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674663520"/>
<taskend task="NSE" time="1674663520"/>
<taskbegin task="NSE" time="1674663520"/>
<taskend task="NSE" time="1674663520"/>
<taskbegin task="NSE" time="1674663520"/>
<taskend task="NSE" time="1674663520"/>
<taskbegin task="Connect Scan" time="1674663520"/>
<taskend task="Connect Scan" time="1674663520" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674663520"/>
<taskend task="Service scan" time="1674663526" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674663526"/>
<taskprogress task="NSE" time="1674663557" percent="99.67" remaining="1" etc="1674663557"/>
<taskprogress task="NSE" time="1674663587" percent="99.67" remaining="1" etc="1674663587"/>
<taskend task="NSE" time="1674663600"/>
<taskbegin task="NSE" time="1674663600"/>
<taskend task="NSE" time="1674663601"/>
<taskbegin task="NSE" time="1674663601"/>
<taskend task="NSE" time="1674663601"/>
<host starttime="1674663520" endtime="1674663601"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.186" addrtype="ipv4"/>
<hostnames>
<hostname name="metatwo.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe></service><script id="http-vhosts" output="&#xa;128 names had status 302"/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-sitemap-generator" output="&#xa; Directory structure:&#xa; Longest directory structure:&#xa; Depth: 0&#xa; Dir: /&#xa; Total files found (by extension):&#xa; &#xa;"/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-chrono" output="Request times for /; avg: 215.68ms; min: 203.92ms; max: 255.33ms"/><script id="http-server-header" output="nginx/1.18.0"><elem>nginx/1.18.0</elem>
</script><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-title" output="Did not follow redirect to http://metapress.htb/"><elem key="redirect_url">http://metapress.htb/</elem>
</script><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-comments-displayer" output="Couldn&apos;t find any comments."/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-headers" output="&#xa; Server: nginx/1.18.0&#xa; Date: Wed, 25 Jan 2023 16:18:51 GMT&#xa; Content-Type: text/html&#xa; Content-Length: 145&#xa; Connection: close&#xa; Location: http://metapress.htb/&#xa; &#xa; (Request type: GET)&#xa;"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-date" output="Wed, 25 Jan 2023 16:18:48 GMT; +2s from local time."><elem key="date">2023-01-25T16:18:48+00:00</elem>
<elem key="delta">2.0</elem>
</script><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-useragent-tester" output="&#xa; Status for browser useragent: 200&#xa; Redirected To: http://metapress.htb/&#xa; Allowed User Agents: &#xa; Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa; libwww&#xa; lwp-trivial&#xa; libcurl-agent/1.0&#xa; PHP/&#xa; Python-urllib/2.5&#xa; GT::WWW&#xa; Snoopy&#xa; MFC_Tear_Sample&#xa; HTTP::Lite&#xa; PHPCrawl&#xa; URI::Fetch&#xa; Zend_Http_Client&#xa; http client&#xa; PECL::HTTP&#xa; Wget/1.13.4 (linux-gnu)&#xa; WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
<elem key="Redirected To">http://metapress.htb/</elem>
<table key="Allowed User Agents">
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
<elem>libwww</elem>
<elem>lwp-trivial</elem>
<elem>libcurl-agent/1.0</elem>
<elem>PHP/</elem>
<elem>Python-urllib/2.5</elem>
<elem>GT::WWW</elem>
<elem>Snoopy</elem>
<elem>MFC_Tear_Sample</elem>
<elem>HTTP::Lite</elem>
<elem>PHPCrawl</elem>
<elem>URI::Fetch</elem>
<elem>Zend_Http_Client</elem>
<elem>http client</elem>
<elem>PECL::HTTP</elem>
<elem>Wget/1.13.4 (linux-gnu)</elem>
<elem>WWW-Mechanize/1.34</elem>
</table>
</script><script id="http-security-headers" output="&#xa; Cache_Control: &#xa; Header: Cache-Control: no-store, no-cache, must-revalidate&#xa; Pragma: &#xa; Header: Pragma: no-cache&#xa; Expires: &#xa; Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT"><table key="Cache_Control">
<elem>Header: Cache-Control: no-store, no-cache, must-revalidate</elem>
</table>
<table key="Pragma">
<elem>Header: Pragma: no-cache</elem>
</table>
<table key="Expires">
<elem>Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT</elem>
</table>
</script><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/></port>
</ports>
<times srtt="28483" rttvar="28483" to="142415"/>
</host>
<taskbegin task="NSE" time="1674663601"/>
<taskend task="NSE" time="1674663601"/>
<taskbegin task="NSE" time="1674663601"/>
<taskend task="NSE" time="1674663601"/>
<taskbegin task="NSE" time="1674663601"/>
<taskend task="NSE" time="1674663601"/>
<runstats><finished time="1674663601" timestr="Wed Jan 25 11:20:01 2023" summary="Nmap done at Wed Jan 25 11:20:01 2023; 1 IP address (1 host up) scanned in 81.17 seconds" elapsed="81.17" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

75
HTB/metatwo/results/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml 10.10.11.186 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/metatwo/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_full_tcp_nmap.xml 10.10.11.186" start="1674662960" startstr="Wed Jan 25 11:09:20 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674662960"/>
<taskend task="NSE" time="1674662960"/>
<taskbegin task="NSE" time="1674662960"/>
<taskend task="NSE" time="1674662960"/>
<taskbegin task="NSE" time="1674662960"/>
<taskend task="NSE" time="1674662960"/>
<taskbegin task="Connect Scan" time="1674662960"/>
<taskend task="Connect Scan" time="1674662968" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1674662968"/>
<taskend task="Service scan" time="1674663487" extrainfo="3 services on 1 host"/>
<taskbegin task="NSE" time="1674663487"/>
<taskend task="NSE" time="1674663497"/>
<taskbegin task="NSE" time="1674663497"/>
<taskend task="NSE" time="1674663525"/>
<taskbegin task="NSE" time="1674663525"/>
<taskend task="NSE" time="1674663525"/>
<host starttime="1674662960" endtime="1674663525"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.186" addrtype="ipv4"/>
<hostnames>
<hostname name="metatwo.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65532">
<extrareasons reason="conn-refused" count="65532" proto="tcp" ports="1-20,23-79,81-65535"/>
</extraports>
<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" servicefp="SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D15443%P=x86_64-pc-linux-gnu%r(GenericLines,8F,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n&quot;)%r(Verifier,33,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n&quot;);" method="probed" conf="10"/><script id="fingerprint-strings" output="&#xa; GenericLines: &#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa; Invalid command: try being more creative&#xa; Invalid command: try being more creative&#xa; Verifier: &#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]"><elem key="GenericLines">&#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa; Invalid command: try being more creative&#xa; Invalid command: try being more creative</elem>
<elem key="Verifier">&#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]</elem>
</script></port>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.4p1 Debian 5+deb11u1" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.4p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=&#xa; 256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=&#xa; 256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2"><table>
<elem key="fingerprint">c4b44617d2102d8fec1dc927fecd79ee</elem>
<elem key="type">ssh-rsa</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=</elem>
<elem key="bits">3072</elem>
</table>
<table>
<elem key="fingerprint">2aea2fcb23e8c529409cab866dcd4411</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="fingerprint">fd78c0b0e22016fa050debd83f12a4ab</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2</elem>
<elem key="bits">256</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe></service><script id="http-title" output="Did not follow redirect to http://metapress.htb/"><elem key="redirect_url">http://metapress.htb/</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-server-header" output="nginx/1.18.0"><elem>nginx/1.18.0</elem>
</script></port>
</ports>
<times srtt="37276" rttvar="3872" to="100000"/>
</host>
<taskbegin task="NSE" time="1674663525"/>
<taskend task="NSE" time="1674663525"/>
<taskbegin task="NSE" time="1674663525"/>
<taskend task="NSE" time="1674663525"/>
<taskbegin task="NSE" time="1674663525"/>
<taskend task="NSE" time="1674663525"/>
<runstats><finished time="1674663526" timestr="Wed Jan 25 11:18:46 2023" summary="Nmap done at Wed Jan 25 11:18:46 2023; 1 IP address (1 host up) scanned in 565.53 seconds" elapsed="565.53" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

75
HTB/metatwo/results/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Wed Jan 25 11:09:20 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.186 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/metatwo/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/metatwo/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.186" start="1674662960" startstr="Wed Jan 25 11:09:20 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674662960"/>
<taskend task="NSE" time="1674662960"/>
<taskbegin task="NSE" time="1674662960"/>
<taskend task="NSE" time="1674662960"/>
<taskbegin task="NSE" time="1674662960"/>
<taskend task="NSE" time="1674662960"/>
<taskbegin task="Connect Scan" time="1674662960"/>
<taskend task="Connect Scan" time="1674662961" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1674662961"/>
<taskend task="Service scan" time="1674663480" extrainfo="3 services on 1 host"/>
<taskbegin task="NSE" time="1674663480"/>
<taskend task="NSE" time="1674663490"/>
<taskbegin task="NSE" time="1674663490"/>
<taskend task="NSE" time="1674663519"/>
<taskbegin task="NSE" time="1674663519"/>
<taskend task="NSE" time="1674663519"/>
<host starttime="1674662960" endtime="1674663519"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.186" addrtype="ipv4"/>
<hostnames>
<hostname name="metatwo.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="997">
<extrareasons reason="conn-refused" count="997" proto="tcp" ports="1,3-4,6-7,9,13,17,19-20,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" servicefp="SF-Port21-TCP:V=7.93%I=9%D=1/25%Time=63D1543C%P=x86_64-pc-linux-gnu%r(GenericLines,8F,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creative\r\n&quot;)%r(Verifier,33,&quot;220\x20ProFTPD\x20Server\x20\(Debian\)\x20\[::ffff:10\.10\.11\.186\]\r\n&quot;);" method="probed" conf="10"/><script id="fingerprint-strings" output="&#xa; GenericLines: &#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa; Invalid command: try being more creative&#xa; Invalid command: try being more creative&#xa; Verifier: &#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]"><elem key="GenericLines">&#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]&#xa; Invalid command: try being more creative&#xa; Invalid command: try being more creative</elem>
<elem key="Verifier">&#xa; 220 ProFTPD Server (Debian) [::ffff:10.10.11.186]</elem>
</script></port>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.4p1 Debian 5+deb11u1" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.4p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 c4b44617d2102d8fec1dc927fecd79ee (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=&#xa; 256 2aea2fcb23e8c529409cab866dcd4411 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=&#xa; 256 fd78c0b0e22016fa050debd83f12a4ab (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2"><table>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDPp9LmBKMOuXu2ZOpw8JorL5ah0sU0kIBXvJB8LX26rpbOhw+1MPdhx6ptZzXwQ8wkQc88xu5h+oB8NGkeHLYhvRqtZmvkTpOsyJiMm+0Udbg+IJCENPiKGSC5J+0tt4QPj92xtTe/f7WV4hbBLDQust46D1xVJVOCNfaloIC40BtWoMWIoEFWnk7U3kwXcM5336LuUnhm69XApDB4y/dt5CgXFoWlDQi45WLLQGbanCNAlT9XwyPnpIyqQdF7mRJ5yRXUOXGeGmoO9+JALVQIEJ/7Ljxts6QuV633wFefpxnmvTu7XX9W8vxUcmInIEIQCmunR5YH4ZgWRclT+6rzwRQw1DH1z/ZYui5Bjn82neoJunhweTJXQcotBp8glpvq3X/rQgZASSyYrOJghBlNVZDqPzp4vBC78gn6TyZyuJXhDxw+lHxF82IMT2fatp240InLVvoWrTWlXlEyPiHraKC0okOVtul6T0VRxsuT+QsyU7pdNFkn2wDVvC25AW8=</elem>
<elem key="bits">3072</elem>
<elem key="type">ssh-rsa</elem>
<elem key="fingerprint">c4b44617d2102d8fec1dc927fecd79ee</elem>
</table>
<table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1ZmNogWBUF8MwkNsezebQ+0/yPq7RX3/j9s4Qh8jbGlmvAcN0Z/aIBrzbEuTRf3/cHehtaNf9qrF2ehQAeM94=</elem>
<elem key="bits">256</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="fingerprint">2aea2fcb23e8c529409cab866dcd4411</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIOP4kxBr9kumAjfplon8fXJpuqhdMJy2rpd3FM7+mGw2</elem>
<elem key="bits">256</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="fingerprint">fd78c0b0e22016fa050debd83f12a4ab</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe></service><script id="http-title" output="Did not follow redirect to http://metapress.htb/"><elem key="redirect_url">http://metapress.htb/</elem>
</script><script id="http-server-header" output="nginx/1.18.0"><elem>nginx/1.18.0</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script></port>
</ports>
<times srtt="26037" rttvar="1478" to="100000"/>
</host>
<taskbegin task="NSE" time="1674663519"/>
<taskend task="NSE" time="1674663519"/>
<taskbegin task="NSE" time="1674663519"/>
<taskend task="NSE" time="1674663519"/>
<taskbegin task="NSE" time="1674663519"/>
<taskend task="NSE" time="1674663519"/>
<runstats><finished time="1674663519" timestr="Wed Jan 25 11:18:39 2023" summary="Nmap done at Wed Jan 25 11:18:39 2023; 1 IP address (1 host up) scanned in 559.05 seconds" elapsed="559.05" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>