simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
HTB/pollution/results/10.10.11.192/report/local.txt Normal file
View File

24
HTB/pollution/results/10.10.11.192/report/notes.txt Normal file
View File

@@ -0,0 +1,24 @@
[*] ssh found on tcp/22.
[*] http found on tcp/80.
[*] redis found on tcp/6379.
[*] ssh found on tcp/22.
[*] http found on tcp/80.
[*] redis found on tcp/6379.

0
HTB/pollution/results/10.10.11.192/report/proof.txt Normal file
View File

39
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Commands.md Normal file
View File

@@ -0,0 +1,39 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.192
feroxbuster -u http://10.10.11.192:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://10.10.11.192:80/.well-known/security.txt
curl -sSikf http://10.10.11.192:80/robots.txt
curl -sSik http://10.10.11.192:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.192
curl -sk -o /dev/null -H "Host: VUkAUEoEYbBCjSGEdvRV.pollution.htb" http://pollution.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://10.10.11.192:80 2>&1
wkhtmltoimage --format png http://10.10.11.192:80/ /home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://pollution.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.pollution.htb" -fs 26197 -noninteractive -s | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_pollution.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sV -p 6379 --script="banner,redis-info" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/xml/tcp_6379_redis_nmap.xml" 10.10.11.192
redis-cli -p 6379 -h 10.10.11.192 INFO
```

35
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Manual Commands.md Normal file
View File

@@ -0,0 +1,35 @@
```bash
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.10.11.192
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.10.11.192
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://10.10.11.192:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.10.11.192/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.10.11.192 -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.10.11.192/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.10.11.192 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://10.10.11.192:80 2>&1 | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://10.10.11.192:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_wpscan.txt"
```

2
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Patterns.md Normal file
View File

@@ -0,0 +1,2 @@
Identified HTTP Server: Apache/2.4.54 (Debian)

68
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Port Scans/PortScan - All TCP Ports.md Normal file
View File

@@ -0,0 +1,68 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml" 10.10.11.192
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Thu Feb 2 13:46:42 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml 10.10.11.192
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.035s latency).
Scanned at 2023-02-02 13:46:43 CET for 55s
Not shown: 65532 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey:
| 3072 db1d5c65729bc64330a52ba0f01ad5fc (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=
| 256 4f7956c5bf20f9f14b9238edcefaac78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=
| 256 df47554f4ad178a89dcdf8a02fc0fca9 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.54 ((Debian))
|_http-server-header: Apache/2.4.54 (Debian)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-title: Home
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
|_http-trane-info: Problem with XML parsing of /evox/about
|_http-favicon: Unknown favicon MD5: C797F0B9A0242854B3C20DEC6614399C
6379/tcp open redis syn-ack ttl 63 Redis key-value store
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (94%), Linux 5.3 - 5.4 (94%), Linux 2.6.32 (94%), Linux 5.0 - 5.3 (93%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 5.0 (91%), Crestron XPanel control system (91%), Linux 5.4 (91%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/2%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63DBB0EA%P=x86_64-pc-linux-gnu)
SEQ(SP=104%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 11.009 days (since Sun Jan 22 13:34:06 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 111/tcp)
HOP RTT ADDRESS
1 24.07 ms 10.10.16.1
2 55.74 ms pollution.htb (10.10.11.192)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 2 13:47:38 2023 -- 1 IP address (1 host up) scanned in 56.19 seconds
```

52
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Port Scans/PortScan - Top 100 UDP Ports.md Normal file
View File

@@ -0,0 +1,52 @@
```bash
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml" 10.10.11.192
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt):
```
# Nmap 7.93 scan initiated Thu Feb 2 13:46:42 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml 10.10.11.192
Warning: 10.10.11.192 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.192 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.192 from 200 to 400 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.192 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.092s latency).
Scanned at 2023-02-02 13:46:43 CET for 246s
Not shown: 87 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
49/udp open|filtered tacacs no-response
68/udp open|filtered dhcpc no-response
137/udp open|filtered netbios-ns no-response
158/udp open|filtered pcmail-srv no-response
500/udp open|filtered isakmp no-response
518/udp open|filtered ntalk no-response
1701/udp open|filtered L2TP no-response
1719/udp open|filtered h323gatestat no-response
5353/udp open|filtered zeroconf no-response
30718/udp open|filtered unknown no-response
32815/udp open|filtered unknown no-response
49194/udp open|filtered unknown no-response
49200/udp open|filtered unknown no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/2%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63DBB1A9%P=x86_64-pc-linux-gnu)
SEQ(CI=Z%II=I)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 32768/udp)
HOP RTT ADDRESS
1 44.74 ms 10.10.16.1
2 77.07 ms pollution.htb (10.10.11.192)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 2 13:50:49 2023 -- 1 IP address (1 host up) scanned in 246.87 seconds
```

64
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Port Scans/PortScan - Top TCP Ports.md Normal file
View File

@@ -0,0 +1,64 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml" 10.10.11.192
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Thu Feb 2 13:46:42 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml 10.10.11.192
adjust_timeouts2: packet supposedly had rtt of -430983 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -430983 microseconds. Ignoring time.
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.043s latency).
Scanned at 2023-02-02 13:46:43 CET for 35s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey:
| 3072 db1d5c65729bc64330a52ba0f01ad5fc (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=
| 256 4f7956c5bf20f9f14b9238edcefaac78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=
| 256 df47554f4ad178a89dcdf8a02fc0fca9 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.54 ((Debian))
|_http-favicon: Unknown favicon MD5: C797F0B9A0242854B3C20DEC6614399C
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-title: Home
|_http-server-header: Apache/2.4.54 (Debian)
|_http-trane-info: Problem with XML parsing of /evox/about
Aggressive OS guesses: Linux 4.15 - 5.6 (94%), Linux 5.3 - 5.4 (94%), Linux 2.6.32 (94%), Linux 5.0 - 5.3 (93%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 5.0 (91%), Crestron XPanel control system (91%), Adtran 424RG FTTH gateway (90%)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=2/2%OT=22%CT=1%CU=33211%PV=Y%DS=2%DC=T%G=Y%TM=63DBB0D6
OS:%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=108%TI=Z%CI=Z%II=I%TS=A)OPS(
OS:O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11
OS:NW7%O6=M54BST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(
OS:R=Y%DF=Y%T=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS
OS:%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=
OS:Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T6(R=Y%DF=Y%T=40%W=0%S=A
OS:%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y
OS:%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)U1(R=N)IE(R=Y%
OS:DFI=N%T=40%CD=S)
Uptime guess: 11.009 days (since Sun Jan 22 13:34:06 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 21/tcp)
HOP RTT ADDRESS
1 25.18 ms 10.10.16.1
2 65.82 ms pollution.htb (10.10.11.192)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 2 13:47:18 2023 -- 1 IP address (1 host up) scanned in 36.46 seconds
```

71
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-22-ssh/Nmap SSH.md Normal file
View File

@@ -0,0 +1,71 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.192
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt):
```
# Nmap 7.93 scan initiated Thu Feb 2 13:47:19 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.192
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.33s latency).
Scanned at 2023-02-02 13:47:20 CET for 9s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey:
| 3072 db1d5c65729bc64330a52ba0f01ad5fc (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=
| 256 4f7956c5bf20f9f14b9238edcefaac78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=
| 256 df47554f4ad178a89dcdf8a02fc0fca9 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
|_banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
| ssh2-enum-algos:
| kex_algorithms: (9)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 2 13:47:29 2023 -- 1 IP address (1 host up) scanned in 10.36 seconds
```

20
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-6379-redis/Nmap Redis.md Normal file
View File

@@ -0,0 +1,20 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 6379 --script="banner,redis-info" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/xml/tcp_6379_redis_nmap.xml" 10.10.11.192
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt):
```
# Nmap 7.93 scan initiated Thu Feb 2 13:47:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 6379 --script=banner,redis-info -oN /home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/xml/tcp_6379_redis_nmap.xml 10.10.11.192
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.026s latency).
Scanned at 2023-02-02 13:47:39 CET for 32s
PORT STATE SERVICE REASON VERSION
6379/tcp open redis syn-ack ttl 63 Redis key-value store
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 2 13:48:11 2023 -- 1 IP address (1 host up) scanned in 32.11 seconds
```

11
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-6379-redis/Redis Cli.md Normal file
View File

@@ -0,0 +1,11 @@
```bash
redis-cli -p 6379 -h 10.10.11.192 INFO
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_info.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_info.txt):
```
NOAUTH Authentication required.
```

20
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-80-http/Curl Robots.md Normal file
View File

@@ -0,0 +1,20 @@
```bash
curl -sSikf http://10.10.11.192:80/robots.txt
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_curl-robots.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_curl-robots.txt):
```
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 12:47:19 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=cb6abn4hk0jci5cg7pahb5bosa; path=/
Location: /
Content-Length: 0
Content-Type: text/html; charset=UTF-8
```

562
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-80-http/Curl.md Normal file
View File

@@ -0,0 +1,562 @@
```bash
curl -sSik http://10.10.11.192:80/
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_curl.html](file:///home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_curl.html):
```
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:47:19 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=q6as0o11bcv0ab4gm7qq1eg7ea; path=/
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<link href="https://fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800,900&display=swap" rel="stylesheet">
<title>Home</title>
<!--
Breezed Template
https://templatemo.com/tm-543-breezed
-->
<!-- Additional CSS Files -->
<link rel="stylesheet" type="text/css" href="assets/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="assets/css/font-awesome.css">
<link rel="stylesheet" href="assets/css/templatemo-breezed.css">
<link rel="stylesheet" href="assets/css/owl-carousel.css">
<link rel="stylesheet" href="assets/css/lightbox.css">
</head>
<body>
<!-- ***** Preloader Start ***** -->
<div id="preloader">
<div class="jumper">
<div></div>
<div></div>
<div></div>
</div>
</div>
<!-- ***** Preloader End ***** -->
<!-- ***** Header Area Start ***** -->
<header class="header-area header-sticky">
<div class="container">
<div class="row">
<div class="col-12">
<nav class="main-nav">
<!-- ***** Logo Start ***** -->
<a href="/" class="logo">
COLLECT
</a>
<!-- ***** Logo End ***** -->
<!-- ***** Menu Start ***** -->
<ul class="nav">
<li class="scroll-to-section"><a href="#top" class="active">Start</a></li>
<li class="scroll-to-section"><a href="#about">About</a></li>
<li class="scroll-to-section"><a href="#projects">Projects</a></li>
<li class="scroll-to-section"><a href="#contact-us">Contact Us</a></li>
<li class="scroll-to-section"><a href="/login">Login</a></li>
<li class="scroll-to-section"><a href="/register">Register</a></li>
</ul>
<a class='menu-trigger'>
<span>Menu</span>
</a>
<!-- ***** Menu End ***** -->
</nav>
</div>
</div>
</div>
</header>
<!-- ***** Header Area End ***** -->
<!-- ***** Search Area ***** -->
<div id="search">
<button type="button" class="close">×</button>
<form id="contact" action="#" method="get">
<fieldset>
<input type="search" name="q" placeholder="SEARCH KEYWORD(s)" aria-label="Search through site content">
</fieldset>
<fieldset>
<button type="submit" class="main-button">Search</button>
</fieldset>
</form>
</div>
<!-- ***** Main Banner Area Start ***** -->
<div class="main-banner header-text" id="top">
<div class="Modern-Slider">
<!-- Item -->
<div class="item">
<div class="img-fill">
<img src="assets/images/slide-01.png" alt="">
<div class="text-content">
<h3>Welcome To Collect</h3>
<h5>A cleaner world</h5>
</div>
</div>
</div>
<!-- // Item -->
<!-- Item -->
<!-- // Item -->
</div>
</div>
<div class="scroll-down scroll-to-section"><a href="#about"><i class="fa fa-arrow-down"></i></a></div>
<!-- ***** Main Banner Area End ***** -->
<!-- ***** About Area Starts ***** -->
<section class="section" id="about">
<div class="container">
<div class="row">
<div class="col-lg-6 col-md-6 col-xs-12">
<div class="left-text-content">
<div class="section-heading">
<h6>About Us</h6>
<h2>We work with top brands and startups</h2>
</div>
<div class="row">
<div class="col-md-6 col-sm-6">
<div class="service-item">
<img src="assets/images/service-item-01.png" alt="">
<h4>Top Notch</h4>
</div>
</div>
<div class="col-md-6 col-sm-6">
<div class="service-item">
<img src="assets/images/service-item-01.png" alt="">
<h4>Robust</h4>
</div>
</div>
<div class="col-md-6 col-sm-6">
<div class="service-item">
<img src="assets/images/contact-info-03.png" alt="">
<h4>Reliable</h4>
</div>
</div>
<div class="col-md-6 col-sm-6">
<div class="service-item">
<img src="assets/images/contact-info-03.png" alt="">
<h4>Up-to-date</h4>
</div>
</div>
</div>
</div>
</div>
<div class="col-lg-6 col-md-6 col-xs-12">
<div class="right-text-content">
<p>Collect is a recycling, agriculture and technology company</p>
<br><br>Our services guarantee a garden and environmental hygiene to the contractor
<br><br>If you want to get in touch, use Contact Us on our website.
<br><br>We are in the process of creating an API that monitors pollution and deforestation in some popular environments in a given region. If you are interested in using this API, please register on our website.
</div>
</div>
</div>
</div>
</section>
<!-- ***** About Area Ends ***** -->
<!-- ***** Features Big Item Start ***** -->
<section class="section" id="features">
<div class="container">
<div class="row">
<div class="col-lg-4 col-md-6 col-sm-12 col-xs-12" data-scroll-reveal="enter left move 30px over 0.6s after 0.4s">
<div class="features-item">
<div class="features-icon">
<img src="assets/images/features-icon-1.png" alt="">
</div>
<div class="features-content">
<h4>Initial Work</h4>
<p>Proin euismod sem ut diam ultricies, ut faucibus velit ultricies. Nam eu turpis quam. Duis ac condimentum eros.</p>
</div>
</div>
</div>
<div class="col-lg-4 col-md-6 col-sm-12 col-xs-12" data-scroll-reveal="enter bottom move 30px over 0.6s after 0.4s">
<div class="features-item">
<div class="features-icon">
<img src="assets/images/features-icon-1.png" alt="">
</div>
<div class="features-content">
<h4>Master Planning</h4>
<p>Proin euismod sem ut diam ultricies, ut faucibus velit ultricies. Nam eu turpis quam. Duis ac condimentum eros.</p>
</div>
</div>
</div>
<div class="col-lg-4 col-md-6 col-sm-12 col-xs-12" data-scroll-reveal="enter right move 30px over 0.6s after 0.4s">
<div class="features-item">
<div class="features-icon">
<img src="assets/images/features-icon-1.png" alt="">
</div>
<div class="features-content">
<h4>Smooth Execution</h4>
<p>Proin euismod sem ut diam ultricies, ut faucibus velit ultricies. Nam eu turpis quam. Duis ac condimentum eros.</p>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Features Big Item End ***** -->
<!-- ***** Features Big Item Start ***** -->
<section class="section" id="subscribe">
<div class="container">
<div class="row">
<div class="col-lg-8 offset-lg-2">
<div class="section-heading" style="color: black">
<h6>Subscribe Newsletters</h6>
<h2>Dont miss this chance!</h2>
</div>
<div class="subscribe-content">
<p style="color: black">Vivamus suscipit blandit nibh, in cursus mi. Proin vel blandit metus, et auctor elit. Vivamus tincidunt tristique convallis. Ut nec odio vel arcu euismod semper nec ac sem.</p>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Features Big Item End ***** -->
<!-- ***** Projects Area Starts ***** -->
<section class="section" id="projects">
<div class="container">
<div class="row">
<div class="col-lg-3">
<div class="section-heading">
<h6>Our Projects</h6>
<h2>Some of our latest projects</h2>
</div>
</div>
<div class="col-lg-9">
<div class="filters-content">
<div class="row grid">
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all des">
<div class="item">
<a href="assets/images/item-01.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-01.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12 all dev">
<div class="item">
<a href="assets/images/item-02.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-02.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all gra">
<div class="item">
<a href="assets/images/item-03.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-03.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all tsh">
<div class="item">
<a href="assets/images/item-04.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-04.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all dev">
<div class="item">
<a href="assets/images/item-05.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-05.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all des">
<div class="item">
<a href="assets/images/item-06.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-06.jpg" alt=""></a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Projects Area Ends ***** -->
<!-- ***** Testimonials Starts ***** -->
<section class="section" id="testimonials">
<div class="container">
<div class="row">
<div class="col-lg-12">
<div class="section-heading" style="color: black">
<h6>Digital Team</h6>
<h2>young and talented members</h2>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12 mobile-bottom-fix-big" data-scroll-reveal="enter left move 30px over 0.6s after 0.4s">
<div class="owl-carousel owl-theme">
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-01.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.01 White Cheese</h4>
<span>Digital Marketer</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-04.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.02 Snow Mary</h4>
<span>Site Analyst</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-02.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.03 Johnny Egg</h4>
<span>Digital Influencer</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-05.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.04 Catherine Phyu</h4>
<span>Co Founder</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-03.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.05 Shao Lynn</h4>
<span>Chief Marketing</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-04.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.06 Emma Honey</h4>
<span>Digital Influencer</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-06.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.07 Oliva Sofie</h4>
<span>Website Analyst</span>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Testimonials Ends ***** -->
<!-- ***** Contact Us Area Starts ***** -->
<section class="section" id="contact-us">
<div class="container">
<div class="row">
<div class="col-lg-4 col-md-4 col-xs-12">
<div class="left-text-content">
<div class="section-heading">
<h6>Contact Us</h6>
<h2>Feel free to keep in touch with us!</h2>
</div>
<ul class="contact-info">
<li><img src="assets/images/contact-info-01.png" alt="">010-020-0860</li>
<li><img src="assets/images/contact-info-02.png" alt="">info@collect.htb</li>
<li><img src="assets/images/contact-info-03.png" alt="">collect.htb</li>
</ul>
</div>
</div>
<div class="col-lg-8 col-md-8 col-xs-12">
<div class="contact-form">
<form id="contact" action="" method="get">
<div class="row">
<div class="col-md-6 col-sm-12">
<fieldset>
<input name="name" type="text" id="name" placeholder="Your Name *" required="">
</fieldset>
</div>
<div class="col-md-6 col-sm-12">
<fieldset>
<input name="phone" type="text" id="phone" placeholder="Your Phone" required="">
</fieldset>
</div>
<div class="col-md-6 col-sm-12">
<fieldset>
<input name="email" type="email" id="email" placeholder="Your Email *" required="">
</fieldset>
</div>
<div class="col-md-6 col-sm-12">
<fieldset>
<input name="subject" type="text" id="subject" placeholder="Subject">
</fieldset>
</div>
<div class="col-lg-12">
<fieldset>
<textarea name="message" rows="6" id="message" placeholder="Message" required=""></textarea>
</fieldset>
</div>
<div class="col-lg-12">
<fieldset>
<button type="submit" id="form-submit" class="main-button-icon">Send Message Now <i class="fa fa-arrow-right"></i></button>
</fieldset>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Contact Us Area Ends ***** -->
<!-- ***** Footer Start ***** -->
<footer>
<div class="container">
<div class="row">
<div class="col-lg-6 col-xs-12">
<div class="left-text-content">
<p>Copyright &copy; 2022 Collect
</div>
</div>
<div class="col-lg-6 col-xs-12">
<div class="right-text-content">
<ul class="social-icons">
<li><p>Follow Us</p></li>
<li><a rel="nofollow" href="#"><i class="fa fa-facebook"></i></a></li>
<li><a rel="nofollow" href="#"><i class="fa fa-twitter"></i></a></li>
<li><a rel="nofollow" href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a rel="nofollow" href="#"><i class="fa fa-dribbble"></i></a></li>
</ul>
</div>
</div>
</div>
</div>
</footer>
<!-- jQuery -->
<script src="assets/js/jquery-2.1.0.min.js"></script>
<!-- Bootstrap -->
<script src="assets/js/popper.js"></script>
<script src="assets/js/bootstrap.min.js"></script>
<!-- Plugins -->
<script src="assets/js/owl-carousel.js"></script>
<script src="assets/js/scrollreveal.min.js"></script>
<script src="assets/js/waypoints.min.js"></script>
<script src="assets/js/jquery.counterup.min.js"></script>
<script src="assets/js/imgfix.min.js"></script>
<script src="assets/js/slick.js"></script>
<script src="assets/js/lightbox.js"></script>
<script src="assets/js/isotope.js"></script>
<!-- Global Init -->
<script src="assets/js/custom.js"></script>
<script>
$(function() {
var selectedClass = "";
$("p").click(function(){
selectedClass = $(this).attr("data-rel");
$("#portfolio").fadeTo(50, 0.1);
$("#portfolio div").not("."+selectedClass).fadeOut();
setTimeout(function() {
$("."+selectedClass).fadeIn();
$("#portfolio").fadeTo(50, 1);
}, 500);
});
});
</script>
</body>
</html>
```

17
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-80-http/Directory Buster.md Normal file
View File

@@ -0,0 +1,17 @@
```bash
feroxbuster -u http://10.10.11.192:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt):
```
WLD GET 0l 0w 0c Got 302 for http://10.10.11.192/e94fbbcc871f4b67bf177518a98408f5 (url length: 32)
WLD - - - http://10.10.11.192/e94fbbcc871f4b67bf177518a98408f5 => http://10.10.11.192/
403 GET 9l 28w 277c http://10.10.11.192/.hta
403 GET 9l 28w 277c http://10.10.11.192/.hta.txt
403 GET 9l 28w 277c http://10.10.11.192/.htaccess
403 GET 9l 28w 277c http://10.10.11.192/.htpasswd
301 GET 9l 28w 313c http://10.10.11.192/assets => http://10.10.11.192/assets/
403 GET 9l 28w 277c http://10.10.11.192/server-status
```

20
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-80-http/Known Security.md Normal file
View File

@@ -0,0 +1,20 @@
```bash
curl -sSikf http://10.10.11.192:80/.well-known/security.txt
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_known-security.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_known-security.txt):
```
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 12:47:19 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=d3i3qcs728jpbg815l36oh8001; path=/
Location: /
Content-Length: 0
Content-Type: text/html; charset=UTF-8
```

2965
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-80-http/Nmap HTTP.md Normal file
View File

File diff suppressed because it is too large Load Diff

11
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-80-http/Virtual Host Enumeration.md Normal file
View File

@@ -0,0 +1,11 @@
```bash
curl -sk -o /dev/null -H "Host: VUkAUEoEYbBCjSGEdvRV.pollution.htb" http://pollution.htb:80/ -w "%{size_download}"
``````bash
ffuf -u http://pollution.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.pollution.htb" -fs 26197 -noninteractive -s | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_pollution.htb_vhosts_subdomains-top1million-110000.txt"
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_pollution.htb_vhosts_subdomains-top1million-110000.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_pollution.htb_vhosts_subdomains-top1million-110000.txt):
```
```

97
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-80-http/whatweb.md Normal file
View File

@@ -0,0 +1,97 @@
```bash
whatweb --color=never --no-errors -a 3 -v http://10.10.11.192:80 2>&1
```
[/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_whatweb.txt):
```
WhatWeb report for http://10.10.11.192:80
Status : 200 OK
Title : Home
IP : 10.10.11.192
Country : RESERVED, ZZ
Summary : Apache[2.4.54], Bootstrap, Cookies[PHPSESSID], Email[info@collect.htb], HTML5, HTTPServer[Debian Linux][Apache/2.4.54 (Debian)], JQuery[2.1.0], Lightbox, Script
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.54 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Website : https://getbootstrap.com/
[ Cookies ]
Display the names of cookies in the HTTP headers. The
values are not returned to save on space.
String : PHPSESSID
[ Email ]
Extract email addresses. Find valid email address and
syntactically invalid email addresses from mailto: link
tags. We match syntactically invalid links containing
mailto: to catch anti-spam email addresses, eg. bob at
gmail.com. This uses the simplified email regular
expression from
http://www.regular-expressions.info/email.html for valid
email address matching.
String : info@collect.htb
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Debian Linux
String : Apache/2.4.54 (Debian) (from server string)
[ JQuery ]
A fast, concise, JavaScript that simplifies how to traverse
HTML documents, handle events, perform animations, and add
AJAX.
Version : 2.1.0
Website : http://jquery.com/
[ Lightbox ]
Javascript for nice image popups
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
HTTP Headers:
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:47:22 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=e25at833co0gnbpq5t57vg8rgm; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3588
Connection: close
Content-Type: text/html; charset=UTF-8
```

3
HTB/pollution/results/10.10.11.192/report/report.md/10.10.11.192/Services/Service - tcp-80-http/wkhtmltoimage.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
wkhtmltoimage --format png http://10.10.11.192:80/ /home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_screenshot.png
```

64
HTB/pollution/results/10.10.11.192/scans/_commands.log Normal file
View File

@@ -0,0 +1,64 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.192
feroxbuster -u http://10.10.11.192:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://10.10.11.192:80/.well-known/security.txt
curl -sSikf http://10.10.11.192:80/robots.txt
curl -sSik http://10.10.11.192:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.192
curl -sk -o /dev/null -H "Host: VUkAUEoEYbBCjSGEdvRV.pollution.htb" http://pollution.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://10.10.11.192:80 2>&1
wkhtmltoimage --format png http://10.10.11.192:80/ /home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://pollution.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.pollution.htb" -fs 26197 -noninteractive -s | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_pollution.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sV -p 6379 --script="banner,redis-info" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/xml/tcp_6379_redis_nmap.xml" 10.10.11.192
redis-cli -p 6379 -h 10.10.11.192 INFO
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml" 10.10.11.192
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.192
feroxbuster -u http://10.10.11.192:80/ -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
curl -sSikf http://10.10.11.192:80/.well-known/security.txt
curl -sSikf http://10.10.11.192:80/robots.txt
curl -sSik http://10.10.11.192:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.192
curl -sk -o /dev/null -H "Host: ovWChgwCrPcoHnzXohzo.collect.htb" http://collect.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://10.10.11.192:80 2>&1
wkhtmltoimage --format png http://10.10.11.192:80/ /home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://collect.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.collect.htb" -fs 26197 -noninteractive -s | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_collect.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sV -p 6379 --script="banner,redis-info" -oN "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt" -oX "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/xml/tcp_6379_redis_nmap.xml" 10.10.11.192
redis-cli -p 6379 -h 10.10.11.192 INFO

31
HTB/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,31 @@
# Nmap 7.93 scan initiated Fri Feb 3 08:07:14 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml 10.10.11.192
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.026s latency).
Scanned at 2023-02-03 08:07:14 CET for 213s
Not shown: 65532 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey:
| 3072 db1d5c65729bc64330a52ba0f01ad5fc (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=
| 256 4f7956c5bf20f9f14b9238edcefaac78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=
| 256 df47554f4ad178a89dcdf8a02fc0fca9 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz
80/tcp open http syn-ack Apache httpd 2.4.54 ((Debian))
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.54 (Debian)
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
|_http-title: Home
|_http-favicon: Unknown favicon MD5: C797F0B9A0242854B3C20DEC6614399C
|_http-trane-info: Problem with XML parsing of /evox/about
6379/tcp open redis syn-ack Redis key-value store
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Feb 3 08:10:47 2023 -- 1 IP address (1 host up) scanned in 213.32 seconds

64
HTB/pollution/results/10.10.11.192/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,64 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.10.11.192
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.10.11.192
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://10.10.11.192:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.10.11.192/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.10.11.192 -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.10.11.192/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.10.11.192 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://10.10.11.192:80 2>&1 | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://10.10.11.192:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.10.11.192
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.10.11.192
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://10.10.11.192:80 -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.10.11.192/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.10.11.192 -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.10.11.192/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.10.11.192 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://10.10.11.192:80 2>&1 | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://10.10.11.192:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_wpscan.txt"

4
HTB/pollution/results/10.10.11.192/scans/_patterns.log Normal file
View File

@@ -0,0 +1,4 @@
Identified HTTP Server: Apache/2.4.54 (Debian)
Identified HTTP Server: Apache/2.4.54 (Debian)

30
HTB/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,30 @@
# Nmap 7.93 scan initiated Fri Feb 3 08:07:14 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml 10.10.11.192
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.024s latency).
Scanned at 2023-02-03 08:07:14 CET for 20s
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey:
| 3072 db1d5c65729bc64330a52ba0f01ad5fc (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=
| 256 4f7956c5bf20f9f14b9238edcefaac78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=
| 256 df47554f4ad178a89dcdf8a02fc0fca9 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz
80/tcp open http syn-ack Apache httpd 2.4.54 ((Debian))
|_http-title: Home
|_http-server-header: Apache/2.4.54 (Debian)
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
|_http-trane-info: Problem with XML parsing of /evox/about
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-favicon: Unknown favicon MD5: C797F0B9A0242854B3C20DEC6614399C
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Feb 3 08:07:34 2023 -- 1 IP address (1 host up) scanned in 20.98 seconds

43
HTB/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt Normal file
View File

@@ -0,0 +1,43 @@
# Nmap 7.93 scan initiated Thu Feb 2 13:46:42 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml 10.10.11.192
Warning: 10.10.11.192 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.192 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.192 from 200 to 400 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.192 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.092s latency).
Scanned at 2023-02-02 13:46:43 CET for 246s
Not shown: 87 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
49/udp open|filtered tacacs no-response
68/udp open|filtered dhcpc no-response
137/udp open|filtered netbios-ns no-response
158/udp open|filtered pcmail-srv no-response
500/udp open|filtered isakmp no-response
518/udp open|filtered ntalk no-response
1701/udp open|filtered L2TP no-response
1719/udp open|filtered h323gatestat no-response
5353/udp open|filtered zeroconf no-response
30718/udp open|filtered unknown no-response
32815/udp open|filtered unknown no-response
49194/udp open|filtered unknown no-response
49200/udp open|filtered unknown no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/2%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63DBB1A9%P=x86_64-pc-linux-gnu)
SEQ(CI=Z%II=I)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 32768/udp)
HOP RTT ADDRESS
1 44.74 ms 10.10.16.1
2 77.07 ms pollution.htb (10.10.11.192)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 2 13:50:49 2023 -- 1 IP address (1 host up) scanned in 246.87 seconds

62
HTB/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,62 @@
# Nmap 7.93 scan initiated Fri Feb 3 08:07:35 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.192
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.033s latency).
Scanned at 2023-02-03 08:07:35 CET for 5s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
|_banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
| ssh2-enum-algos:
| kex_algorithms: (9)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-hostkey:
| 3072 db1d5c65729bc64330a52ba0f01ad5fc (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=
| 256 4f7956c5bf20f9f14b9238edcefaac78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=
| 256 df47554f4ad178a89dcdf8a02fc0fca9 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Feb 3 08:07:40 2023 -- 1 IP address (1 host up) scanned in 5.05 seconds

100
HTB/pollution/results/10.10.11.192/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,100 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Fri Feb 3 08:07:35 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.192" start="1675408055" startstr="Fri Feb 3 08:07:35 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675408055"/>
<taskend task="NSE" time="1675408055"/>
<taskbegin task="NSE" time="1675408055"/>
<taskend task="NSE" time="1675408055"/>
<taskbegin task="Connect Scan" time="1675408055"/>
<taskend task="Connect Scan" time="1675408055" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675408055"/>
<taskend task="Service scan" time="1675408056" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675408056"/>
<taskend task="NSE" time="1675408060"/>
<taskbegin task="NSE" time="1675408060"/>
<taskend task="NSE" time="1675408060"/>
<host starttime="1675408055" endtime="1675408060"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.192" addrtype="ipv4"/>
<hostnames>
<hostname name="pollution.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.4p1 Debian 5+deb11u1" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.4p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script><script id="banner" output="SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1"/><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (9)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (5)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ssh-rsa&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ssh-rsa</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script><script id="ssh-hostkey" output="&#xa; 3072 db1d5c65729bc64330a52ba0f01ad5fc (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=&#xa; 256 4f7956c5bf20f9f14b9238edcefaac78 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=&#xa; 256 df47554f4ad178a89dcdf8a02fc0fca9 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz"><table>
<elem key="type">ssh-rsa</elem>
<elem key="bits">3072</elem>
<elem key="fingerprint">db1d5c65729bc64330a52ba0f01ad5fc</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=</elem>
</table>
<table>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">4f7956c5bf20f9f14b9238edcefaac78</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=</elem>
</table>
<table>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">df47554f4ad178a89dcdf8a02fc0fca9</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz</elem>
</table>
</script></port>
</ports>
<times srtt="33281" rttvar="33281" to="166405"/>
</host>
<taskbegin task="NSE" time="1675408060"/>
<taskend task="NSE" time="1675408060"/>
<taskbegin task="NSE" time="1675408060"/>
<taskend task="NSE" time="1675408060"/>
<runstats><finished time="1675408060" timestr="Fri Feb 3 08:07:40 2023" summary="Nmap done at Fri Feb 3 08:07:40 2023; 1 IP address (1 host up) scanned in 5.05 seconds" elapsed="5.05" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

2
HTB/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_info.txt Normal file
View File

@@ -0,0 +1,2 @@
NOAUTH Authentication required.

11
HTB/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt Normal file
View File

@@ -0,0 +1,11 @@
# Nmap 7.93 scan initiated Fri Feb 3 08:10:47 2023 as: nmap -vv --reason -Pn -T4 -sV -p 6379 --script=banner,redis-info -oN /home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/xml/tcp_6379_redis_nmap.xml 10.10.11.192
Nmap scan report for pollution.htb (10.10.11.192)
Host is up, received user-set (0.081s latency).
Scanned at 2023-02-03 08:10:47 CET for 32s
PORT STATE SERVICE REASON VERSION
6379/tcp open redis syn-ack Redis key-value store
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Feb 3 08:11:19 2023 -- 1 IP address (1 host up) scanned in 31.97 seconds

36
HTB/pollution/results/10.10.11.192/scans/tcp6379/xml/tcp_6379_redis_nmap.xml Normal file
View File

@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Fri Feb 3 08:10:47 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 6379 -&#45;script=banner,redis-info -oN /home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/xml/tcp_6379_redis_nmap.xml 10.10.11.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 6379 -&#45;script=banner,redis-info -oN /home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/tcp_6379_redis_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/tcp6379/xml/tcp_6379_redis_nmap.xml 10.10.11.192" start="1675408247" startstr="Fri Feb 3 08:10:47 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="6379"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675408247"/>
<taskend task="NSE" time="1675408247"/>
<taskbegin task="NSE" time="1675408247"/>
<taskend task="NSE" time="1675408247"/>
<taskbegin task="Connect Scan" time="1675408247"/>
<taskend task="Connect Scan" time="1675408247" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675408247"/>
<taskend task="Service scan" time="1675408264" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675408264"/>
<taskend task="NSE" time="1675408279"/>
<taskbegin task="NSE" time="1675408279"/>
<taskend task="NSE" time="1675408279"/>
<host starttime="1675408247" endtime="1675408279"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.192" addrtype="ipv4"/>
<hostnames>
<hostname name="pollution.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="redis" product="Redis key-value store" method="probed" conf="10"/></port>
</ports>
<times srtt="80760" rttvar="80760" to="403800"/>
</host>
<taskbegin task="NSE" time="1675408279"/>
<taskend task="NSE" time="1675408279"/>
<taskbegin task="NSE" time="1675408279"/>
<taskend task="NSE" time="1675408279"/>
<runstats><finished time="1675408279" timestr="Fri Feb 3 08:11:19 2023" summary="Nmap done at Fri Feb 3 08:11:19 2023; 1 IP address (1 host up) scanned in 31.97 seconds" elapsed="31.97" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

2
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_collect.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

@@ -0,0 +1,2 @@
forum
developers

11
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_curl-robots.txt Normal file
View File

@@ -0,0 +1,11 @@
HTTP/1.1 302 Found
Date: Fri, 03 Feb 2023 07:07:35 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=dtt3tl0qqpv8ff4j3de0uqun2e; path=/
Location: /
Content-Length: 0
Content-Type: text/html; charset=UTF-8

553
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,553 @@
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:07:35 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=tccj1lio5mh8tvhnfskj4qn9k5; path=/
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<link href="https://fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800,900&display=swap" rel="stylesheet">
<title>Home</title>
<!--
Breezed Template
https://templatemo.com/tm-543-breezed
-->
<!-- Additional CSS Files -->
<link rel="stylesheet" type="text/css" href="assets/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="assets/css/font-awesome.css">
<link rel="stylesheet" href="assets/css/templatemo-breezed.css">
<link rel="stylesheet" href="assets/css/owl-carousel.css">
<link rel="stylesheet" href="assets/css/lightbox.css">
</head>
<body>
<!-- ***** Preloader Start ***** -->
<div id="preloader">
<div class="jumper">
<div></div>
<div></div>
<div></div>
</div>
</div>
<!-- ***** Preloader End ***** -->
<!-- ***** Header Area Start ***** -->
<header class="header-area header-sticky">
<div class="container">
<div class="row">
<div class="col-12">
<nav class="main-nav">
<!-- ***** Logo Start ***** -->
<a href="/" class="logo">
COLLECT
</a>
<!-- ***** Logo End ***** -->
<!-- ***** Menu Start ***** -->
<ul class="nav">
<li class="scroll-to-section"><a href="#top" class="active">Start</a></li>
<li class="scroll-to-section"><a href="#about">About</a></li>
<li class="scroll-to-section"><a href="#projects">Projects</a></li>
<li class="scroll-to-section"><a href="#contact-us">Contact Us</a></li>
<li class="scroll-to-section"><a href="/login">Login</a></li>
<li class="scroll-to-section"><a href="/register">Register</a></li>
</ul>
<a class='menu-trigger'>
<span>Menu</span>
</a>
<!-- ***** Menu End ***** -->
</nav>
</div>
</div>
</div>
</header>
<!-- ***** Header Area End ***** -->
<!-- ***** Search Area ***** -->
<div id="search">
<button type="button" class="close">×</button>
<form id="contact" action="#" method="get">
<fieldset>
<input type="search" name="q" placeholder="SEARCH KEYWORD(s)" aria-label="Search through site content">
</fieldset>
<fieldset>
<button type="submit" class="main-button">Search</button>
</fieldset>
</form>
</div>
<!-- ***** Main Banner Area Start ***** -->
<div class="main-banner header-text" id="top">
<div class="Modern-Slider">
<!-- Item -->
<div class="item">
<div class="img-fill">
<img src="assets/images/slide-01.png" alt="">
<div class="text-content">
<h3>Welcome To Collect</h3>
<h5>A cleaner world</h5>
</div>
</div>
</div>
<!-- // Item -->
<!-- Item -->
<!-- // Item -->
</div>
</div>
<div class="scroll-down scroll-to-section"><a href="#about"><i class="fa fa-arrow-down"></i></a></div>
<!-- ***** Main Banner Area End ***** -->
<!-- ***** About Area Starts ***** -->
<section class="section" id="about">
<div class="container">
<div class="row">
<div class="col-lg-6 col-md-6 col-xs-12">
<div class="left-text-content">
<div class="section-heading">
<h6>About Us</h6>
<h2>We work with top brands and startups</h2>
</div>
<div class="row">
<div class="col-md-6 col-sm-6">
<div class="service-item">
<img src="assets/images/service-item-01.png" alt="">
<h4>Top Notch</h4>
</div>
</div>
<div class="col-md-6 col-sm-6">
<div class="service-item">
<img src="assets/images/service-item-01.png" alt="">
<h4>Robust</h4>
</div>
</div>
<div class="col-md-6 col-sm-6">
<div class="service-item">
<img src="assets/images/contact-info-03.png" alt="">
<h4>Reliable</h4>
</div>
</div>
<div class="col-md-6 col-sm-6">
<div class="service-item">
<img src="assets/images/contact-info-03.png" alt="">
<h4>Up-to-date</h4>
</div>
</div>
</div>
</div>
</div>
<div class="col-lg-6 col-md-6 col-xs-12">
<div class="right-text-content">
<p>Collect is a recycling, agriculture and technology company</p>
<br><br>Our services guarantee a garden and environmental hygiene to the contractor
<br><br>If you want to get in touch, use Contact Us on our website.
<br><br>We are in the process of creating an API that monitors pollution and deforestation in some popular environments in a given region. If you are interested in using this API, please register on our website.
</div>
</div>
</div>
</div>
</section>
<!-- ***** About Area Ends ***** -->
<!-- ***** Features Big Item Start ***** -->
<section class="section" id="features">
<div class="container">
<div class="row">
<div class="col-lg-4 col-md-6 col-sm-12 col-xs-12" data-scroll-reveal="enter left move 30px over 0.6s after 0.4s">
<div class="features-item">
<div class="features-icon">
<img src="assets/images/features-icon-1.png" alt="">
</div>
<div class="features-content">
<h4>Initial Work</h4>
<p>Proin euismod sem ut diam ultricies, ut faucibus velit ultricies. Nam eu turpis quam. Duis ac condimentum eros.</p>
</div>
</div>
</div>
<div class="col-lg-4 col-md-6 col-sm-12 col-xs-12" data-scroll-reveal="enter bottom move 30px over 0.6s after 0.4s">
<div class="features-item">
<div class="features-icon">
<img src="assets/images/features-icon-1.png" alt="">
</div>
<div class="features-content">
<h4>Master Planning</h4>
<p>Proin euismod sem ut diam ultricies, ut faucibus velit ultricies. Nam eu turpis quam. Duis ac condimentum eros.</p>
</div>
</div>
</div>
<div class="col-lg-4 col-md-6 col-sm-12 col-xs-12" data-scroll-reveal="enter right move 30px over 0.6s after 0.4s">
<div class="features-item">
<div class="features-icon">
<img src="assets/images/features-icon-1.png" alt="">
</div>
<div class="features-content">
<h4>Smooth Execution</h4>
<p>Proin euismod sem ut diam ultricies, ut faucibus velit ultricies. Nam eu turpis quam. Duis ac condimentum eros.</p>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Features Big Item End ***** -->
<!-- ***** Features Big Item Start ***** -->
<section class="section" id="subscribe">
<div class="container">
<div class="row">
<div class="col-lg-8 offset-lg-2">
<div class="section-heading" style="color: black">
<h6>Subscribe Newsletters</h6>
<h2>Dont miss this chance!</h2>
</div>
<div class="subscribe-content">
<p style="color: black">Vivamus suscipit blandit nibh, in cursus mi. Proin vel blandit metus, et auctor elit. Vivamus tincidunt tristique convallis. Ut nec odio vel arcu euismod semper nec ac sem.</p>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Features Big Item End ***** -->
<!-- ***** Projects Area Starts ***** -->
<section class="section" id="projects">
<div class="container">
<div class="row">
<div class="col-lg-3">
<div class="section-heading">
<h6>Our Projects</h6>
<h2>Some of our latest projects</h2>
</div>
</div>
<div class="col-lg-9">
<div class="filters-content">
<div class="row grid">
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all des">
<div class="item">
<a href="assets/images/item-01.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-01.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12 all dev">
<div class="item">
<a href="assets/images/item-02.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-02.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all gra">
<div class="item">
<a href="assets/images/item-03.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-03.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all tsh">
<div class="item">
<a href="assets/images/item-04.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-04.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all dev">
<div class="item">
<a href="assets/images/item-05.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-05.jpg" alt=""></a>
</div>
</div>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12 all des">
<div class="item">
<a href="assets/images/item-06.jpg" data-lightbox="image-1" data-title="Our Projects"><img src="assets/images/item-06.jpg" alt=""></a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Projects Area Ends ***** -->
<!-- ***** Testimonials Starts ***** -->
<section class="section" id="testimonials">
<div class="container">
<div class="row">
<div class="col-lg-12">
<div class="section-heading" style="color: black">
<h6>Digital Team</h6>
<h2>young and talented members</h2>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12 mobile-bottom-fix-big" data-scroll-reveal="enter left move 30px over 0.6s after 0.4s">
<div class="owl-carousel owl-theme">
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-01.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.01 White Cheese</h4>
<span>Digital Marketer</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-04.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.02 Snow Mary</h4>
<span>Site Analyst</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-02.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.03 Johnny Egg</h4>
<span>Digital Influencer</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-05.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.04 Catherine Phyu</h4>
<span>Co Founder</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-03.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.05 Shao Lynn</h4>
<span>Chief Marketing</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-04.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.06 Emma Honey</h4>
<span>Digital Influencer</span>
</div>
<div class="item author-item">
<div class="member-thumb">
<img src="assets/images/member-item-06.jpg" alt="">
<div class="hover-effect">
<div class="hover-content">
<ul>
<li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a href="#"><i class="fa fa-rss"></i></a></li>
</ul>
</div>
</div>
</div>
<h4>.07 Oliva Sofie</h4>
<span>Website Analyst</span>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Testimonials Ends ***** -->
<!-- ***** Contact Us Area Starts ***** -->
<section class="section" id="contact-us">
<div class="container">
<div class="row">
<div class="col-lg-4 col-md-4 col-xs-12">
<div class="left-text-content">
<div class="section-heading">
<h6>Contact Us</h6>
<h2>Feel free to keep in touch with us!</h2>
</div>
<ul class="contact-info">
<li><img src="assets/images/contact-info-01.png" alt="">010-020-0860</li>
<li><img src="assets/images/contact-info-02.png" alt="">info@collect.htb</li>
<li><img src="assets/images/contact-info-03.png" alt="">collect.htb</li>
</ul>
</div>
</div>
<div class="col-lg-8 col-md-8 col-xs-12">
<div class="contact-form">
<form id="contact" action="" method="get">
<div class="row">
<div class="col-md-6 col-sm-12">
<fieldset>
<input name="name" type="text" id="name" placeholder="Your Name *" required="">
</fieldset>
</div>
<div class="col-md-6 col-sm-12">
<fieldset>
<input name="phone" type="text" id="phone" placeholder="Your Phone" required="">
</fieldset>
</div>
<div class="col-md-6 col-sm-12">
<fieldset>
<input name="email" type="email" id="email" placeholder="Your Email *" required="">
</fieldset>
</div>
<div class="col-md-6 col-sm-12">
<fieldset>
<input name="subject" type="text" id="subject" placeholder="Subject">
</fieldset>
</div>
<div class="col-lg-12">
<fieldset>
<textarea name="message" rows="6" id="message" placeholder="Message" required=""></textarea>
</fieldset>
</div>
<div class="col-lg-12">
<fieldset>
<button type="submit" id="form-submit" class="main-button-icon">Send Message Now <i class="fa fa-arrow-right"></i></button>
</fieldset>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</section>
<!-- ***** Contact Us Area Ends ***** -->
<!-- ***** Footer Start ***** -->
<footer>
<div class="container">
<div class="row">
<div class="col-lg-6 col-xs-12">
<div class="left-text-content">
<p>Copyright &copy; 2022 Collect
</div>
</div>
<div class="col-lg-6 col-xs-12">
<div class="right-text-content">
<ul class="social-icons">
<li><p>Follow Us</p></li>
<li><a rel="nofollow" href="#"><i class="fa fa-facebook"></i></a></li>
<li><a rel="nofollow" href="#"><i class="fa fa-twitter"></i></a></li>
<li><a rel="nofollow" href="#"><i class="fa fa-linkedin"></i></a></li>
<li><a rel="nofollow" href="#"><i class="fa fa-dribbble"></i></a></li>
</ul>
</div>
</div>
</div>
</div>
</footer>
<!-- jQuery -->
<script src="assets/js/jquery-2.1.0.min.js"></script>
<!-- Bootstrap -->
<script src="assets/js/popper.js"></script>
<script src="assets/js/bootstrap.min.js"></script>
<!-- Plugins -->
<script src="assets/js/owl-carousel.js"></script>
<script src="assets/js/scrollreveal.min.js"></script>
<script src="assets/js/waypoints.min.js"></script>
<script src="assets/js/jquery.counterup.min.js"></script>
<script src="assets/js/imgfix.min.js"></script>
<script src="assets/js/slick.js"></script>
<script src="assets/js/lightbox.js"></script>
<script src="assets/js/isotope.js"></script>
<!-- Global Init -->
<script src="assets/js/custom.js"></script>
<script>
$(function() {
var selectedClass = "";
$("p").click(function(){
selectedClass = $(this).attr("data-rel");
$("#portfolio").fadeTo(50, 0.1);
$("#portfolio div").not("."+selectedClass).fadeOut();
setTimeout(function() {
$("."+selectedClass).fadeIn();
$("#portfolio").fadeTo(50, 1);
}, 500);
});
});
</script>
</body>
</html>

8
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt Normal file
View File

@@ -0,0 +1,8 @@
WLD GET 0l 0w 0c Got 302 for http://10.10.11.192/e94fbbcc871f4b67bf177518a98408f5 (url length: 32)
WLD - - - http://10.10.11.192/e94fbbcc871f4b67bf177518a98408f5 => http://10.10.11.192/
403 GET 9l 28w 277c http://10.10.11.192/.hta
403 GET 9l 28w 277c http://10.10.11.192/.hta.txt
403 GET 9l 28w 277c http://10.10.11.192/.htaccess
403 GET 9l 28w 277c http://10.10.11.192/.htpasswd
301 GET 9l 28w 313c http://10.10.11.192/assets => http://10.10.11.192/assets/
403 GET 9l 28w 277c http://10.10.11.192/server-status

0
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt Normal file
View File

11
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_known-security.txt Normal file
View File

@@ -0,0 +1,11 @@
HTTP/1.1 302 Found
Date: Fri, 03 Feb 2023 07:07:35 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=5ratif650bp4h0heihs5larbt4; path=/
Location: /
Content-Length: 0
Content-Type: text/html; charset=UTF-8

4301
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

File diff suppressed because it is too large Load Diff

0
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_pollution.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

BIN
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 MiB

88
HTB/pollution/results/10.10.11.192/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,88 @@
WhatWeb report for http://10.10.11.192:80
Status : 200 OK
Title : Home
IP : 10.10.11.192
Country : RESERVED, ZZ
Summary : Apache[2.4.54], Bootstrap, Cookies[PHPSESSID], Email[info@collect.htb], HTML5, HTTPServer[Debian Linux][Apache/2.4.54 (Debian)], JQuery[2.1.0], Lightbox, Script
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.54 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Website : https://getbootstrap.com/
[ Cookies ]
Display the names of cookies in the HTTP headers. The
values are not returned to save on space.
String : PHPSESSID
[ Email ]
Extract email addresses. Find valid email address and
syntactically invalid email addresses from mailto: link
tags. We match syntactically invalid links containing
mailto: to catch anti-spam email addresses, eg. bob at
gmail.com. This uses the simplified email regular
expression from
http://www.regular-expressions.info/email.html for valid
email address matching.
String : info@collect.htb
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Debian Linux
String : Apache/2.4.54 (Debian) (from server string)
[ JQuery ]
A fast, concise, JavaScript that simplifies how to traverse
HTML documents, handle events, perform animations, and add
AJAX.
Version : 2.1.0
Website : http://jquery.com/
[ Lightbox ]
Javascript for nice image popups
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
HTTP Headers:
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 07:07:38 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=sk9h59k3da2faj96mes6r86n7p; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3588
Connection: close
Content-Type: text/html; charset=UTF-8

155
HTB/pollution/results/10.10.11.192/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

File diff suppressed because one or more lines are too long

79
HTB/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Fri Feb 3 08:07:14 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml 10.10.11.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_full_tcp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_full_tcp_nmap.xml 10.10.11.192" start="1675408034" startstr="Fri Feb 3 08:07:14 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675408034"/>
<taskend task="NSE" time="1675408034"/>
<taskbegin task="NSE" time="1675408034"/>
<taskend task="NSE" time="1675408034"/>
<taskbegin task="NSE" time="1675408034"/>
<taskend task="NSE" time="1675408034"/>
<taskbegin task="Connect Scan" time="1675408034"/>
<taskprogress task="Connect Scan" time="1675408065" percent="38.95" remaining="49" etc="1675408114"/>
<taskend task="Connect Scan" time="1675408219" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1675408219"/>
<taskend task="Service scan" time="1675408235" extrainfo="3 services on 1 host"/>
<taskbegin task="NSE" time="1675408235"/>
<taskend task="NSE" time="1675408244"/>
<taskbegin task="NSE" time="1675408244"/>
<taskend task="NSE" time="1675408247"/>
<taskbegin task="NSE" time="1675408247"/>
<taskend task="NSE" time="1675408247"/>
<host starttime="1675408034" endtime="1675408247"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.192" addrtype="ipv4"/>
<hostnames>
<hostname name="pollution.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65532">
<extrareasons reason="conn-refused" count="65532" proto="tcp" ports="1-21,23-79,81-6378,6380-65535"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.4p1 Debian 5+deb11u1" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.4p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 db1d5c65729bc64330a52ba0f01ad5fc (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=&#xa; 256 4f7956c5bf20f9f14b9238edcefaac78 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=&#xa; 256 df47554f4ad178a89dcdf8a02fc0fca9 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz"><table>
<elem key="bits">3072</elem>
<elem key="fingerprint">db1d5c65729bc64330a52ba0f01ad5fc</elem>
<elem key="type">ssh-rsa</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=</elem>
</table>
<table>
<elem key="bits">256</elem>
<elem key="fingerprint">4f7956c5bf20f9f14b9238edcefaac78</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=</elem>
</table>
<table>
<elem key="bits">256</elem>
<elem key="fingerprint">df47554f4ad178a89dcdf8a02fc0fca9</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="Apache httpd" version="2.4.54" extrainfo="(Debian)" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.54</cpe></service><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-server-header" output="Apache/2.4.54 (Debian)"><elem>Apache/2.4.54 (Debian)</elem>
</script><script id="http-cookie-flags" output="&#xa; /: &#xa; PHPSESSID: &#xa; httponly flag not set"><table key="/">
<table key="PHPSESSID">
<elem>httponly flag not set</elem>
</table>
</table>
</script><script id="http-title" output="Home"><elem key="title">Home</elem>
</script><script id="http-favicon" output="Unknown favicon MD5: C797F0B9A0242854B3C20DEC6614399C"/><script id="http-trane-info" output="Problem with XML parsing of /evox/about"/></port>
<port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="redis" product="Redis key-value store" method="probed" conf="10"/></port>
</ports>
<times srtt="26022" rttvar="1620" to="100000"/>
</host>
<taskbegin task="NSE" time="1675408247"/>
<taskend task="NSE" time="1675408247"/>
<taskbegin task="NSE" time="1675408247"/>
<taskend task="NSE" time="1675408247"/>
<taskbegin task="NSE" time="1675408247"/>
<taskend task="NSE" time="1675408247"/>
<runstats><finished time="1675408247" timestr="Fri Feb 3 08:10:47 2023" summary="Nmap done at Fri Feb 3 08:10:47 2023; 1 IP address (1 host up) scanned in 213.32 seconds" elapsed="213.32" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

77
HTB/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Fri Feb 3 08:07:14 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml 10.10.11.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_quick_tcp_nmap.xml 10.10.11.192" start="1675408034" startstr="Fri Feb 3 08:07:14 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675408034"/>
<taskend task="NSE" time="1675408034"/>
<taskbegin task="NSE" time="1675408034"/>
<taskend task="NSE" time="1675408034"/>
<taskbegin task="NSE" time="1675408034"/>
<taskend task="NSE" time="1675408034"/>
<taskbegin task="Connect Scan" time="1675408034"/>
<taskend task="Connect Scan" time="1675408036" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1675408036"/>
<taskend task="Service scan" time="1675408043" extrainfo="2 services on 1 host"/>
<taskbegin task="NSE" time="1675408043"/>
<taskend task="NSE" time="1675408051"/>
<taskbegin task="NSE" time="1675408051"/>
<taskend task="NSE" time="1675408054"/>
<taskbegin task="NSE" time="1675408054"/>
<taskend task="NSE" time="1675408054"/>
<host starttime="1675408034" endtime="1675408054"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.192" addrtype="ipv4"/>
<hostnames>
<hostname name="pollution.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="998">
<extrareasons reason="conn-refused" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.4p1 Debian 5+deb11u1" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.4p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 db1d5c65729bc64330a52ba0f01ad5fc (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=&#xa; 256 4f7956c5bf20f9f14b9238edcefaac78 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=&#xa; 256 df47554f4ad178a89dcdf8a02fc0fca9 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz"><table>
<elem key="type">ssh-rsa</elem>
<elem key="fingerprint">db1d5c65729bc64330a52ba0f01ad5fc</elem>
<elem key="bits">3072</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDMui8XsKyVnrUBcuXeZU88nULgmdJ08nPvDUTXgwL2A1dtQy2YKhqzg4HVQkI8nceWJbCJ/3wKd5PiVeA8L8uBU3DhRpjIMfK3A08aXPtSXpN/lM5GlZztC1AroPGfB8tDce158l5p8vNYkv6my2qxa8CBhiLjO5F2HBVwWY1jHZBPdkigzYKzscvqpbHBk/T4dG64OCEmm79DH01Hq8SA95xLln1xxwuPhQ68s+exCSTB/f/taLnzHoT2qh5wAoWqF912JUMKn1Ojvv5SpJDFNUNBAFgaLHf20GQpO8UxYqw/ZFZfHhKPf7Rz3bhhoKv/ZL0xYN4MleEFxFpej05oADTpHfrABzbkX2C0w6KmzNZIsZaxx1kO9DIDeQprRErTdXKXZD6Ym9CZ1cAPbilwMS945UvZigCLHhFri0iLhoYpdEFBX4kKraqTvxncUQNHibA1Y3rnavpB9XVd/Pdkd5PevNy2UEK253S+Mx/dr4VWB94xwx7C3QCjAQXE5V8=</elem>
</table>
<table>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="fingerprint">4f7956c5bf20f9f14b9238edcefaac78</elem>
<elem key="bits">256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElwFQd0JPcl/MeO0FRD3rz9Fic4TamcO+q2eUjp2HIDCf6HEE+saKGVUmnue904NvlnyyhJJCAZ3MV3yEJnhds=</elem>
</table>
<table>
<elem key="type">ssh-ed25519</elem>
<elem key="fingerprint">df47554f4ad178a89dcdf8a02fc0fca9</elem>
<elem key="bits">256</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIDnd0IxAYF7SPECTCC3VhgzZJa4ZUpSQ/6DYR6fXIXRz</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="Apache httpd" version="2.4.54" extrainfo="(Debian)" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.54</cpe></service><script id="http-title" output="Home"><elem key="title">Home</elem>
</script><script id="http-server-header" output="Apache/2.4.54 (Debian)"><elem>Apache/2.4.54 (Debian)</elem>
</script><script id="http-cookie-flags" output="&#xa; /: &#xa; PHPSESSID: &#xa; httponly flag not set"><table key="/">
<table key="PHPSESSID">
<elem>httponly flag not set</elem>
</table>
</table>
</script><script id="http-trane-info" output="Problem with XML parsing of /evox/about"/><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-favicon" output="Unknown favicon MD5: C797F0B9A0242854B3C20DEC6614399C"/></port>
</ports>
<times srtt="24117" rttvar="141" to="100000"/>
</host>
<taskbegin task="NSE" time="1675408054"/>
<taskend task="NSE" time="1675408054"/>
<taskbegin task="NSE" time="1675408054"/>
<taskend task="NSE" time="1675408054"/>
<taskbegin task="NSE" time="1675408054"/>
<taskend task="NSE" time="1675408054"/>
<runstats><finished time="1675408054" timestr="Fri Feb 3 08:07:34 2023" summary="Nmap done at Fri Feb 3 08:07:34 2023; 1 IP address (1 host up) scanned in 20.98 seconds" elapsed="20.98" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

71
HTB/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml Normal file
View File

@@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Thu Feb 2 13:46:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml 10.10.11.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/pollution/results/10.10.11.192/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/pollution/results/10.10.11.192/scans/xml/_top_100_udp_nmap.xml 10.10.11.192" start="1675342002" startstr="Thu Feb 2 13:46:42 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="udp" protocol="udp" numservices="100" services="7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675342003"/>
<taskend task="NSE" time="1675342003"/>
<taskbegin task="NSE" time="1675342003"/>
<taskend task="NSE" time="1675342003"/>
<taskbegin task="NSE" time="1675342003"/>
<taskend task="NSE" time="1675342003"/>
<taskbegin task="UDP Scan" time="1675342003"/>
<taskend task="UDP Scan" time="1675342094" extrainfo="100 total ports"/>
<taskbegin task="Service scan" time="1675342094"/>
<taskprogress task="Service scan" time="1675342154" percent="7.69" remaining="720" etc="1675342874"/>
<taskend task="Service scan" time="1675342191" extrainfo="13 services on 1 host"/>
<taskbegin task="Traceroute" time="1675342193"/>
<taskend task="Traceroute" time="1675342193"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675342193"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675342204"/>
<taskbegin task="NSE" time="1675342204"/>
<taskprogress task="NSE" time="1675342235" percent="99.50" remaining="1" etc="1675342235"/>
<taskend task="NSE" time="1675342248"/>
<taskbegin task="NSE" time="1675342248"/>
<taskend task="NSE" time="1675342249"/>
<taskbegin task="NSE" time="1675342249"/>
<taskend task="NSE" time="1675342249"/>
<host starttime="1675342003" endtime="1675342249"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.192" addrtype="ipv4"/>
<hostnames>
<hostname name="pollution.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="87">
<extrareasons reason="port-unreach" count="87" proto="udp" ports="7,9,17,19,53,67,69,80,88,111,120,123,135-136,138-139,161-162,177,427,443,445,497,514-515,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1718,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5632,9200,10000,17185,20031,31337,32768-32769,32771,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49193,49201,65024"/>
</extraports>
<port protocol="udp" portid="49"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="tacacs" method="table" conf="3"/></port>
<port protocol="udp" portid="68"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="dhcpc" method="table" conf="3"/></port>
<port protocol="udp" portid="137"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ns" method="table" conf="3"/></port>
<port protocol="udp" portid="158"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="pcmail-srv" method="table" conf="3"/></port>
<port protocol="udp" portid="500"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
<port protocol="udp" portid="518"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="ntalk" method="table" conf="3"/></port>
<port protocol="udp" portid="1701"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="L2TP" method="table" conf="3"/></port>
<port protocol="udp" portid="1719"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="h323gatestat" method="table" conf="3"/></port>
<port protocol="udp" portid="5353"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="zeroconf" method="table" conf="3"/></port>
<port protocol="udp" portid="30718"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="32815"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49194"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49200"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
</ports>
<os><portused state="closed" proto="udp" portid="7"/>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/2%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63DBB1A9%P=x86_64-pc-linux-gnu)&#xa;SEQ(CI=Z%II=I)&#xa;T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)&#xa;IE(R=Y%DFI=N%T=40%CD=S)&#xa;"/>
</os>
<distance value="2"/>
<trace port="32768" proto="udp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="44.74"/>
<hop ttl="2" ipaddr="10.10.11.192" rtt="77.07" host="pollution.htb"/>
</trace>
<times srtt="91603" rttvar="41478" to="257515"/>
</host>
<taskbegin task="NSE" time="1675342249"/>
<taskend task="NSE" time="1675342249"/>
<taskbegin task="NSE" time="1675342249"/>
<taskend task="NSE" time="1675342249"/>
<taskbegin task="NSE" time="1675342249"/>
<taskend task="NSE" time="1675342249"/>
<runstats><finished time="1675342249" timestr="Thu Feb 2 13:50:49 2023" summary="Nmap done at Thu Feb 2 13:50:49 2023; 1 IP address (1 host up) scanned in 246.87 seconds" elapsed="246.87" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>