simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
HTB/soccer/results/scans/tcp80/tcp_80_http_curl-robots.txt Normal file
View File

@@ -0,0 +1,15 @@
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 27 Jan 2023 09:42:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://soccer.htb/robots.txt
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>

16
HTB/soccer/results/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,16 @@
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 27 Jan 2023 09:42:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://soccer.htb/
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>

17
HTB/soccer/results/scans/tcp80/tcp_80_http_dev_nikto.txt Normal file
View File

@@ -0,0 +1,17 @@
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 10.10.11.194
+ Target Hostname: dev.soccer.htb
+ Target Port: 80
+ Start Time: 2023-01-31 23:24:47 (GMT1)
---------------------------------------------------------------------------
+ Server: nginx/1.18.0 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: http://soccer.htb/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ 7863 requests: 0 error(s) and 3 item(s) reported on remote host
+ End Time: 2023-01-31 23:29:19 (GMT1) (272 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

2
HTB/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt Normal file
View File

@@ -0,0 +1,2 @@
WLD GET 7l 12w 178c Got 301 for http://10.10.11.194/805749485a5b4fe19ef44e590a9b4ed2 (url length: 32)
WLD - - - http://10.10.11.194/805749485a5b4fe19ef44e590a9b4ed2 => http://soccer.htb/805749485a5b4fe19ef44e590a9b4ed2

11
HTB/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt Normal file
View File

@@ -0,0 +1,11 @@
# Hydra v9.4 run at 2023-01-31 22:51:31 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
# Hydra v9.4 run at 2023-01-31 22:52:45 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
# Hydra v9.4 run at 2023-01-31 22:54:07 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
# Hydra v9.4 run at 2023-01-31 22:54:28 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -v -F http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
# Hydra v9.4 run at 2023-01-31 22:55:38 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -V http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
# Hydra v9.4 run at 2023-01-31 22:56:39 on dev.soccer.htb http-post-form (hydra -l soccer -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -V http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
# Hydra v9.4 run at 2023-01-31 22:57:48 on dev.soccer.htb http-post-form (hydra -l soccer -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -F http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
# Hydra v9.4 run at 2023-01-31 22:58:16 on dev.soccer.htb http-post-form (hydra -l soccer -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -F -V http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
# Hydra v9.4 run at 2023-01-31 23:05:05 on dev.soccer.htb http-post-form (hydra -L users -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -F http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
# Hydra v9.4 run at 2023-01-31 23:07:58 on dev.soccer.htb http-post-form (hydra -L users -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -F -t 64 -I http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
[80][http-post-form] host: dev.soccer.htb login: soccer password: lab4jay

15
HTB/soccer/results/scans/tcp80/tcp_80_http_known-security.txt Normal file
View File

@@ -0,0 +1,15 @@
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 27 Jan 2023 09:42:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://soccer.htb/.well-known/security.txt
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>

13
HTB/soccer/results/scans/tcp80/tcp_80_http_nikto.txt Normal file
View File

@@ -0,0 +1,13 @@
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 10.10.11.194
+ Target Hostname: 10.10.11.194
+ Target Port: 80
+ Start Time: 2023-01-31 22:21:34 (GMT1)
---------------------------------------------------------------------------
+ Server: nginx/1.18.0 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: http://soccer.htb/
+ No CGI Directories found (use '-C all' to force check all possible dirs)

115
HTB/soccer/results/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,115 @@
# Nmap 7.93 scan initiated Fri Jan 27 10:42:19 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.194
Nmap scan report for soccer.htb (10.10.11.194)
Host is up, received user-set (0.026s latency).
Scanned at 2023-01-27 10:42:19 CET for 70s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack nginx 1.18.0 (Ubuntu)
|_http-fetch: Please enter the complete path of the directory to save data in.
| http-referer-checker:
| Spidering limited to: maxpagecount=30
| https://cdn.jsdelivr.net:443/npm/bootstrap15.2.2/dist/js/bootstrap.bundle.min.js
| http://maxcdn.bootstrapcdn.com:80/bootstrap/4.1.1/js/bootstrap.min.js
| http://cdnjs.cloudflare.com:80/ajax/libs/jquery/3.2.1/jquery.min.js
|_ https://ajax.googleapis.com:443/ajax/libs/jquery/3.6.0/jquery.min.js
|_http-chrono: Request times for /; avg: 167.91ms; min: 157.46ms; max: 176.69ms
|_http-mobileversion-checker: No mobile version detected.
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1; jpg: 4
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_ Other: 1; jpg: 4
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-headers:
| Server: nginx/1.18.0 (Ubuntu)
| Date: Fri, 27 Jan 2023 09:42:28 GMT
| Content-Type: text/html
| Content-Length: 6917
| Last-Modified: Thu, 17 Nov 2022 08:07:11 GMT
| Connection: close
| ETag: "6375ebaf-1b05"
| Accept-Ranges: bytes
|
|_ (Request type: HEAD)
| http-vuln-cve2011-3192:
| VULNERABLE:
| Apache byterange filter DoS
| State: VULNERABLE
| IDs: CVE:CVE-2011-3192 BID:49303
| The Apache web server is vulnerable to a denial of service attack when numerous
| overlapping byte ranges are requested.
| Disclosure date: 2011-08-19
| References:
| https://seclists.org/fulldisclosure/2011/Aug/175
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
| https://www.securityfocus.com/bid/49303
|_ https://www.tenable.com/plugins/nessus/55976
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
| http-comments-displayer:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=soccer.htb
|
| Path: http://soccer.htb:80/
| Line number: 145
| Comment:
| <!-- /.container -->
|
| Path: http://soccer.htb:80/
| Line number: 142
| Comment:
| <!-- /.row -->
|
| Path: http://soccer.htb:80/
| Line number: 106
| Comment:
|_ <!-- Page Content -->
| http-vhosts:
|_128 names had status 301
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-php-version: Logo query returned unknown hash ad6ef659069e5f1721a5932f71942408
|_Credits query returned unknown hash ad6ef659069e5f1721a5932f71942408
|_http-title: Soccer - Index
|_http-errors: Couldn't find any error pages.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-date: Fri, 27 Jan 2023 09:42:28 GMT; 0s from local time.
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-feed: Couldn't find any feeds.
|_http-malware-host: Host appears to be clean
| http-methods:
|_ Supported Methods: GET HEAD
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Jan 27 10:43:30 2023 -- 1 IP address (1 host up) scanned in 70.83 seconds

BIN
HTB/soccer/results/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 MiB

0
HTB/soccer/results/scans/tcp80/tcp_80_http_soccer.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

2
HTB/soccer/results/scans/tcp80/tcp_80_http_tiny_form_hydra.txt Normal file
View File

@@ -0,0 +1,2 @@
# Hydra v9.4 run at 2023-02-01 11:12:33 on soccer.htb http-post-form (hydra -L users -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_tiny_form_hydra.txt -F -V http-post-form://soccer.htb/login.php:fm_usr=^USER^&fm_pwd=^PASS^:Login failed)
# Hydra v9.4 run at 2023-02-01 11:21:10 on soccer.htb http-post-form (hydra -l admin -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_tiny_form_hydra.txt -F -V http-post-form://soccer.htb/login.php:fm_usr=^USER^&fm_pwd=^PASS^:Login failed)

107
HTB/soccer/results/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,107 @@
WhatWeb report for http://10.10.11.194:80
Status : 301 Moved Permanently
Title : 301 Moved Permanently
IP : 10.10.11.194
Country : RESERVED, ZZ
Summary : HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], nginx[1.18.0], RedirectLocation[http://soccer.htb/]
Detected Plugins:
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : nginx/1.18.0 (Ubuntu) (from server string)
[ RedirectLocation ]
HTTP Server string location. used with http-status 301 and
302
String : http://soccer.htb/ (from location)
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.18.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 27 Jan 2023 09:42:21 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: http://soccer.htb/
WhatWeb report for http://soccer.htb/
Status : 200 OK
Title : Soccer - Index
IP : 10.10.11.194
Country : RESERVED, ZZ
Summary : Bootstrap[4.1.1], HTML5, HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], JQuery[3.2.1,3.6.0], nginx[1.18.0], Script, X-UA-Compatible[IE=edge]
Detected Plugins:
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Version : 4.1.1
Version : 4.1.1
Website : https://getbootstrap.com/
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : nginx/1.18.0 (Ubuntu) (from server string)
[ JQuery ]
A fast, concise, JavaScript that simplifies how to traverse
HTML documents, handle events, perform animations, and add
AJAX.
Version : 3.2.1,3.6.0
Website : http://jquery.com/
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ X-UA-Compatible ]
This plugin retrieves the X-UA-Compatible value from the
HTTP header and meta http-equiv tag. - More Info:
http://msdn.microsoft.com/en-us/library/cc817574.aspx
String : IE=edge
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.18.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 27 Jan 2023 09:42:23 GMT
Content-Type: text/html
Last-Modified: Thu, 17 Nov 2022 08:07:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"6375ebaf-1b05"
Content-Encoding: gzip

16
HTB/soccer/results/scans/tcp80/tcp_80_http_wpscan.txt Normal file
View File

@@ -0,0 +1,16 @@
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.22
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
Scan Aborted: The remote website is up, but does not seem to be running WordPress.

98
HTB/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,98 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Fri Jan 27 10:42:19 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.194 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.194" start="1674812539" startstr="Fri Jan 27 10:42:19 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674812539"/>
<taskend task="NSE" time="1674812539"/>
<taskbegin task="NSE" time="1674812539"/>
<taskend task="NSE" time="1674812539"/>
<taskbegin task="NSE" time="1674812539"/>
<taskend task="NSE" time="1674812539"/>
<taskbegin task="Connect Scan" time="1674812539"/>
<taskend task="Connect Scan" time="1674812539" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674812539"/>
<taskend task="Service scan" time="1674812545" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674812545"/>
<taskprogress task="NSE" time="1674812576" percent="99.67" remaining="1" etc="1674812576"/>
<taskprogress task="NSE" time="1674812606" percent="99.67" remaining="1" etc="1674812606"/>
<taskend task="NSE" time="1674812609"/>
<taskbegin task="NSE" time="1674812609"/>
<taskend task="NSE" time="1674812609"/>
<taskbegin task="NSE" time="1674812609"/>
<taskend task="NSE" time="1674812609"/>
<host starttime="1674812539" endtime="1674812609"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.194" addrtype="ipv4"/>
<hostnames>
<hostname name="soccer.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-referer-checker" output="&#xa;Spidering limited to: maxpagecount=30&#xa; https://cdn.jsdelivr.net:443/npm/bootstrap15.2.2/dist/js/bootstrap.bundle.min.js&#xa; http://maxcdn.bootstrapcdn.com:80/bootstrap/4.1.1/js/bootstrap.min.js&#xa; http://cdnjs.cloudflare.com:80/ajax/libs/jquery/3.2.1/jquery.min.js&#xa; https://ajax.googleapis.com:443/ajax/libs/jquery/3.6.0/jquery.min.js&#xa;"/><script id="http-chrono" output="Request times for /; avg: 167.91ms; min: 157.46ms; max: 176.69ms"/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-security-headers" output=""></script><script id="http-sitemap-generator" output="&#xa; Directory structure:&#xa; /&#xa; Other: 1; jpg: 4&#xa; Longest directory structure:&#xa; Depth: 0&#xa; Dir: /&#xa; Total files found (by extension):&#xa; Other: 1; jpg: 4&#xa;"/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-headers" output="&#xa; Server: nginx/1.18.0 (Ubuntu)&#xa; Date: Fri, 27 Jan 2023 09:42:28 GMT&#xa; Content-Type: text/html&#xa; Content-Length: 6917&#xa; Last-Modified: Thu, 17 Nov 2022 08:07:11 GMT&#xa; Connection: close&#xa; ETag: &quot;6375ebaf-1b05&quot;&#xa; Accept-Ranges: bytes&#xa; &#xa; (Request type: HEAD)&#xa;"/><script id="http-vuln-cve2011-3192" output="&#xa; VULNERABLE:&#xa; Apache byterange filter DoS&#xa; State: VULNERABLE&#xa; IDs: CVE:CVE-2011-3192 BID:49303&#xa; The Apache web server is vulnerable to a denial of service attack when numerous&#xa; overlapping byte ranges are requested.&#xa; Disclosure date: 2011-08-19&#xa; References:&#xa; https://seclists.org/fulldisclosure/2011/Aug/175&#xa; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192&#xa; https://www.securityfocus.com/bid/49303&#xa; https://www.tenable.com/plugins/nessus/55976&#xa;"><table key="CVE-2011-3192">
<elem key="title">Apache byterange filter DoS</elem>
<elem key="state">VULNERABLE</elem>
<table key="ids">
<elem>CVE:CVE-2011-3192</elem>
<elem>BID:49303</elem>
</table>
<table key="description">
<elem>The Apache web server is vulnerable to a denial of service attack when numerous&#xa;overlapping byte ranges are requested.</elem>
</table>
<table key="dates">
<table key="disclosure">
<elem key="year">2011</elem>
<elem key="day">19</elem>
<elem key="month">08</elem>
</table>
</table>
<elem key="disclosure">2011-08-19</elem>
<table key="refs">
<elem>https://seclists.org/fulldisclosure/2011/Aug/175</elem>
<elem>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192</elem>
<elem>https://www.securityfocus.com/bid/49303</elem>
<elem>https://www.tenable.com/plugins/nessus/55976</elem>
</table>
</table>
</script><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-comments-displayer" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=soccer.htb&#xa; &#xa; Path: http://soccer.htb:80/&#xa; Line number: 145&#xa; Comment: &#xa; &lt;!-&#45; /.container -&#45;&gt;&#xa; &#xa; Path: http://soccer.htb:80/&#xa; Line number: 142&#xa; Comment: &#xa; &lt;!-&#45; /.row -&#45;&gt;&#xa; &#xa; Path: http://soccer.htb:80/&#xa; Line number: 106&#xa; Comment: &#xa; &lt;!-&#45; Page Content -&#45;&gt;&#xa;"/><script id="http-vhosts" output="&#xa;128 names had status 301"/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-php-version" output="Logo query returned unknown hash ad6ef659069e5f1721a5932f71942408&#xa;Credits query returned unknown hash ad6ef659069e5f1721a5932f71942408"/><script id="http-title" output="Soccer - Index "><elem key="title">Soccer - Index </elem>
</script><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-exif-spider" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-date" output="Fri, 27 Jan 2023 09:42:28 GMT; 0s from local time."><elem key="date">2023-01-27T09:42:28+00:00</elem>
<elem key="delta">0.0</elem>
</script><script id="http-useragent-tester" output="&#xa; Status for browser useragent: 200&#xa; Allowed User Agents: &#xa; Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa; libwww&#xa; lwp-trivial&#xa; libcurl-agent/1.0&#xa; PHP/&#xa; Python-urllib/2.5&#xa; GT::WWW&#xa; Snoopy&#xa; MFC_Tear_Sample&#xa; HTTP::Lite&#xa; PHPCrawl&#xa; URI::Fetch&#xa; Zend_Http_Client&#xa; http client&#xa; PECL::HTTP&#xa; Wget/1.13.4 (linux-gnu)&#xa; WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
<table key="Allowed User Agents">
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
<elem>libwww</elem>
<elem>lwp-trivial</elem>
<elem>libcurl-agent/1.0</elem>
<elem>PHP/</elem>
<elem>Python-urllib/2.5</elem>
<elem>GT::WWW</elem>
<elem>Snoopy</elem>
<elem>MFC_Tear_Sample</elem>
<elem>HTTP::Lite</elem>
<elem>PHPCrawl</elem>
<elem>URI::Fetch</elem>
<elem>Zend_Http_Client</elem>
<elem>http client</elem>
<elem>PECL::HTTP</elem>
<elem>Wget/1.13.4 (linux-gnu)</elem>
<elem>WWW-Mechanize/1.34</elem>
</table>
</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
</script><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-malware-host" output="Host appears to be clean"/><script id="http-methods" output="&#xa; Supported Methods: GET HEAD"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
</table>
</script><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/></port>
</ports>
<times srtt="26447" rttvar="26447" to="132235"/>
</host>
<taskbegin task="NSE" time="1674812610"/>
<taskend task="NSE" time="1674812610"/>
<taskbegin task="NSE" time="1674812610"/>
<taskend task="NSE" time="1674812610"/>
<taskbegin task="NSE" time="1674812610"/>
<taskend task="NSE" time="1674812610"/>
<runstats><finished time="1674812610" timestr="Fri Jan 27 10:43:30 2023" summary="Nmap done at Fri Jan 27 10:43:30 2023; 1 IP address (1 host up) scanned in 70.83 seconds" elapsed="70.83" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>