simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
HTB/trick/results/report/local.txt Normal file
View File

16
HTB/trick/results/report/notes.txt Normal file
View File

@@ -0,0 +1,16 @@
[*] ssh found on tcp/22.
[*] smtp found on tcp/25.
[*] domain found on tcp/53.
[*] http found on tcp/80.

0
HTB/trick/results/report/proof.txt Normal file
View File

53
HTB/trick/results/report/report.md/10.129.227.180/Commands.md Normal file
View File

@@ -0,0 +1,53 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -p 25 --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp25/xml/tcp_25_smtp_nmap.xml" 10.129.227.180
hydra smtp-enum://10.129.227.180:25/vrfy -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" 2>&1
dnsrecon -n 10.129.227.180 -d trick.htb 2>&1
dig -p 53 -x 10.129.227.180 @10.129.227.180
dig AXFR -p 53 @10.129.227.180 trick.htb
nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.227.180
gobuster dns -d trick.htb -r 10.129.227.180 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/trick/results/scans/tcp53/tcp_53_trick.htb_subdomains_subdomains-top1million-110000.txt"
feroxbuster -u http://10.129.227.180:80/ -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
curl -sSikf http://10.129.227.180:80/.well-known/security.txt
curl -sSikf http://10.129.227.180:80/robots.txt
curl -sSik http://10.129.227.180:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.227.180
curl -sk -o /dev/null -H "Host: fVtpogeXVjPkPqtnprUj.trick.htb" http://trick.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://10.129.227.180:80 2>&1
wkhtmltoimage --format png http://10.129.227.180:80/ /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_screenshot.png
dig AXFR -p 53 @10.129.227.180
ffuf -u http://trick.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.trick.htb" -fs 5480 -noninteractive -s | tee "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_trick.htb_vhosts_subdomains-top1million-110000.txt"
hydra smtp-enum://10.129.227.180:25/expn -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" 2>&1
```

8
HTB/trick/results/report/report.md/10.129.227.180/Errors.md Normal file
View File

@@ -0,0 +1,8 @@
```
[*] Service scan DnsRecon Default Scan (tcp/53/domain/dnsrecon) ran a command which returned a non-zero exit code (1).
[-] Command: dnsrecon -n 10.129.227.180 -d trick.htb 2>&1
[-] Error Output:
```

51
HTB/trick/results/report/report.md/10.129.227.180/Manual Commands.md Normal file
View File

@@ -0,0 +1,51 @@
```bash
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.129.227.180
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.129.227.180
[*] smtp on tcp/25
[-] Try User Enumeration using "RCPT TO". Replace <TARGET-DOMAIN> with the target's domain name:
hydra smtp-enum://10.129.227.180:25/rcpt -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -o "/home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_user-enum_hydra_rcpt.txt" -p <TARGET-DOMAIN>
[*] domain on tcp/53
[-] Use dnsrecon to bruteforce subdomains of a DNS domain.
dnsrecon -n 10.129.227.180 -d trick.htb -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/htb/trick/results/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt
[-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name.
dnsrecon -n 10.129.227.180 -d <DOMAIN-NAME> 2>&1 | tee /home/simon/htb/trick/results/scans/tcp53/tcp_53_dnsrecon_default_manual.txt
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://10.129.227.180:80 -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.129.227.180/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.129.227.180 -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.129.227.180/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.129.227.180 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://10.129.227.180:80 2>&1 | tee "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://10.129.227.180:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_wpscan.txt"
```

8
HTB/trick/results/report/report.md/10.129.227.180/Patterns.md Normal file
View File

@@ -0,0 +1,8 @@
Identified HTTP Server: nginx/1.14.2
Nmap script found a potential vulnerability. (State: VULNERABLE)
CVE Identified: CVE-2011-3192
CVE Identified: CVE-2011-3192

39
HTB/trick/results/report/report.md/10.129.227.180/Port Scans/PortScan - All TCP Ports.md Normal file
View File

@@ -0,0 +1,39 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
```
[/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt](file:///home/simon/htb/trick/results/scans/_full_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Jan 21 18:30:21 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/trick/results/scans/_full_tcp_nmap.txt -oX /home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.071s latency).
Scanned at 2023-01-21 18:30:21 UTC for 602s
Not shown: 65531 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 61ff293b36bd9dacfbde1f56884cae2d (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR
| 256 9ecdf2406196ea21a6ce2602af759a78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=
| 256 7293f91158de34ad12b54b4a7364b970 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm
25/tcp open smtp? syn-ack
|_smtp-commands: Couldn't establish connection on port 25
53/tcp open domain syn-ack ISC BIND 9.11.5-P4-5.1+deb10u7 (Debian Linux)
| dns-nsid:
|_ bind.version: 9.11.5-P4-5.1+deb10u7-Debian
80/tcp open http syn-ack nginx 1.14.2
|_http-title: Coming Soon - Start Bootstrap Theme
|_http-favicon: Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.14.2
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:40:23 2023 -- 1 IP address (1 host up) scanned in 601.89 seconds
```

39
HTB/trick/results/report/report.md/10.129.227.180/Port Scans/PortScan - Top TCP Ports.md Normal file
View File

@@ -0,0 +1,39 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
```
[/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt](file:///home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Jan 21 18:30:21 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.024s latency).
Scanned at 2023-01-21 18:30:21 UTC for 597s
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 61ff293b36bd9dacfbde1f56884cae2d (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR
| 256 9ecdf2406196ea21a6ce2602af759a78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=
| 256 7293f91158de34ad12b54b4a7364b970 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm
25/tcp open smtp? syn-ack
|_smtp-commands: Couldn't establish connection on port 25
53/tcp open domain syn-ack ISC BIND 9.11.5-P4-5.1+deb10u7 (Debian Linux)
| dns-nsid:
|_ bind.version: 9.11.5-P4-5.1+deb10u7-Debian
80/tcp open http syn-ack nginx 1.14.2
|_http-favicon: Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA
|_http-title: Coming Soon - Start Bootstrap Theme
|_http-server-header: nginx/1.14.2
| http-methods:
|_ Supported Methods: GET HEAD
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:40:18 2023 -- 1 IP address (1 host up) scanned in 596.60 seconds
```

72
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-22-ssh/Nmap SSH.md Normal file
View File

@@ -0,0 +1,72 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.129.227.180
```
[/home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.021s latency).
Scanned at 2023-01-21 18:40:19 UTC for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 61ff293b36bd9dacfbde1f56884cae2d (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR
| 256 9ecdf2406196ea21a6ce2602af759a78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=
| 256 7293f91158de34ad12b54b4a7364b970 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| diffie-hellman-group14-sha1
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
|_banner: SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:40:21 2023 -- 1 IP address (1 host up) scanned in 2.84 seconds
```

21
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-25-smtp/Nmap SMTP.md Normal file
View File

@@ -0,0 +1,21 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 25 --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp25/xml/tcp_25_smtp_nmap.xml" 10.129.227.180
```
[/home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt](file:///home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv --reason -Pn -T4 -sV -p 25 "--script=banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp25/xml/tcp_25_smtp_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.035s latency).
Scanned at 2023-01-21 18:40:19 UTC for 328s
PORT STATE SERVICE REASON VERSION
25/tcp open smtp? syn-ack
|_smtp-commands: Couldn't establish connection on port 25
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:45:47 2023 -- 1 IP address (1 host up) scanned in 329.52 seconds
```

37
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-25-smtp/SMTP-User-Enum.md Normal file
View File

@@ -0,0 +1,37 @@
```bash
hydra smtp-enum://10.129.227.180:25/vrfy -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" 2>&1
```
[/home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_user-enum_hydra_vrfy.txt](file:///home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_user-enum_hydra_vrfy.txt):
```
Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-01-21 18:40:18
[DATA] max 16 tasks per 1 server, overall 16 tasks, 17 login tries (l:17/p:1), ~2 tries per task
[DATA] attacking smtp-enum://10.129.227.180:25/vrfy
[25][smtp-enum] host: 10.129.227.180 login: root
[25][smtp-enum] host: 10.129.227.180 login: mysql
1 of 1 target successfully completed, 2 valid passwords found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-01-21 18:40:39
```
```bash
hydra smtp-enum://10.129.227.180:25/expn -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" 2>&1
```
[/home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_user-enum_hydra_expn.txt](file:///home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_user-enum_hydra_expn.txt):
```
Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-01-21 18:40:39
[DATA] max 16 tasks per 1 server, overall 16 tasks, 17 login tries (l:17/p:1), ~2 tries per task
[DATA] attacking smtp-enum://10.129.227.180:25/expn
[ERROR] command is disabled on the server (choose different method): 502 5.5.2 Error: command not recognized
1 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-01-21 18:41:00
```

38
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-53-domain/DNS Reverse Lookup.md Normal file
View File

@@ -0,0 +1,38 @@
```bash
dig -p 53 -x 10.129.227.180 @10.129.227.180
```
[/home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_reverse-lookup.txt](file:///home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_reverse-lookup.txt):
```
; <<>> DiG 9.18.10-2-Debian <<>> -p 53 -x 10.129.227.180 @10.129.227.180
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2715
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 63e094b751cb83e696be7bd063cc3195d664dedba48aae71 (good)
;; QUESTION SECTION:
;180.227.129.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
180.227.129.10.in-addr.arpa. 604800 IN PTR trick.htb.
;; AUTHORITY SECTION:
227.129.10.in-addr.arpa. 604800 IN NS trick.htb.
;; ADDITIONAL SECTION:
trick.htb. 604800 IN A 127.0.0.1
trick.htb. 604800 IN AAAA ::1
;; Query time: 47 msec
;; SERVER: 10.129.227.180#53(10.129.227.180) (UDP)
;; WHEN: Sat Jan 21 18:40:18 UTC 2023
;; MSG SIZE rcvd: 165
```

43
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-53-domain/DNS Zone Transfer.md Normal file
View File

@@ -0,0 +1,43 @@
```bash
dig AXFR -p 53 @10.129.227.180 trick.htb
```
[/home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_zone-transfer-domain.txt](file:///home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_zone-transfer-domain.txt):
```
; <<>> DiG 9.18.10-2-Debian <<>> AXFR -p 53 @10.129.227.180 trick.htb
; (1 server found)
;; global options: +cmd
trick.htb. 604800 IN SOA trick.htb. root.trick.htb. 5 604800 86400 2419200 604800
trick.htb. 604800 IN NS trick.htb.
trick.htb. 604800 IN A 127.0.0.1
trick.htb. 604800 IN AAAA ::1
preprod-payroll.trick.htb. 604800 IN CNAME trick.htb.
trick.htb. 604800 IN SOA trick.htb. root.trick.htb. 5 604800 86400 2419200 604800
;; Query time: 47 msec
;; SERVER: 10.129.227.180#53(10.129.227.180) (TCP)
;; WHEN: Sat Jan 21 18:40:18 UTC 2023
;; XFR size: 6 records (messages 1, bytes 231)
```
```bash
dig AXFR -p 53 @10.129.227.180
```
[/home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_zone-transfer.txt](file:///home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_zone-transfer.txt):
```
; <<>> DiG 9.18.10-2-Debian <<>> AXFR -p 53 @10.129.227.180
; (1 server found)
;; global options: +cmd
;; Query time: 23 msec
;; SERVER: 10.129.227.180#53(10.129.227.180) (UDP)
;; WHEN: Sat Jan 21 18:40:18 UTC 2023
;; MSG SIZE rcvd: 56
```

12
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-53-domain/DnsRecon Default Scan.md Normal file
View File

@@ -0,0 +1,12 @@
```bash
dnsrecon -n 10.129.227.180 -d trick.htb 2>&1
```
[/home/simon/htb/trick/results/scans/tcp53/tcp_53_dnsrecon_default.txt](file:///home/simon/htb/trick/results/scans/tcp53/tcp_53_dnsrecon_default.txt):
```
[*] std: Performing General Enumeration against: trick.htb...
[-] Could not resolve domain: trick.htb
```

31
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-53-domain/Nmap DNS.md Normal file
View File

@@ -0,0 +1,31 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.227.180
```
[/home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt](file:///home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv --reason -Pn -T4 -sV -p 53 "--script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp53/xml/tcp_53_dns_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.021s latency).
Scanned at 2023-01-21 18:40:20 UTC for 455s
PORT STATE SERVICE REASON VERSION
53/tcp open domain syn-ack ISC BIND 9.11.5-P4-5.1+deb10u7 (Debian Linux)
| dns-nsid:
|_ bind.version: 9.11.5-P4-5.1+deb10u7-Debian
| dns-nsec-enum:
|_ No NSEC records found
| dns-nsec3-enum:
|_ DNSSEC NSEC3 not supported
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Host script results:
| dns-brute:
|_ DNS Brute-force hostnames: No results.
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:47:55 2023 -- 1 IP address (1 host up) scanned in 457.45 seconds
```

9
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-53-domain/Subdomain Enumeration.md Normal file
View File

@@ -0,0 +1,9 @@
```bash
gobuster dns -d trick.htb -r 10.129.227.180 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/trick/results/scans/tcp53/tcp_53_trick.htb_subdomains_subdomains-top1million-110000.txt"
```
[/home/simon/htb/trick/results/scans/tcp53/tcp_53_trick.htb_subdomains_subdomains-top1million-110000.txt](file:///home/simon/htb/trick/results/scans/tcp53/tcp_53_trick.htb_subdomains_subdomains-top1million-110000.txt):
```
```

3
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-80-http/Curl Robots.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
curl -sSikf http://10.129.227.180:80/robots.txt
```

102
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-80-http/Curl.md Normal file
View File

@@ -0,0 +1,102 @@
```bash
curl -sSik http://10.129.227.180:80/
```
[/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_curl.html](file:///home/simon/htb/trick/results/scans/tcp80/tcp_80_http_curl.html):
```
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sat, 21 Jan 2023 18:40:21 GMT
Content-Type: text/html
Content-Length: 5480
Last-Modified: Wed, 23 Mar 2022 16:34:04 GMT
Connection: keep-alive
ETag: "623b4bfc-1568"
Accept-Ranges: bytes
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>Coming Soon - Start Bootstrap Theme</title>
<link rel="icon" type="image/x-icon" href="assets/favicon.ico" />
<!-- Font Awesome icons (free version)-->
<script src="https://use.fontawesome.com/releases/v6.1.0/js/all.js" crossorigin="anonymous"></script>
<!-- Google fonts-->
<link rel="preconnect" href="https://fonts.gstatic.com" />
<link href="https://fonts.googleapis.com/css2?family=Tinos:ital,wght@0,400;0,700;1,400;1,700&amp;display=swap" rel="stylesheet" />
<link href="https://fonts.googleapis.com/css2?family=DM+Sans:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&amp;display=swap" rel="stylesheet" />
<!-- Core theme CSS (includes Bootstrap)-->
<link href="css/styles.css" rel="stylesheet" />
</head>
<body>
<!-- Background Video-->
<video class="bg-video" playsinline="playsinline" autoplay="autoplay" muted="muted" loop="loop"><source src="assets/mp4/bg.mp4" type="video/mp4" /></video>
<!-- Masthead-->
<div class="masthead">
<div class="masthead-content text-white">
<div class="container-fluid px-4 px-lg-0">
<h1 class="fst-italic lh-1 mb-4">Our Website is Coming Soon</h1>
<p class="mb-5">We're working hard to finish the development of this site. Sign up below to receive updates and to be notified when we launch!</p>
<!-- * * * * * * * * * * * * * * *-->
<!-- * * SB Forms Contact Form * *-->
<!-- * * * * * * * * * * * * * * *-->
<!-- This form is pre-integrated with SB Forms.-->
<!-- To make this form functional, sign up at-->
<!-- https://startbootstrap.com/solution/contact-forms-->
<!-- to get an API token!-->
<form id="contactForm" data-sb-form-api-token="API_TOKEN">
<!-- Email address input-->
<div class="row input-group-newsletter">
<div class="col"><input class="form-control" id="email" type="email" placeholder="Enter email address..." aria-label="Enter email address..." data-sb-validations="required,email" /></div>
<div class="col-auto"><button class="btn btn-primary disabled" id="submitButton" type="submit">Notify Me!</button></div>
</div>
<div class="invalid-feedback mt-2" data-sb-feedback="email:required">An email is required.</div>
<div class="invalid-feedback mt-2" data-sb-feedback="email:email">Email is not valid.</div>
<!-- Submit success message-->
<!---->
<!-- This is what your users will see when the form-->
<!-- has successfully submitted-->
<div class="d-none" id="submitSuccessMessage">
<div class="text-center mb-3 mt-2">
<div class="fw-bolder">Form submission successful!</div>
To activate this form, sign up at
<br />
<a href="https://startbootstrap.com/solution/contact-forms">https://startbootstrap.com/solution/contact-forms</a>
</div>
</div>
<!-- Submit error message-->
<!---->
<!-- This is what your users will see when there is-->
<!-- an error submitting the form-->
<div class="d-none" id="submitErrorMessage"><div class="text-center text-danger mb-3 mt-2">Error sending message!</div></div>
</form>
</div>
</div>
</div>
<!-- Social Icons-->
<!-- For more icon options, visit https://fontawesome.com/icons?d=gallery&p=2&s=brands-->
<div class="social-icons">
<div class="d-flex flex-row flex-lg-column justify-content-center align-items-center h-100 mt-3 mt-lg-0">
<a class="btn btn-dark m-3" href="#!"><i class="fab fa-twitter"></i></a>
<a class="btn btn-dark m-3" href="#!"><i class="fab fa-facebook-f"></i></a>
<a class="btn btn-dark m-3" href="#!"><i class="fab fa-instagram"></i></a>
</div>
</div>
<!-- Bootstrap core JS-->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<!-- Core theme JS-->
<script src="js/scripts.js"></script>
<!-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *-->
<!-- * * SB Forms JS * *-->
<!-- * * Activate your form at https://startbootstrap.com/solution/contact-forms * *-->
<!-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *-->
<script src="https://cdn.startbootstrap.com/sb-forms-latest.js"></script>
</body>
</html>
```

22
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-80-http/Directory Buster.md Normal file
View File

@@ -0,0 +1,22 @@
```bash
feroxbuster -u http://10.129.227.180:80/ -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
```
[/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt](file:///home/simon/htb/trick/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt):
```
200 GET 83l 475w 5480c http://10.129.227.180/index.html
200 GET 8l 29w 23462c http://10.129.227.180/assets/favicon.ico
200 GET 7l 36w 321c http://10.129.227.180/js/scripts.js
403 GET 7l 10w 169c http://10.129.227.180/css/
301 GET 7l 12w 185c http://10.129.227.180/assets/img => http://10.129.227.180/assets/img/
403 GET 7l 10w 169c http://10.129.227.180/assets/
200 GET 11431l 21730w 209654c http://10.129.227.180/css/styles.css
200 GET 83l 475w 5480c http://10.129.227.180/
301 GET 7l 12w 185c http://10.129.227.180/assets => http://10.129.227.180/assets/
403 GET 7l 10w 169c http://10.129.227.180/js/
301 GET 7l 12w 185c http://10.129.227.180/css => http://10.129.227.180/css/
301 GET 7l 12w 185c http://10.129.227.180/js => http://10.129.227.180/js/
301 GET 7l 12w 185c http://10.129.227.180/assets/mp4 => http://10.129.227.180/assets/mp4/
```

3
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-80-http/Known Security.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
curl -sSikf http://10.129.227.180:80/.well-known/security.txt
```

114
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-80-http/Nmap HTTP.md Normal file
View File

@@ -0,0 +1,114 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.227.180
```
[/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt](file:///home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.026s latency).
Scanned at 2023-01-21 18:40:20 UTC for 56s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack nginx 1.14.2
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| /assets/
| ico: 1
| /assets/mp4/
| mp4: 1
| /css/
| css: 1
| /js/
| js: 1
| Longest directory structure:
| Depth: 2
| Dir: /assets/mp4/
| Total files found (by extension):
|_ Other: 1; css: 1; ico: 1; js: 1; mp4: 1
|_http-errors: Couldn't find any error pages.
|_http-feed: Couldn't find any feeds.
| http-php-version: Logo query returned unknown hash e716b8bf5e0fdacb3997e7f14f599386
|_Credits query returned unknown hash e716b8bf5e0fdacb3997e7f14f599386
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
| http-vhosts:
|_128 names had status 200
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-headers:
| Server: nginx/1.14.2
| Date: Sat, 21 Jan 2023 18:40:30 GMT
| Content-Type: text/html
| Content-Length: 5480
| Last-Modified: Wed, 23 Mar 2022 16:34:04 GMT
| Connection: close
| ETag: "623b4bfc-1568"
| Accept-Ranges: bytes
|
|_ (Request type: HEAD)
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-favicon: Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-mobileversion-checker: No mobile version detected.
|_http-comments-displayer: Couldn't find any comments.
|_http-date: Sat, 21 Jan 2023 18:40:29 GMT; +2s from local time.
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
| http-vuln-cve2011-3192:
| VULNERABLE:
| Apache byterange filter DoS
| State: VULNERABLE
| IDs: CVE:CVE-2011-3192 BID:49303
| The Apache web server is vulnerable to a denial of service attack when numerous
| overlapping byte ranges are requested.
| Disclosure date: 2011-08-19
| References:
| https://www.tenable.com/plugins/nessus/55976
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
| https://www.securityfocus.com/bid/49303
|_ https://seclists.org/fulldisclosure/2011/Aug/175
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-chrono: Request times for /; avg: 222.14ms; min: 163.13ms; max: 317.35ms
|_http-server-header: nginx/1.14.2
| http-referer-checker:
| Spidering limited to: maxpagecount=30
| https://cdn.jsdelivr.net:443/npm/bootstrap15.1.3/dist/js/bootstrap.bundle.min.js
| https://cdn.startbootstrap.com:443/sb-forms-0.4.1.js
|_ https://use.fontawesome.com:443/releases/v6.1.0/js/all.js
|_http-malware-host: Host appears to be clean
| http-methods:
|_ Supported Methods: GET HEAD
|_http-title: Coming Soon - Start Bootstrap Theme
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:41:16 2023 -- 1 IP address (1 host up) scanned in 57.78 seconds
```

11
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-80-http/Virtual Host Enumeration.md Normal file
View File

@@ -0,0 +1,11 @@
```bash
curl -sk -o /dev/null -H "Host: fVtpogeXVjPkPqtnprUj.trick.htb" http://trick.htb:80/ -w "%{size_download}"
``````bash
ffuf -u http://trick.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.trick.htb" -fs 5480 -noninteractive -s | tee "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_trick.htb_vhosts_subdomains-top1million-110000.txt"
```
[/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_trick.htb_vhosts_subdomains-top1million-110000.txt](file:///home/simon/htb/trick/results/scans/tcp80/tcp_80_http_trick.htb_vhosts_subdomains-top1million-110000.txt):
```
```

59
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-80-http/whatweb.md Normal file
View File

@@ -0,0 +1,59 @@
```bash
whatweb --color=never --no-errors -a 3 -v http://10.129.227.180:80 2>&1
```
[/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/simon/htb/trick/results/scans/tcp80/tcp_80_http_whatweb.txt):
```
WhatWeb report for http://10.129.227.180:80
Status : 200 OK
Title : Coming Soon - Start Bootstrap Theme
IP : 10.129.227.180
Country : RESERVED, ZZ
Summary : Bootstrap, HTML5, HTTPServer[nginx/1.14.2], nginx[1.14.2], Script
Detected Plugins:
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Website : https://getbootstrap.com/
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
String : nginx/1.14.2 (from server string)
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.14.2
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sat, 21 Jan 2023 18:40:24 GMT
Content-Type: text/html
Last-Modified: Wed, 23 Mar 2022 16:34:04 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"623b4bfc-1568"
Content-Encoding: gzip
```

3
HTB/trick/results/report/report.md/10.129.227.180/Services/Service - tcp-80-http/wkhtmltoimage.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
wkhtmltoimage --format png http://10.129.227.180:80/ /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_screenshot.png
```

50
HTB/trick/results/scans/_commands.log Normal file
View File

@@ -0,0 +1,50 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -p 25 --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp25/xml/tcp_25_smtp_nmap.xml" 10.129.227.180
hydra smtp-enum://10.129.227.180:25/vrfy -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" 2>&1
dnsrecon -n 10.129.227.180 -d trick.htb 2>&1
dig -p 53 -x 10.129.227.180 @10.129.227.180
dig AXFR -p 53 @10.129.227.180 trick.htb
nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.227.180
gobuster dns -d trick.htb -r 10.129.227.180 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/trick/results/scans/tcp53/tcp_53_trick.htb_subdomains_subdomains-top1million-110000.txt"
feroxbuster -u http://10.129.227.180:80/ -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
curl -sSikf http://10.129.227.180:80/.well-known/security.txt
curl -sSikf http://10.129.227.180:80/robots.txt
curl -sSik http://10.129.227.180:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.227.180
curl -sk -o /dev/null -H "Host: fVtpogeXVjPkPqtnprUj.trick.htb" http://trick.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://10.129.227.180:80 2>&1
wkhtmltoimage --format png http://10.129.227.180:80/ /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_screenshot.png
dig AXFR -p 53 @10.129.227.180
ffuf -u http://trick.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.trick.htb" -fs 5480 -noninteractive -s | tee "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_trick.htb_vhosts_subdomains-top1million-110000.txt"
hydra smtp-enum://10.129.227.180:25/expn -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" 2>&1

5
HTB/trick/results/scans/_errors.log Normal file
View File

@@ -0,0 +1,5 @@
[*] Service scan DnsRecon Default Scan (tcp/53/domain/dnsrecon) ran a command which returned a non-zero exit code (1).
[-] Command: dnsrecon -n 10.129.227.180 -d trick.htb 2>&1
[-] Error Output:

30
HTB/trick/results/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,30 @@
# Nmap 7.93 scan initiated Sat Jan 21 18:30:21 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/trick/results/scans/_full_tcp_nmap.txt -oX /home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.071s latency).
Scanned at 2023-01-21 18:30:21 UTC for 602s
Not shown: 65531 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 61ff293b36bd9dacfbde1f56884cae2d (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR
| 256 9ecdf2406196ea21a6ce2602af759a78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=
| 256 7293f91158de34ad12b54b4a7364b970 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm
25/tcp open smtp? syn-ack
|_smtp-commands: Couldn't establish connection on port 25
53/tcp open domain syn-ack ISC BIND 9.11.5-P4-5.1+deb10u7 (Debian Linux)
| dns-nsid:
|_ bind.version: 9.11.5-P4-5.1+deb10u7-Debian
80/tcp open http syn-ack nginx 1.14.2
|_http-title: Coming Soon - Start Bootstrap Theme
|_http-favicon: Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.14.2
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:40:23 2023 -- 1 IP address (1 host up) scanned in 601.89 seconds

48
HTB/trick/results/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,48 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.129.227.180
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.129.227.180
[*] smtp on tcp/25
[-] Try User Enumeration using "RCPT TO". Replace <TARGET-DOMAIN> with the target's domain name:
hydra smtp-enum://10.129.227.180:25/rcpt -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -o "/home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_user-enum_hydra_rcpt.txt" -p <TARGET-DOMAIN>
[*] domain on tcp/53
[-] Use dnsrecon to bruteforce subdomains of a DNS domain.
dnsrecon -n 10.129.227.180 -d trick.htb -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/htb/trick/results/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt
[-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name.
dnsrecon -n 10.129.227.180 -d <DOMAIN-NAME> 2>&1 | tee /home/simon/htb/trick/results/scans/tcp53/tcp_53_dnsrecon_default_manual.txt
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://10.129.227.180:80 -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.129.227.180/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.129.227.180 -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.129.227.180/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.129.227.180 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://10.129.227.180:80 2>&1 | tee "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://10.129.227.180:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_wpscan.txt"

8
HTB/trick/results/scans/_patterns.log Normal file
View File

@@ -0,0 +1,8 @@
Identified HTTP Server: nginx/1.14.2
Nmap script found a potential vulnerability. (State: VULNERABLE)
CVE Identified: CVE-2011-3192
CVE Identified: CVE-2011-3192

30
HTB/trick/results/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,30 @@
# Nmap 7.93 scan initiated Sat Jan 21 18:30:21 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.024s latency).
Scanned at 2023-01-21 18:30:21 UTC for 597s
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 61ff293b36bd9dacfbde1f56884cae2d (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR
| 256 9ecdf2406196ea21a6ce2602af759a78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=
| 256 7293f91158de34ad12b54b4a7364b970 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm
25/tcp open smtp? syn-ack
|_smtp-commands: Couldn't establish connection on port 25
53/tcp open domain syn-ack ISC BIND 9.11.5-P4-5.1+deb10u7 (Debian Linux)
| dns-nsid:
|_ bind.version: 9.11.5-P4-5.1+deb10u7-Debian
80/tcp open http syn-ack nginx 1.14.2
|_http-favicon: Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA
|_http-title: Coming Soon - Start Bootstrap Theme
|_http-server-header: nginx/1.14.2
| http-methods:
|_ Supported Methods: GET HEAD
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:40:18 2023 -- 1 IP address (1 host up) scanned in 596.60 seconds

63
HTB/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,63 @@
# Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.021s latency).
Scanned at 2023-01-21 18:40:19 UTC for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 61ff293b36bd9dacfbde1f56884cae2d (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR
| 256 9ecdf2406196ea21a6ce2602af759a78 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=
| 256 7293f91158de34ad12b54b4a7364b970 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| diffie-hellman-group14-sha1
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
|_banner: SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:40:21 2023 -- 1 IP address (1 host up) scanned in 2.84 seconds

101
HTB/trick/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,101 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.227.180 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.227.180" start="1674326418" startstr="Sat Jan 21 18:40:18 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674326419"/>
<taskend task="NSE" time="1674326419"/>
<taskbegin task="NSE" time="1674326419"/>
<taskend task="NSE" time="1674326419"/>
<taskbegin task="Connect Scan" time="1674326419"/>
<taskend task="Connect Scan" time="1674326419" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674326420"/>
<taskend task="Service scan" time="1674326420" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674326420"/>
<taskend task="NSE" time="1674326421"/>
<taskbegin task="NSE" time="1674326421"/>
<taskend task="NSE" time="1674326421"/>
<host starttime="1674326419" endtime="1674326421"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.227.180" addrtype="ipv4"/>
<hostnames>
<hostname name="trick.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="7.9p1 Debian 10+deb10u2" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:7.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 2048 61ff293b36bd9dacfbde1f56884cae2d (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR&#xa; 256 9ecdf2406196ea21a6ce2602af759a78 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=&#xa; 256 7293f91158de34ad12b54b4a7364b970 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm"><table>
<elem key="type">ssh-rsa</elem>
<elem key="fingerprint">61ff293b36bd9dacfbde1f56884cae2d</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR</elem>
<elem key="bits">2048</elem>
</table>
<table>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="fingerprint">9ecdf2406196ea21a6ce2602af759a78</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="type">ssh-ed25519</elem>
<elem key="fingerprint">7293f91158de34ad12b54b4a7364b970</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm</elem>
<elem key="bits">256</elem>
</table>
</script><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (10)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; diffie-hellman-group14-sha1&#xa; server_host_key_algorithms: (5)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ssh-rsa&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
<elem>diffie-hellman-group14-sha1</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ssh-rsa</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script><script id="banner" output="SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"/></port>
</ports>
<times srtt="21234" rttvar="21234" to="106170"/>
</host>
<taskbegin task="NSE" time="1674326421"/>
<taskend task="NSE" time="1674326421"/>
<taskbegin task="NSE" time="1674326421"/>
<taskend task="NSE" time="1674326421"/>
<runstats><finished time="1674326421" timestr="Sat Jan 21 18:40:21 2023" summary="Nmap done at Sat Jan 21 18:40:21 2023; 1 IP address (1 host up) scanned in 2.84 seconds" elapsed="2.84" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

12
HTB/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt Normal file
View File

@@ -0,0 +1,12 @@
# Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv --reason -Pn -T4 -sV -p 25 "--script=banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp25/xml/tcp_25_smtp_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.035s latency).
Scanned at 2023-01-21 18:40:19 UTC for 328s
PORT STATE SERVICE REASON VERSION
25/tcp open smtp? syn-ack
|_smtp-commands: Couldn't establish connection on port 25
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:45:47 2023 -- 1 IP address (1 host up) scanned in 329.52 seconds

9
HTB/trick/results/scans/tcp25/tcp_25_smtp_user-enum_hydra_expn.txt Normal file
View File

@@ -0,0 +1,9 @@
Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-01-21 18:40:39
[DATA] max 16 tasks per 1 server, overall 16 tasks, 17 login tries (l:17/p:1), ~2 tries per task
[DATA] attacking smtp-enum://10.129.227.180:25/expn
[ERROR] command is disabled on the server (choose different method): 502 5.5.2 Error: command not recognized
1 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-01-21 18:41:00

10
HTB/trick/results/scans/tcp25/tcp_25_smtp_user-enum_hydra_vrfy.txt Normal file
View File

@@ -0,0 +1,10 @@
Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-01-21 18:40:18
[DATA] max 16 tasks per 1 server, overall 16 tasks, 17 login tries (l:17/p:1), ~2 tries per task
[DATA] attacking smtp-enum://10.129.227.180:25/vrfy
[25][smtp-enum] host: 10.129.227.180 login: root
[25][smtp-enum] host: 10.129.227.180 login: mysql
1 of 1 target successfully completed, 2 valid passwords found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-01-21 18:40:39

45
HTB/trick/results/scans/tcp25/xml/tcp_25_smtp_nmap.xml Normal file
View File

@@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 25 &quot;-&#45;script=banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp25/xml/tcp_25_smtp_nmap.xml 10.129.227.180 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 25 &quot;-&#45;script=banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp25/xml/tcp_25_smtp_nmap.xml 10.129.227.180" start="1674326418" startstr="Sat Jan 21 18:40:18 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="25"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674326419"/>
<taskend task="NSE" time="1674326419"/>
<taskbegin task="NSE" time="1674326419"/>
<taskend task="NSE" time="1674326419"/>
<taskbegin task="NSE" time="1674326419"/>
<taskend task="NSE" time="1674326419"/>
<taskbegin task="Connect Scan" time="1674326419"/>
<taskend task="Connect Scan" time="1674326419" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674326419"/>
<taskend task="Service scan" time="1674326583" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674326583"/>
<taskend task="NSE" time="1674326613"/>
<taskbegin task="NSE" time="1674326613"/>
<taskprogress task="NSE" time="1674326644" percent="37.50" remaining="52" etc="1674326696"/>
<taskprogress task="NSE" time="1674326674" percent="68.75" remaining="28" etc="1674326702"/>
<taskprogress task="NSE" time="1674326704" percent="87.50" remaining="14" etc="1674326717"/>
<taskend task="NSE" time="1674326719"/>
<taskbegin task="NSE" time="1674326719"/>
<taskend task="NSE" time="1674326747"/>
<host starttime="1674326419" endtime="1674326747"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.227.180" addrtype="ipv4"/>
<hostnames>
<hostname name="trick.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/><script id="smtp-commands" output="Couldn&apos;t establish connection on port 25"/></port>
</ports>
<times srtt="35473" rttvar="35473" to="177365"/>
</host>
<taskbegin task="NSE" time="1674326747"/>
<taskend task="NSE" time="1674326747"/>
<taskbegin task="NSE" time="1674326747"/>
<taskend task="NSE" time="1674326747"/>
<taskbegin task="NSE" time="1674326747"/>
<taskend task="NSE" time="1674326747"/>
<runstats><finished time="1674326747" timestr="Sat Jan 21 18:45:47 2023" summary="Nmap done at Sat Jan 21 18:45:47 2023; 1 IP address (1 host up) scanned in 329.52 seconds" elapsed="329.52" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

22
HTB/trick/results/scans/tcp53/tcp_53_dns_nmap.txt Normal file
View File

@@ -0,0 +1,22 @@
# Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv --reason -Pn -T4 -sV -p 53 "--script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp53/xml/tcp_53_dns_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.021s latency).
Scanned at 2023-01-21 18:40:20 UTC for 455s
PORT STATE SERVICE REASON VERSION
53/tcp open domain syn-ack ISC BIND 9.11.5-P4-5.1+deb10u7 (Debian Linux)
| dns-nsid:
|_ bind.version: 9.11.5-P4-5.1+deb10u7-Debian
| dns-nsec-enum:
|_ No NSEC records found
| dns-nsec3-enum:
|_ DNSSEC NSEC3 not supported
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Host script results:
| dns-brute:
|_ DNS Brute-force hostnames: No results.
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:47:55 2023 -- 1 IP address (1 host up) scanned in 457.45 seconds

29
HTB/trick/results/scans/tcp53/tcp_53_dns_reverse-lookup.txt Normal file
View File

@@ -0,0 +1,29 @@
; <<>> DiG 9.18.10-2-Debian <<>> -p 53 -x 10.129.227.180 @10.129.227.180
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2715
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 63e094b751cb83e696be7bd063cc3195d664dedba48aae71 (good)
;; QUESTION SECTION:
;180.227.129.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
180.227.129.10.in-addr.arpa. 604800 IN PTR trick.htb.
;; AUTHORITY SECTION:
227.129.10.in-addr.arpa. 604800 IN NS trick.htb.
;; ADDITIONAL SECTION:
trick.htb. 604800 IN A 127.0.0.1
trick.htb. 604800 IN AAAA ::1
;; Query time: 47 msec
;; SERVER: 10.129.227.180#53(10.129.227.180) (UDP)
;; WHEN: Sat Jan 21 18:40:18 UTC 2023
;; MSG SIZE rcvd: 165

15
HTB/trick/results/scans/tcp53/tcp_53_dns_zone-transfer-domain.txt Normal file
View File

@@ -0,0 +1,15 @@
; <<>> DiG 9.18.10-2-Debian <<>> AXFR -p 53 @10.129.227.180 trick.htb
; (1 server found)
;; global options: +cmd
trick.htb. 604800 IN SOA trick.htb. root.trick.htb. 5 604800 86400 2419200 604800
trick.htb. 604800 IN NS trick.htb.
trick.htb. 604800 IN A 127.0.0.1
trick.htb. 604800 IN AAAA ::1
preprod-payroll.trick.htb. 604800 IN CNAME trick.htb.
trick.htb. 604800 IN SOA trick.htb. root.trick.htb. 5 604800 86400 2419200 604800
;; Query time: 47 msec
;; SERVER: 10.129.227.180#53(10.129.227.180) (TCP)
;; WHEN: Sat Jan 21 18:40:18 UTC 2023
;; XFR size: 6 records (messages 1, bytes 231)

10
HTB/trick/results/scans/tcp53/tcp_53_dns_zone-transfer.txt Normal file
View File

@@ -0,0 +1,10 @@
; <<>> DiG 9.18.10-2-Debian <<>> AXFR -p 53 @10.129.227.180
; (1 server found)
;; global options: +cmd
;; Query time: 23 msec
;; SERVER: 10.129.227.180#53(10.129.227.180) (UDP)
;; WHEN: Sat Jan 21 18:40:18 UTC 2023
;; MSG SIZE rcvd: 56

3
HTB/trick/results/scans/tcp53/tcp_53_dnsrecon_default.txt Normal file
View File

@@ -0,0 +1,3 @@
[*] std: Performing General Enumeration against: trick.htb...
[-] Could not resolve domain: trick.htb

0
HTB/trick/results/scans/tcp53/tcp_53_trick.htb_subdomains_subdomains-top1million-110000.txt Normal file
View File

59
HTB/trick/results/scans/tcp53/xml/tcp_53_dns_nmap.xml Normal file
View File

@@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 53 &quot;-&#45;script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp53/xml/tcp_53_dns_nmap.xml 10.129.227.180 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 53 &quot;-&#45;script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp53/xml/tcp_53_dns_nmap.xml 10.129.227.180" start="1674326418" startstr="Sat Jan 21 18:40:18 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="53"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674326420"/>
<taskend task="NSE" time="1674326420"/>
<taskbegin task="NSE" time="1674326420"/>
<taskend task="NSE" time="1674326420"/>
<taskbegin task="NSE" time="1674326420"/>
<taskend task="NSE" time="1674326420"/>
<taskbegin task="Connect Scan" time="1674326420"/>
<taskend task="Connect Scan" time="1674326420" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674326420"/>
<taskend task="Service scan" time="1674326426" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674326426"/>
<taskprogress task="NSE" time="1674326457" percent="90.00" remaining="4" etc="1674326460"/>
<taskprogress task="NSE" time="1674326487" percent="90.00" remaining="7" etc="1674326494"/>
<taskprogress task="NSE" time="1674326517" percent="90.00" remaining="11" etc="1674326527"/>
<taskprogress task="NSE" time="1674326547" percent="90.00" remaining="14" etc="1674326560"/>
<taskprogress task="NSE" time="1674326577" percent="90.00" remaining="17" etc="1674326594"/>
<taskprogress task="NSE" time="1674326607" percent="90.00" remaining="21" etc="1674326627"/>
<taskprogress task="NSE" time="1674326637" percent="90.00" remaining="24" etc="1674326660"/>
<taskprogress task="NSE" time="1674326667" percent="90.00" remaining="27" etc="1674326694"/>
<taskprogress task="NSE" time="1674326697" percent="90.00" remaining="31" etc="1674326727"/>
<taskprogress task="NSE" time="1674326727" percent="90.00" remaining="34" etc="1674326760"/>
<taskprogress task="NSE" time="1674326757" percent="90.00" remaining="37" etc="1674326794"/>
<taskprogress task="NSE" time="1674326787" percent="91.67" remaining="33" etc="1674326820"/>
<taskprogress task="NSE" time="1674326817" percent="91.67" remaining="36" etc="1674326853"/>
<taskprogress task="NSE" time="1674326847" percent="91.67" remaining="39" etc="1674326885"/>
<taskend task="NSE" time="1674326875"/>
<taskbegin task="NSE" time="1674326875"/>
<taskend task="NSE" time="1674326875"/>
<taskbegin task="NSE" time="1674326875"/>
<taskend task="NSE" time="1674326875"/>
<host starttime="1674326420" endtime="1674326875"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.227.180" addrtype="ipv4"/>
<hostnames>
<hostname name="trick.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="domain" product="ISC BIND" version="9.11.5-P4-5.1+deb10u7" extrainfo="Debian Linux" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:isc:bind:9.11.5-p4-5.1%2Bdeb10u7</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="dns-nsid" output="&#xa; bind.version: 9.11.5-P4-5.1+deb10u7-Debian"><elem key="bind.version">9.11.5-P4-5.1+deb10u7-Debian</elem>
</script><script id="dns-nsec-enum" output="&#xa; No NSEC records found&#xa;"/><script id="dns-nsec3-enum" output="&#xa; DNSSEC NSEC3 not supported&#xa;"/></port>
</ports>
<hostscript><script id="dns-brute" output="&#xa; DNS Brute-force hostnames: No results."><table key="DNS Brute-force hostnames">
</table>
</script></hostscript><times srtt="21268" rttvar="21268" to="106340"/>
</host>
<taskbegin task="NSE" time="1674326875"/>
<taskend task="NSE" time="1674326875"/>
<taskbegin task="NSE" time="1674326875"/>
<taskend task="NSE" time="1674326875"/>
<taskbegin task="NSE" time="1674326875"/>
<taskend task="NSE" time="1674326875"/>
<runstats><finished time="1674326875" timestr="Sat Jan 21 18:47:55 2023" summary="Nmap done at Sat Jan 21 18:47:55 2023; 1 IP address (1 host up) scanned in 457.45 seconds" elapsed="457.45" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

93
HTB/trick/results/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,93 @@
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sat, 21 Jan 2023 18:40:21 GMT
Content-Type: text/html
Content-Length: 5480
Last-Modified: Wed, 23 Mar 2022 16:34:04 GMT
Connection: keep-alive
ETag: "623b4bfc-1568"
Accept-Ranges: bytes
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>Coming Soon - Start Bootstrap Theme</title>
<link rel="icon" type="image/x-icon" href="assets/favicon.ico" />
<!-- Font Awesome icons (free version)-->
<script src="https://use.fontawesome.com/releases/v6.1.0/js/all.js" crossorigin="anonymous"></script>
<!-- Google fonts-->
<link rel="preconnect" href="https://fonts.gstatic.com" />
<link href="https://fonts.googleapis.com/css2?family=Tinos:ital,wght@0,400;0,700;1,400;1,700&amp;display=swap" rel="stylesheet" />
<link href="https://fonts.googleapis.com/css2?family=DM+Sans:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&amp;display=swap" rel="stylesheet" />
<!-- Core theme CSS (includes Bootstrap)-->
<link href="css/styles.css" rel="stylesheet" />
</head>
<body>
<!-- Background Video-->
<video class="bg-video" playsinline="playsinline" autoplay="autoplay" muted="muted" loop="loop"><source src="assets/mp4/bg.mp4" type="video/mp4" /></video>
<!-- Masthead-->
<div class="masthead">
<div class="masthead-content text-white">
<div class="container-fluid px-4 px-lg-0">
<h1 class="fst-italic lh-1 mb-4">Our Website is Coming Soon</h1>
<p class="mb-5">We're working hard to finish the development of this site. Sign up below to receive updates and to be notified when we launch!</p>
<!-- * * * * * * * * * * * * * * *-->
<!-- * * SB Forms Contact Form * *-->
<!-- * * * * * * * * * * * * * * *-->
<!-- This form is pre-integrated with SB Forms.-->
<!-- To make this form functional, sign up at-->
<!-- https://startbootstrap.com/solution/contact-forms-->
<!-- to get an API token!-->
<form id="contactForm" data-sb-form-api-token="API_TOKEN">
<!-- Email address input-->
<div class="row input-group-newsletter">
<div class="col"><input class="form-control" id="email" type="email" placeholder="Enter email address..." aria-label="Enter email address..." data-sb-validations="required,email" /></div>
<div class="col-auto"><button class="btn btn-primary disabled" id="submitButton" type="submit">Notify Me!</button></div>
</div>
<div class="invalid-feedback mt-2" data-sb-feedback="email:required">An email is required.</div>
<div class="invalid-feedback mt-2" data-sb-feedback="email:email">Email is not valid.</div>
<!-- Submit success message-->
<!---->
<!-- This is what your users will see when the form-->
<!-- has successfully submitted-->
<div class="d-none" id="submitSuccessMessage">
<div class="text-center mb-3 mt-2">
<div class="fw-bolder">Form submission successful!</div>
To activate this form, sign up at
<br />
<a href="https://startbootstrap.com/solution/contact-forms">https://startbootstrap.com/solution/contact-forms</a>
</div>
</div>
<!-- Submit error message-->
<!---->
<!-- This is what your users will see when there is-->
<!-- an error submitting the form-->
<div class="d-none" id="submitErrorMessage"><div class="text-center text-danger mb-3 mt-2">Error sending message!</div></div>
</form>
</div>
</div>
</div>
<!-- Social Icons-->
<!-- For more icon options, visit https://fontawesome.com/icons?d=gallery&p=2&s=brands-->
<div class="social-icons">
<div class="d-flex flex-row flex-lg-column justify-content-center align-items-center h-100 mt-3 mt-lg-0">
<a class="btn btn-dark m-3" href="#!"><i class="fab fa-twitter"></i></a>
<a class="btn btn-dark m-3" href="#!"><i class="fab fa-facebook-f"></i></a>
<a class="btn btn-dark m-3" href="#!"><i class="fab fa-instagram"></i></a>
</div>
</div>
<!-- Bootstrap core JS-->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<!-- Core theme JS-->
<script src="js/scripts.js"></script>
<!-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *-->
<!-- * * SB Forms JS * *-->
<!-- * * Activate your form at https://startbootstrap.com/solution/contact-forms * *-->
<!-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *-->
<script src="https://cdn.startbootstrap.com/sb-forms-latest.js"></script>
</body>
</html>

13
HTB/trick/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt Normal file
View File

@@ -0,0 +1,13 @@
200 GET 83l 475w 5480c http://10.129.227.180/index.html
200 GET 8l 29w 23462c http://10.129.227.180/assets/favicon.ico
200 GET 7l 36w 321c http://10.129.227.180/js/scripts.js
403 GET 7l 10w 169c http://10.129.227.180/css/
301 GET 7l 12w 185c http://10.129.227.180/assets/img => http://10.129.227.180/assets/img/
403 GET 7l 10w 169c http://10.129.227.180/assets/
200 GET 11431l 21730w 209654c http://10.129.227.180/css/styles.css
200 GET 83l 475w 5480c http://10.129.227.180/
301 GET 7l 12w 185c http://10.129.227.180/assets => http://10.129.227.180/assets/
403 GET 7l 10w 169c http://10.129.227.180/js/
301 GET 7l 12w 185c http://10.129.227.180/css => http://10.129.227.180/css/
301 GET 7l 12w 185c http://10.129.227.180/js => http://10.129.227.180/js/
301 GET 7l 12w 185c http://10.129.227.180/assets/mp4 => http://10.129.227.180/assets/mp4/

105
HTB/trick/results/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,105 @@
# Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.227.180
Nmap scan report for trick.htb (10.129.227.180)
Host is up, received user-set (0.026s latency).
Scanned at 2023-01-21 18:40:20 UTC for 56s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack nginx 1.14.2
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| /assets/
| ico: 1
| /assets/mp4/
| mp4: 1
| /css/
| css: 1
| /js/
| js: 1
| Longest directory structure:
| Depth: 2
| Dir: /assets/mp4/
| Total files found (by extension):
|_ Other: 1; css: 1; ico: 1; js: 1; mp4: 1
|_http-errors: Couldn't find any error pages.
|_http-feed: Couldn't find any feeds.
| http-php-version: Logo query returned unknown hash e716b8bf5e0fdacb3997e7f14f599386
|_Credits query returned unknown hash e716b8bf5e0fdacb3997e7f14f599386
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
| http-vhosts:
|_128 names had status 200
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-headers:
| Server: nginx/1.14.2
| Date: Sat, 21 Jan 2023 18:40:30 GMT
| Content-Type: text/html
| Content-Length: 5480
| Last-Modified: Wed, 23 Mar 2022 16:34:04 GMT
| Connection: close
| ETag: "623b4bfc-1568"
| Accept-Ranges: bytes
|
|_ (Request type: HEAD)
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-favicon: Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-mobileversion-checker: No mobile version detected.
|_http-comments-displayer: Couldn't find any comments.
|_http-date: Sat, 21 Jan 2023 18:40:29 GMT; +2s from local time.
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
| http-vuln-cve2011-3192:
| VULNERABLE:
| Apache byterange filter DoS
| State: VULNERABLE
| IDs: CVE:CVE-2011-3192 BID:49303
| The Apache web server is vulnerable to a denial of service attack when numerous
| overlapping byte ranges are requested.
| Disclosure date: 2011-08-19
| References:
| https://www.tenable.com/plugins/nessus/55976
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
| https://www.securityfocus.com/bid/49303
|_ https://seclists.org/fulldisclosure/2011/Aug/175
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-chrono: Request times for /; avg: 222.14ms; min: 163.13ms; max: 317.35ms
|_http-server-header: nginx/1.14.2
| http-referer-checker:
| Spidering limited to: maxpagecount=30
| https://cdn.jsdelivr.net:443/npm/bootstrap15.1.3/dist/js/bootstrap.bundle.min.js
| https://cdn.startbootstrap.com:443/sb-forms-0.4.1.js
|_ https://use.fontawesome.com:443/releases/v6.1.0/js/all.js
|_http-malware-host: Host appears to be clean
| http-methods:
|_ Supported Methods: GET HEAD
|_http-title: Coming Soon - Start Bootstrap Theme
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 21 18:41:16 2023 -- 1 IP address (1 host up) scanned in 57.78 seconds

BIN
HTB/trick/results/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

0
HTB/trick/results/scans/tcp80/tcp_80_http_trick.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

50
HTB/trick/results/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,50 @@
WhatWeb report for http://10.129.227.180:80
Status : 200 OK
Title : Coming Soon - Start Bootstrap Theme
IP : 10.129.227.180
Country : RESERVED, ZZ
Summary : Bootstrap, HTML5, HTTPServer[nginx/1.14.2], nginx[1.14.2], Script
Detected Plugins:
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Website : https://getbootstrap.com/
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
String : nginx/1.14.2 (from server string)
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.14.2
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sat, 21 Jan 2023 18:40:24 GMT
Content-Type: text/html
Last-Modified: Wed, 23 Mar 2022 16:34:04 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"623b4bfc-1568"
Content-Encoding: gzip

97
HTB/trick/results/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,97 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sat Jan 21 18:40:18 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.227.180 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/trick/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.227.180" start="1674326418" startstr="Sat Jan 21 18:40:18 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674326420"/>
<taskend task="NSE" time="1674326420"/>
<taskbegin task="NSE" time="1674326420"/>
<taskend task="NSE" time="1674326420"/>
<taskbegin task="NSE" time="1674326420"/>
<taskend task="NSE" time="1674326420"/>
<taskbegin task="Connect Scan" time="1674326420"/>
<taskend task="Connect Scan" time="1674326420" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674326420"/>
<taskend task="Service scan" time="1674326426" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674326426"/>
<taskprogress task="NSE" time="1674326457" percent="99.67" remaining="1" etc="1674326457"/>
<taskend task="NSE" time="1674326476"/>
<taskbegin task="NSE" time="1674326476"/>
<taskend task="NSE" time="1674326476"/>
<taskbegin task="NSE" time="1674326476"/>
<taskend task="NSE" time="1674326476"/>
<host starttime="1674326420" endtime="1674326476"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.227.180" addrtype="ipv4"/>
<hostnames>
<hostname name="trick.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.14.2" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.14.2</cpe></service><script id="http-sitemap-generator" output="&#xa; Directory structure:&#xa; /&#xa; Other: 1&#xa; /assets/&#xa; ico: 1&#xa; /assets/mp4/&#xa; mp4: 1&#xa; /css/&#xa; css: 1&#xa; /js/&#xa; js: 1&#xa; Longest directory structure:&#xa; Depth: 2&#xa; Dir: /assets/mp4/&#xa; Total files found (by extension):&#xa; Other: 1; css: 1; ico: 1; js: 1; mp4: 1&#xa;"/><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-php-version" output="Logo query returned unknown hash e716b8bf5e0fdacb3997e7f14f599386&#xa;Credits query returned unknown hash e716b8bf5e0fdacb3997e7f14f599386"/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-vhosts" output="&#xa;128 names had status 200"/><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-headers" output="&#xa; Server: nginx/1.14.2&#xa; Date: Sat, 21 Jan 2023 18:40:30 GMT&#xa; Content-Type: text/html&#xa; Content-Length: 5480&#xa; Last-Modified: Wed, 23 Mar 2022 16:34:04 GMT&#xa; Connection: close&#xa; ETag: &quot;623b4bfc-1568&quot;&#xa; Accept-Ranges: bytes&#xa; &#xa; (Request type: HEAD)&#xa;"/><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-favicon" output="Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA"/><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-comments-displayer" output="Couldn&apos;t find any comments."/><script id="http-date" output="Sat, 21 Jan 2023 18:40:29 GMT; +2s from local time."><elem key="date">2023-01-21T18:40:29+00:00</elem>
<elem key="delta">2.0</elem>
</script><script id="http-useragent-tester" output="&#xa; Status for browser useragent: 200&#xa; Allowed User Agents: &#xa; Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa; libwww&#xa; lwp-trivial&#xa; libcurl-agent/1.0&#xa; PHP/&#xa; Python-urllib/2.5&#xa; GT::WWW&#xa; Snoopy&#xa; MFC_Tear_Sample&#xa; HTTP::Lite&#xa; PHPCrawl&#xa; URI::Fetch&#xa; Zend_Http_Client&#xa; http client&#xa; PECL::HTTP&#xa; Wget/1.13.4 (linux-gnu)&#xa; WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
<table key="Allowed User Agents">
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
<elem>libwww</elem>
<elem>lwp-trivial</elem>
<elem>libcurl-agent/1.0</elem>
<elem>PHP/</elem>
<elem>Python-urllib/2.5</elem>
<elem>GT::WWW</elem>
<elem>Snoopy</elem>
<elem>MFC_Tear_Sample</elem>
<elem>HTTP::Lite</elem>
<elem>PHPCrawl</elem>
<elem>URI::Fetch</elem>
<elem>Zend_Http_Client</elem>
<elem>http client</elem>
<elem>PECL::HTTP</elem>
<elem>Wget/1.13.4 (linux-gnu)</elem>
<elem>WWW-Mechanize/1.34</elem>
</table>
</script><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-vuln-cve2011-3192" output="&#xa; VULNERABLE:&#xa; Apache byterange filter DoS&#xa; State: VULNERABLE&#xa; IDs: CVE:CVE-2011-3192 BID:49303&#xa; The Apache web server is vulnerable to a denial of service attack when numerous&#xa; overlapping byte ranges are requested.&#xa; Disclosure date: 2011-08-19&#xa; References:&#xa; https://www.tenable.com/plugins/nessus/55976&#xa; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192&#xa; https://www.securityfocus.com/bid/49303&#xa; https://seclists.org/fulldisclosure/2011/Aug/175&#xa;"><table key="CVE-2011-3192">
<elem key="title">Apache byterange filter DoS</elem>
<elem key="state">VULNERABLE</elem>
<table key="ids">
<elem>CVE:CVE-2011-3192</elem>
<elem>BID:49303</elem>
</table>
<table key="description">
<elem>The Apache web server is vulnerable to a denial of service attack when numerous&#xa;overlapping byte ranges are requested.</elem>
</table>
<table key="dates">
<table key="disclosure">
<elem key="month">08</elem>
<elem key="year">2011</elem>
<elem key="day">19</elem>
</table>
</table>
<elem key="disclosure">2011-08-19</elem>
<table key="refs">
<elem>https://www.tenable.com/plugins/nessus/55976</elem>
<elem>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192</elem>
<elem>https://www.securityfocus.com/bid/49303</elem>
<elem>https://seclists.org/fulldisclosure/2011/Aug/175</elem>
</table>
</table>
</script><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-chrono" output="Request times for /; avg: 222.14ms; min: 163.13ms; max: 317.35ms"/><script id="http-server-header" output="nginx/1.14.2"><elem>nginx/1.14.2</elem>
</script><script id="http-referer-checker" output="&#xa;Spidering limited to: maxpagecount=30&#xa; https://cdn.jsdelivr.net:443/npm/bootstrap15.1.3/dist/js/bootstrap.bundle.min.js&#xa; https://cdn.startbootstrap.com:443/sb-forms-0.4.1.js&#xa; https://use.fontawesome.com:443/releases/v6.1.0/js/all.js&#xa;"/><script id="http-malware-host" output="Host appears to be clean"/><script id="http-security-headers" output=""></script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
</table>
</script><script id="http-title" output="Coming Soon - Start Bootstrap Theme"><elem key="title">Coming Soon - Start Bootstrap Theme</elem>
</script></port>
</ports>
<times srtt="25820" rttvar="25820" to="129100"/>
</host>
<taskbegin task="NSE" time="1674326476"/>
<taskend task="NSE" time="1674326476"/>
<taskbegin task="NSE" time="1674326476"/>
<taskend task="NSE" time="1674326476"/>
<taskbegin task="NSE" time="1674326476"/>
<taskend task="NSE" time="1674326476"/>
<runstats><finished time="1674326476" timestr="Sat Jan 21 18:41:16 2023" summary="Nmap done at Sat Jan 21 18:41:16 2023; 1 IP address (1 host up) scanned in 57.78 seconds" elapsed="57.78" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

75
HTB/trick/results/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sat Jan 21 18:30:21 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/trick/results/scans/_full_tcp_nmap.txt -oX /home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml 10.129.227.180 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/trick/results/scans/_full_tcp_nmap.txt -oX /home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml 10.129.227.180" start="1674325821" startstr="Sat Jan 21 18:30:21 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674325821"/>
<taskend task="NSE" time="1674325821"/>
<taskbegin task="NSE" time="1674325821"/>
<taskend task="NSE" time="1674325821"/>
<taskbegin task="NSE" time="1674325821"/>
<taskend task="NSE" time="1674325821"/>
<taskbegin task="Connect Scan" time="1674325821"/>
<taskend task="Connect Scan" time="1674325827" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1674325827"/>
<taskend task="Service scan" time="1674326345" extrainfo="4 services on 1 host"/>
<taskbegin task="NSE" time="1674326345"/>
<taskprogress task="NSE" time="1674326376" percent="99.82" remaining="1" etc="1674326376"/>
<taskend task="NSE" time="1674326376"/>
<taskbegin task="NSE" time="1674326376"/>
<taskprogress task="NSE" time="1674326407" percent="96.88" remaining="2" etc="1674326408"/>
<taskend task="NSE" time="1674326423"/>
<taskbegin task="NSE" time="1674326423"/>
<taskend task="NSE" time="1674326423"/>
<host starttime="1674325821" endtime="1674326423"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.227.180" addrtype="ipv4"/>
<hostnames>
<hostname name="trick.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65531">
<extrareasons reason="conn-refused" count="65531" proto="tcp" ports="1-21,23-24,26-52,54-79,81-65535"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="7.9p1 Debian 10+deb10u2" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:7.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 2048 61ff293b36bd9dacfbde1f56884cae2d (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR&#xa; 256 9ecdf2406196ea21a6ce2602af759a78 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=&#xa; 256 7293f91158de34ad12b54b4a7364b970 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm"><table>
<elem key="bits">2048</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR</elem>
<elem key="type">ssh-rsa</elem>
<elem key="fingerprint">61ff293b36bd9dacfbde1f56884cae2d</elem>
</table>
<table>
<elem key="bits">256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="fingerprint">9ecdf2406196ea21a6ce2602af759a78</elem>
</table>
<table>
<elem key="bits">256</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="fingerprint">7293f91158de34ad12b54b4a7364b970</elem>
</table>
</script></port>
<port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/><script id="smtp-commands" output="Couldn&apos;t establish connection on port 25"/></port>
<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="domain" product="ISC BIND" version="9.11.5-P4-5.1+deb10u7" extrainfo="Debian Linux" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:isc:bind:9.11.5-p4-5.1%2Bdeb10u7</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="dns-nsid" output="&#xa; bind.version: 9.11.5-P4-5.1+deb10u7-Debian"><elem key="bind.version">9.11.5-P4-5.1+deb10u7-Debian</elem>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.14.2" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.14.2</cpe></service><script id="http-title" output="Coming Soon - Start Bootstrap Theme"><elem key="title">Coming Soon - Start Bootstrap Theme</elem>
</script><script id="http-favicon" output="Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA"/><script id="http-methods" output="&#xa; Supported Methods: GET HEAD"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
</table>
</script><script id="http-server-header" output="nginx/1.14.2"><elem>nginx/1.14.2</elem>
</script></port>
</ports>
<times srtt="70950" rttvar="24190" to="167710"/>
</host>
<taskbegin task="NSE" time="1674326423"/>
<taskend task="NSE" time="1674326423"/>
<taskbegin task="NSE" time="1674326423"/>
<taskend task="NSE" time="1674326423"/>
<taskbegin task="NSE" time="1674326423"/>
<taskend task="NSE" time="1674326423"/>
<runstats><finished time="1674326423" timestr="Sat Jan 21 18:40:23 2023" summary="Nmap done at Sat Jan 21 18:40:23 2023; 1 IP address (1 host up) scanned in 601.89 seconds" elapsed="601.89" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

74
HTB/trick/results/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,74 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sat Jan 21 18:30:21 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml 10.129.227.180 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml 10.129.227.180" start="1674325821" startstr="Sat Jan 21 18:30:21 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674325821"/>
<taskend task="NSE" time="1674325821"/>
<taskbegin task="NSE" time="1674325821"/>
<taskend task="NSE" time="1674325821"/>
<taskbegin task="NSE" time="1674325821"/>
<taskend task="NSE" time="1674325821"/>
<taskbegin task="Connect Scan" time="1674325821"/>
<taskend task="Connect Scan" time="1674325822" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1674325822"/>
<taskend task="Service scan" time="1674326340" extrainfo="4 services on 1 host"/>
<taskbegin task="NSE" time="1674326340"/>
<taskend task="NSE" time="1674326370"/>
<taskbegin task="NSE" time="1674326370"/>
<taskprogress task="NSE" time="1674326401" percent="96.88" remaining="2" etc="1674326402"/>
<taskend task="NSE" time="1674326418"/>
<taskbegin task="NSE" time="1674326418"/>
<taskend task="NSE" time="1674326418"/>
<host starttime="1674325821" endtime="1674326418"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.227.180" addrtype="ipv4"/>
<hostnames>
<hostname name="trick.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="996">
<extrareasons reason="conn-refused" count="996" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-24,26,30,32-33,37,42-43,49,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="7.9p1 Debian 10+deb10u2" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:7.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 2048 61ff293b36bd9dacfbde1f56884cae2d (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR&#xa; 256 9ecdf2406196ea21a6ce2602af759a78 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=&#xa; 256 7293f91158de34ad12b54b4a7364b970 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm"><table>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Rh57OmAndXFukHce0Tr4BL8CWC8yACwWdu8VZcBPGuMUH8VkvzqseeC8MYxt5SPL1aJmAsZSgOUreAJNlYNBBKjMoFwyDdArWhqDThlgBf6aqwqMRo3XWIcbQOBkrisgqcPnRKlwh+vqArsj5OAZaUq8zs7Q3elE6HrDnj779JHCc5eba+DR+Cqk1u4JxfC6mGsaNMAXoaRKsAYlwf4Yjhonl6A6MkWszz7t9q5r2bImuYAC0cvgiHJdgLcr0WJh+lV8YIkPyya1vJFp1gN4Pg7I6CmMaiWSMgSem5aVlKmrLMX10MWhewnyuH2ekMFXUKJ8wv4DgifiAIvd6AGR</elem>
<elem key="type">ssh-rsa</elem>
<elem key="bits">2048</elem>
<elem key="fingerprint">61ff293b36bd9dacfbde1f56884cae2d</elem>
</table>
<table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAoXvyMKuWhQvWx52EFXK9ytX/pGmjZptG8Kb+DOgKcGeBgGPKX3ZpryuGR44av0WnKP0gnRLWk7UCbqY3mxXU0=</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">9ecdf2406196ea21a6ce2602af759a78</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIGY1WZWn9xuvXhfxFFm82J9eRGNYJ9NnfzECUm0faUXm</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">7293f91158de34ad12b54b4a7364b970</elem>
</table>
</script></port>
<port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/><script id="smtp-commands" output="Couldn&apos;t establish connection on port 25"/></port>
<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="domain" product="ISC BIND" version="9.11.5-P4-5.1+deb10u7" extrainfo="Debian Linux" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:isc:bind:9.11.5-p4-5.1%2Bdeb10u7</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="dns-nsid" output="&#xa; bind.version: 9.11.5-P4-5.1+deb10u7-Debian"><elem key="bind.version">9.11.5-P4-5.1+deb10u7-Debian</elem>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.14.2" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.14.2</cpe></service><script id="http-favicon" output="Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA"/><script id="http-title" output="Coming Soon - Start Bootstrap Theme"><elem key="title">Coming Soon - Start Bootstrap Theme</elem>
</script><script id="http-server-header" output="nginx/1.14.2"><elem>nginx/1.14.2</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
</table>
</script></port>
</ports>
<times srtt="23518" rttvar="5504" to="100000"/>
</host>
<taskbegin task="NSE" time="1674326418"/>
<taskend task="NSE" time="1674326418"/>
<taskbegin task="NSE" time="1674326418"/>
<taskend task="NSE" time="1674326418"/>
<taskbegin task="NSE" time="1674326418"/>
<taskend task="NSE" time="1674326418"/>
<runstats><finished time="1674326418" timestr="Sat Jan 21 18:40:18 2023" summary="Nmap done at Sat Jan 21 18:40:18 2023; 1 IP address (1 host up) scanned in 596.60 seconds" elapsed="596.60" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>