htb updates and ductf update

DownUnderCTF 2023/.idea/.gitignore

@@ -0,0 +1,3 @@
+# Default ignored files
+/shelf/
+/workspace.xml

DownUnderCTF 2023/.idea/DownUnderCTF 2023.iml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="PYTHON_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

DownUnderCTF 2023/.idea/inspectionProfiles/profiles_settings.xml

@@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <settings>
+    <option name="USE_PROJECT_PROFILE" value="false" />
+    <version value="1.0" />
+  </settings>
+</component>

DownUnderCTF 2023/.idea/misc.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.11" project-jdk-type="Python SDK" />
+</project>

DownUnderCTF 2023/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/DownUnderCTF 2023.iml" filepath="$PROJECT_DIR$/.idea/DownUnderCTF 2023.iml" />
+    </modules>
+  </component>
+</project>

DownUnderCTF 2023/.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+  </component>
+</project>

DownUnderCTF 2023/beginner/Welcome to DUCTF!/README.md

@@ -0,0 +1,13 @@
+Aufgabe:
+
+```
+To compile our code down here, we have to write it in the traditional Australian Syntax: ( Try reading bottom up! )
+
+¡ƃɐlɟ ǝɥʇ ʇno noʎ ʇuᴉɹd ll,ʇᴉ puɐ ɹǝʇǝɹdɹǝʇuᴉ ǝɥʇ ɥƃnoɹɥʇ ʇᴉ unɹ puɐ ǝɹǝɥ ǝpoɔ sᴉɥʇ ǝʞɐʇ ʇsnJ .ƎWWIפ uɐɔ noʎ NOʞƆƎɹ I puɐ ┴∩Oq∀ʞ˥∀M ƃuᴉoפ '¡H∀N H∀Ǝ⅄ 'ɐʞʞɐ⅄ pɹɐH 'ǝʞᴉl sǝɹnʇɐǝɟ ɔᴉʇsɐʇuɐɟ ƃuᴉɹnʇɐǝℲ
+
+.snlԀ snlԀ ǝᴉssn∀ ǝʌᴉsnlɔuᴉ ʎʇᴉuɐɟoɹd ǝɹoɯ 'ɹǝʇsɐɟ 'ɹǝʇʇǝq ǝɥʇ oʇ noʎ ǝɔnpoɹʇuᴉ I uɐɔ ʇnq ++Ɔ ɟo pɹɐǝɥ ǝʌ,no⅄
+
+Author: pix
+file: welcome_to_ductf.aplusplus
+```
+

DownUnderCTF 2023/beginner/Welcome to DUCTF!/welcome_to_ductf.aplusplus

@@ -0,0 +1,41 @@
+¡***Ɔ SɹƎƎHƆ
+
+;„¡Ⅎ┴Ɔ ǝɥʇ ɟo ʇsǝɹ ǝɥʇ ʎoɾuƎ„ ƎWWIפ
+
+;()Ⅎ┴Ɔ_ƎH┴
+
+<
+;H┴MƎɹ┴S + ɹnoHʎddɐH + Ⅎ∀˥פ ƎWWIפ	
+;„ɔoɹɔ ɐ ɹɐǝu ʇᴉ ʇɟǝl oƃuoɹp ʎpoolq ʇɥƃᴉɹ ǝɯos 'ʇᴉ punoɟ I 'ǝʇɐɯ llǝɥ ʎpoolq„ ƎWWIפ  
+<	
+;SIH┴ ʞƆ∩Ⅎ Ǝ┴∀W ¿ 0 == (9 '0)ǝɔᴉDǝɯoSʞɔnɥƆ NOʞƆƎɹ ∀⅄		
+
+;(000Ɩ)ʞɔɐSǝɥ┴ʇᴉH		
+		
+;„...ƃɐlɟ ɐʎ sᴉ ɥɐlɐƃ ,uᴉɯɐlɟ ǝɥʇ ǝɹǝɥM„ ƎWWIפ    	
+> (¡H∀N 'H∀Ǝ⅄) ˥I┴N∩ ┴∩Oq∀ʞ˥∀M ∀ ƎΛ∀H ˥˥,I NOʞƆƎɹ I	
+;„ƎɹƐɥʍƐɯoϛ_ʞɔ0lƆoϛ-sʇƖ„ = ɹnoHʎddɐH NOʞƆƎɹ I    
+;„¡ǝʇɐɯ ɐʎ ɹoɟ ƃɐlɟ ǝɥʇ u,ɥɔʇǝℲ„ ƎWWIפ	
+> () SI Ⅎ┴Ɔ_ƎH┴ ɹOℲ ∀ʞʞ∀⅄ Dɹ∀H ƎH┴
+;„{Ⅎ┴Ɔ∩D„ = Ⅎ∀˥פ NOʞƆƎɹ I
+
+  
+<
+;(000ϛ)ʞɔɐSǝɥ┴ʇᴉH  
+  
+<  
+;פ∀˥Ⅎ_∀⅄ ƎWWIפ    
+> ¿ Ɩ == Qqq_ƎW NOʞƆƎɹ ∀⅄  
+
+;„}¡ǝʇɐWǝɹǝHʇ,uᴉ∀ƃɐlℲɐ⅄{∩DℲ┴Ɔ„ = פ∀˥Ⅎ_∀⅄ NOʞƆƎɹ I  
+;Ɩ = Qqq_ƎW NOʞƆƎɹ I  
+  
+;(000ϛ)ʞɔɐSǝɥ┴ʇᴉH  
+;„פ∀˥Ⅎ ƎH┴ ┴NIɹԀ S┴Ǝ˥ '¡Ǝ┴∀W H∀Ǝ⅄„ ƎWWIפ  
+> () SI פ∀˥Ⅎ_┴NIɹԀ ɹOℲ ∀ʞʞ∀⅄ Dɹ∀H ƎH┴
+
+;ǝɔᴉDǝɯoSʞɔnɥƆ ƆN∩Ⅎ ƎW ┴HOԀWI
+;„}„ = H┴MƎɹ┴S NOʞƆƎɹ I
+;ʞɔɐSǝɥ┴ʇᴉH ƆN∩Ⅎ ƎW ┴HOԀWI
+
+¡Ǝ┴∀W ⅄∀D,פ

DownUnderCTF 2023/beginner/X/README.md

@@ -0,0 +1,17 @@
+Aufgabe:
+
+```
+We like to reminisce about the lit memes that have been made by competitiors and organisers alike! Have you checked out the meme dump?
+```
+
+Die wörter "the meme dump" sind verlinkt
+
+the: https://twitter.com/DownUnderCTF/status/1697304493409337835
+meme: https://twitter.com/DownUnderCTF/status/1697308270439051484
+dump: https://twitter.com/DownUnderCTF/status/1697312042821066846
+
+Jedes bild hat kleine gelbe Strings, die die Flagge bilden, aber die bilder sind nicht immer in der richtigen Reihenfolge:
+
+```
+DUCTF{ThanksEl0nWeCantCall1tTheTw1tterFl4gN0w}
+```

DownUnderCTF 2023/beginner/proxed/README.md

@@ -0,0 +1,58 @@
+Go Source:
+
+```go
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+)
+
+var (
+	port = flag.Int("port", 8081, "The port to listen on")
+)
+
+func main() {
+
+	flag.Parse()
+
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		xff := r.Header.Values("X-Forwarded-For")
+
+		ip := strings.Split(r.RemoteAddr, ":")[0]
+
+		if xff != nil {
+			ips := strings.Split(xff[len(xff)-1], ", ")
+			ip = ips[len(ips)-1]
+			ip = strings.TrimSpace(ip)
+		}
+
+		if ip != "31.33.33.7" {
+			message := fmt.Sprintf("untrusted IP: %s", ip)
+			http.Error(w, message, http.StatusForbidden)
+			return
+		} else {
+			w.Write([]byte(os.Getenv("FLAG")))
+		}
+	})
+
+	log.Printf("Listening on port %d", *port)
+	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), nil))
+}
+
+```
+
+Es ist ziemlich eindeutig, dass man seine IP Adresse spoofen soll, um die Flagge aus den ENV vars zu lesen.
+
+Ein hilfreicher Stack-Overflow Beitrag hilft dabei: https://stackoverflow.com/questions/5188584/how-can-i-spoof-the-sender-ip-address-using-curl
+
+=> SOLVED
+```bash
+┌──(kali㉿kali)-[/ctf/DownUnderCTF 2023/beginner/static file server]
+└─$ curl --header "X-Forwarded-For: 31.33.33.7" http://proxed.duc.tf:30019/
+DUCTF{17_533m5_w3_f0rg07_70_pr0x} 
+```

DownUnderCTF 2023/beginner/proxed/proxed/Dockerfile

@@ -0,0 +1,13 @@
+FROM golang:1.20-alpine3.17
+
+WORKDIR /app
+
+COPY . ./
+
+RUN go build -o app ./...
+
+EXPOSE 8081
+
+USER goodboy:goodboy
+
+CMD ["./app"]

DownUnderCTF 2023/beginner/proxed/proxed/cmd/secret_server/main.go

@@ -0,0 +1,42 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+)
+
+var (
+	port = flag.Int("port", 8081, "The port to listen on")
+)
+
+func main() {
+
+	flag.Parse()
+
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		xff := r.Header.Values("X-Forwarded-For")
+
+		ip := strings.Split(r.RemoteAddr, ":")[0]
+
+		if xff != nil {
+			ips := strings.Split(xff[len(xff)-1], ", ")
+			ip = ips[len(ips)-1]
+			ip = strings.TrimSpace(ip)
+		}
+
+		if ip != "31.33.33.7" {
+			message := fmt.Sprintf("untrusted IP: %s", ip)
+			http.Error(w, message, http.StatusForbidden)
+			return
+		} else {
+			w.Write([]byte(os.Getenv("FLAG")))
+		}
+	})
+
+	log.Printf("Listening on port %d", *port)
+	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), nil))
+}

DownUnderCTF 2023/beginner/proxed/proxed/go.mod

@@ -0,0 +1,3 @@
+module github.com/DownUnderCTF/proxed
+
+go 1.20

DownUnderCTF 2023/beginner/static file server/README.md

@@ -0,0 +1,60 @@
+https://web-static-file-server-9af22c2b5640.2023.ductf.dev/files/not_the_flag.txt ->
+
+```
+The real flag is at /flag.txt
+```
+
+https://web-static-file-server-9af22c2b5640.2023.ductf.dev/flag.txt ->
+
+```
+404
+```
+
+Web source code
+```python
+from aiohttp import web
+
+async def index(request):
+    return web.Response(body='''
+        <header><h1>static file server</h1></header>
+        Here are some files:
+        <ul>
+            <li><img src="/files/ductf.png"></img></li>
+            <li><a href="/files/not_the_flag.txt">not the flag</a></li>
+        </ul>
+    ''', content_type='text/html', status=200)
+
+app = web.Application()
+app.add_routes([
+    web.get('/', index),
+
+    # this is handled by https://github.com/aio-libs/aiohttp/blob/v3.8.5/aiohttp/web_urldispatcher.py#L654-L690
+    web.static('/files', './files', follow_symlinks=True)
+])
+web.run_app(app)
+```
+
+Dockerfile:
+```docker
+FROM python:3.10
+
+WORKDIR /app
+COPY app.py .
+COPY flag.txt /flag.txt
+COPY files/ files/
+
+RUN pip3 install aiohttp
+
+RUN /usr/sbin/useradd --no-create-home -u 1000 ctf
+USER ctf
+
+CMD ["python3", "app.py"]
+```
+
+=> Flag in root dir 
+
+=> need to make the server read the arbitrary file
+
+
+Wenn wir symlinks erstellen könnten können wir einen symlink ins root verzeichnis erstellen
+

DownUnderCTF 2023/beginner/static file server/static-file-server/Dockerfile

@@ -0,0 +1,13 @@
+FROM python:3.10
+
+WORKDIR /app
+COPY app.py .
+COPY flag.txt /flag.txt
+COPY files/ files/
+
+RUN pip3 install aiohttp
+
+RUN /usr/sbin/useradd --no-create-home -u 1000 ctf
+# USER ctf  #permission denied on my machine
+
+CMD ["python3", "app.py"]

DownUnderCTF 2023/beginner/static file server/static-file-server/app.py

@@ -0,0 +1,20 @@
+from aiohttp import web
+
+async def index(request):
+    return web.Response(body='''
+        <header><h1>static file server</h1></header>
+        Here are some files:
+        <ul>
+            <li><img src="/files/ductf.png"></img></li>
+            <li><a href="/files/not_the_flag.txt">not the flag</a></li>
+        </ul>
+    ''', content_type='text/html', status=200)
+
+app = web.Application()
+app.add_routes([
+    web.get('/', index),
+
+    # this is handled by https://github.com/aio-libs/aiohttp/blob/v3.8.5/aiohttp/web_urldispatcher.py#L654-L690
+    web.static('/files', './files', follow_symlinks=True)
+])
+web.run_app(app)

DownUnderCTF 2023/beginner/static file server/static-file-server/files/not_the_flag.txt

@@ -0,0 +1 @@
+The real flag is at /flag.txt

DownUnderCTF 2023/beginner/static file server/static-file-server/flag.txt

@@ -0,0 +1 @@
+FLAG

HTB/Keeper/README.md

@@ -6,13 +6,3 @@ http: keeper.htb -> tickets.keeper.htb
 
 -> ssh access = user-flag
 
-RT30000.zip -> KeePassDumpFull.dmp
-
-```
-└─$ file KeePassDumpFull.dmp 
-KeePassDumpFull.dmp: Mini DuMP crash report, 16 streams, Fri May 19 13:46:21 2023, 0x1806 type
-```
-
-KeePass Dumper: https://github.com/CMEPW/keepass-dump-masterkey
-
-#TODO

HTB/agile/ferox-http_agile_htb:80_-1678019995.state

@@ -1 +0,0 @@
-{"scans":[{"id":"4f365a5c329a4e3d9c5219eeec5c69b9","url":"http://agile.htb:80/","normalized_url":"http://agile.htb:80/","scan_type":"Directory","status":"Running","num_requests":833000}],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://agile.htb:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://agile.htb/","original_url":"http://agile.htb:80/","path":"/","wildcard":false,"status":200,"method":"GET","content_length":612,"line_count":25,"word_count":69,"headers":{"connection":"keep-alive","date":"Sun, 05 Mar 2023 11:57:58 GMT","content-length":"612","last-modified":"Thu, 01 Dec 2022 18:20:40 GMT","content-type":"text/html","server":"nginx/1.18.0 (Ubuntu)","accept-ranges":"bytes","etag":"\"6388f078-264\""},"extension":""}],"statistics":{"type":"statistics","timeouts":0,"requests":193535,"expected_per_scan":833000,"total_expected":833000,"errors":0,"successes":3,"redirects":0,"client_errors":193532,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":3,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":1,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[]}

HTB/awkward/ferox-http_awkward_htb:80_-1675808288.state

@@ -1 +0,0 @@
-{"scans":[{"id":"d7aaa3dde5404e86a522802fd6c4a9c2","url":"http://awkward.htb:80/","normalized_url":"http://awkward.htb:80/","scan_type":"Directory","status":"Running","num_requests":833000}],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://awkward.htb:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://awkward.htb/","original_url":"http://awkward.htb:80/","path":"/","wildcard":false,"status":200,"method":"GET","content_length":132,"line_count":8,"word_count":13,"headers":{"content-type":"text/html","etag":"\"63231b83-84\"","accept-ranges":"bytes","content-length":"132","connection":"keep-alive","last-modified":"Thu, 15 Sep 2022 12:33:07 GMT","server":"nginx/1.18.0 (Ubuntu)","date":"Tue, 07 Feb 2023 22:18:04 GMT"},"extension":""}],"statistics":{"type":"statistics","timeouts":0,"requests":1424,"expected_per_scan":833000,"total_expected":833000,"errors":0,"successes":3,"redirects":0,"client_errors":1421,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":3,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":1,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[]}

HTB/mentor/ferox-http_mentor_htb:80_-1675786335.state

@@ -1 +0,0 @@
-{"scans":[{"id":"e0c62a76639a492dacf3a0dd06c4fd96","url":"http://mentor.htb:80/","normalized_url":"http://mentor.htb:80/","scan_type":"Directory","status":"NotStarted","num_requests":833000}],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://mentor.htb:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/kali/htb/mentor/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[],"statistics":{"type":"statistics","timeouts":0,"requests":2,"expected_per_scan":833000,"total_expected":833000,"errors":1,"successes":0,"redirects":1,"client_errors":0,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":0,"status_301s":0,"status_302s":1,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":0,"url_format_errors":0,"redirection_errors":0,"connection_errors":1,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[]}

HTB/soccer/ferox-http_10_10_11_194:80_-1674662797.state

@@ -1 +0,0 @@
-{"scans":[{"id":"2689ff59b1bb4952bd0760a96a0670d3","url":"http://10.10.11.194:80/","normalized_url":"http://10.10.11.194:80/","scan_type":"Directory","status":"Running","num_requests":1543822}],"config":{"type":"configuration","wordlist":"/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://10.10.11.194:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":50,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":false,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://10.10.11.194/09d1efe14b0747d9a4f8be3e7aa30913","original_url":"http://10.10.11.194:80/","path":"/09d1efe14b0747d9a4f8be3e7aa30913","wildcard":true,"status":301,"method":"GET","content_length":178,"line_count":7,"word_count":12,"headers":{"server":"nginx/1.18.0 (Ubuntu)","connection":"keep-alive","content-length":"178","location":"http://soccer.htb/09d1efe14b0747d9a4f8be3e7aa30913","content-type":"text/html","date":"Wed, 25 Jan 2023 15:54:11 GMT"},"extension":""},{"type":"response","url":"http://10.10.11.194/71abea99cb5147799a27f2ebfeb66255a7c396b7c7dd43a3b4d9e8566f2c2137400ca2109ffd4c8985227c3b004a6257","original_url":"http://10.10.11.194:80/","path":"/71abea99cb5147799a27f2ebfeb66255a7c396b7c7dd43a3b4d9e8566f2c2137400ca2109ffd4c8985227c3b004a6257","wildcard":true,"status":301,"method":"GET","content_length":178,"line_count":7,"word_count":12,"headers":{"server":"nginx/1.18.0 (Ubuntu)","date":"Wed, 25 Jan 2023 15:54:11 GMT","content-length":"178","connection":"keep-alive","location":"http://soccer.htb/71abea99cb5147799a27f2ebfeb66255a7c396b7c7dd43a3b4d9e8566f2c2137400ca2109ffd4c8985227c3b004a6257","content-type":"text/html"},"extension":""}],"statistics":{"type":"statistics","timeouts":632,"requests":1024705,"expected_per_scan":1543822,"total_expected":1543822,"errors":659,"successes":0,"redirects":1024045,"client_errors":1,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":0,"status_301s":1024045,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":1024041,"responses_filtered":1024041,"resources_discovered":2,"url_format_errors":0,"redirection_errors":0,"connection_errors":27,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[{"dynamic":18446744073709551615,"size":178,"method":"GET","dont_filter":false}]}

HTB/stocker/ferox-http_10_10_11_196:80_-1674572985.state

@@ -1 +0,0 @@
-{"scans":[{"id":"194e314ac376490ab61036712740816e","url":"http://10.10.11.196:80/","normalized_url":"http://10.10.11.196:80/","scan_type":"Directory","status":"Running","num_requests":833000}],"config":{"type":"configuration","wordlist":"/home/kali/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://10.10.11.196:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/kali/htb/stocker/results/10.10.11.196/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://10.10.11.196/d9be98ffce1147d895aa41acab853b02","original_url":"http://10.10.11.196:80/","path":"/d9be98ffce1147d895aa41acab853b02","wildcard":true,"status":301,"method":"GET","content_length":178,"line_count":7,"word_count":12,"headers":{"content-type":"text/html","date":"Tue, 24 Jan 2023 15:03:01 GMT","server":"nginx/1.18.0 (Ubuntu)","connection":"keep-alive","content-length":"178","location":"http://stocker.htb"},"extension":""},{"type":"response","url":"http://10.10.11.196/40a69154f6cb4f6f971bb2c2f9b7b175e2c9e69a2c99434a87642f75616cde486080134b076149d7a47f124e3f59b178","original_url":"http://10.10.11.196:80/","path":"/40a69154f6cb4f6f971bb2c2f9b7b175e2c9e69a2c99434a87642f75616cde486080134b076149d7a47f124e3f59b178","wildcard":true,"status":301,"method":"GET","content_length":178,"line_count":7,"word_count":12,"headers":{"content-type":"text/html","server":"nginx/1.18.0 (Ubuntu)","content-length":"178","date":"Tue, 24 Jan 2023 15:03:01 GMT","connection":"keep-alive","location":"http://stocker.htb"},"extension":""}],"statistics":{"type":"statistics","timeouts":0,"requests":87512,"expected_per_scan":833000,"total_expected":833000,"errors":0,"successes":1,"redirects":87511,"client_errors":0,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":1,"status_301s":87511,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":87507,"responses_filtered":87507,"resources_discovered":2,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[{"dynamic":18446744073709551615,"size":178,"method":"GET","dont_filter":false}]}