laokoon
This commit is contained in:
@@ -0,0 +1,50 @@
|
||||
HTTP/1.1 200 OK
|
||||
Content-Type: text/html
|
||||
Last-Modified: Fri, 20 Aug 2021 13:39:48 GMT
|
||||
Accept-Ranges: bytes
|
||||
ETag: "0eaf6d7c895d71:0"
|
||||
Server: Microsoft-IIS/10.0
|
||||
Date: Sat, 28 Oct 2023 13:05:55 GMT
|
||||
Content-Length: 1034
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="en" >
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Slandovia Energy</title>
|
||||
<link rel='stylesheet' href='https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/jquery-ui.css'><link rel="stylesheet" href="./style.css">
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js"></script>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
<!-- partial:index.partial.html -->
|
||||
<link href='https://fonts.googleapis.com/css?family=Open+Sans|Maven+Pro:500' rel='stylesheet' type='text/css'>
|
||||
<div class="deco topdeco">
|
||||
<span></span>
|
||||
<span></span>
|
||||
<span></span>
|
||||
<span></span>
|
||||
</div>
|
||||
|
||||
<h1>MegaCorp</h1>
|
||||
<h3>
|
||||
Slandovia Energy Grid
|
||||
</h3>
|
||||
|
||||
<section class="list-wrap">
|
||||
|
||||
<label for="search-text">Check Status</label>
|
||||
<input type="text" id="search-text" placeholder="search" class="search-box">
|
||||
<span class="list-count"></span>
|
||||
|
||||
|
||||
<ul id="list">
|
||||
<span class="empty-item">no results</span>
|
||||
</ul>
|
||||
</section>
|
||||
|
||||
<!-- partial -->
|
||||
<script src="./script.js"></script>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,21 @@
|
||||
200 GET 25l 72w 692c http://10.129.243.131/script.js
|
||||
200 GET 215l 294w 3166c http://10.129.243.131/style.css
|
||||
200 GET 41l 66w 1034c http://10.129.243.131/
|
||||
200 GET 41l 66w 1034c http://10.129.243.131/Index.html
|
||||
200 GET 8l 168w 1092c http://10.129.243.131/LICENSE.txt
|
||||
200 GET 1l 14w 116c http://10.129.243.131/Search.php
|
||||
200 GET 41l 66w 1034c http://10.129.243.131/index.html
|
||||
200 GET 8l 168w 1092c http://10.129.243.131/license.txt
|
||||
200 GET 1l 14w 116c http://10.129.243.131/search.php
|
||||
200 GET 25l 72w 692c http://10.129.243.131/script.js
|
||||
200 GET 215l 294w 3166c http://10.129.243.131/style.css
|
||||
200 GET 41l 66w 1034c http://10.129.243.131/
|
||||
200 GET 41l 66w 1034c http://10.129.243.131/Index.html
|
||||
200 GET 8l 168w 1092c http://10.129.243.131/LICENSE.txt
|
||||
200 GET 1l 14w 116c http://10.129.243.131/Search.php
|
||||
200 GET 41l 66w 1034c http://10.129.243.131/index.html
|
||||
200 GET 8l 168w 1092c http://10.129.243.131/license.txt
|
||||
200 GET 1l 14w 116c http://10.129.243.131/search.php
|
||||
200 GET 8l 168w 1092c http://10.129.243.131/License.txt
|
||||
200 GET 1l 14w 116c http://10.129.243.131/SEARCH.php
|
||||
200 GET 41l 66w 1034c http://10.129.243.131/INDEX.html
|
||||
@@ -0,0 +1,106 @@
|
||||
# Nmap 7.93 scan initiated Sat Oct 28 14:27:53 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.243.131
|
||||
Nmap scan report for megacorp.htb (10.129.243.131)
|
||||
Host is up, received user-set (0.033s latency).
|
||||
Scanned at 2023-10-28 14:27:58 CEST for 128s
|
||||
|
||||
Bug in http-security-headers: no string output.
|
||||
PORT STATE SERVICE REASON VERSION
|
||||
80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0
|
||||
| http-headers:
|
||||
| Content-Length: 1034
|
||||
| Content-Type: text/html
|
||||
| Last-Modified: Fri, 20 Aug 2021 13:39:48 GMT
|
||||
| Accept-Ranges: bytes
|
||||
| ETag: "0eaf6d7c895d71:0"
|
||||
| Server: Microsoft-IIS/10.0
|
||||
| Date: Sat, 28 Oct 2023 13:05:55 GMT
|
||||
| Connection: close
|
||||
|
|
||||
|_ (Request type: HEAD)
|
||||
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|
||||
|_http-server-header: Microsoft-IIS/10.0
|
||||
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|
||||
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|
||||
| http-php-version: Logo query returned unknown hash a38e7a4db6688b811d52e1eab13a9b5c
|
||||
|_Credits query returned unknown hash a38e7a4db6688b811d52e1eab13a9b5c
|
||||
| http-methods:
|
||||
| Supported Methods: OPTIONS TRACE GET HEAD POST
|
||||
|_ Potentially risky methods: TRACE
|
||||
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|
||||
| http-comments-displayer:
|
||||
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=megacorp.htb
|
||||
|
|
||||
| Path: http://megacorp.htb:80/style.css
|
||||
| Line number: 117
|
||||
| Comment:
|
||||
| /*
|
||||
| The following are styles purely for the surroundings
|
||||
| */
|
||||
|
|
||||
| Path: http://megacorp.htb:80/
|
||||
| Line number: 11
|
||||
| Comment:
|
||||
| <!-- partial:index.partial.html -->
|
||||
|
|
||||
| Path: http://megacorp.htb:80/
|
||||
| Line number: 37
|
||||
| Comment:
|
||||
| <!-- partial -->
|
||||
|
|
||||
| Path: http://megacorp.htb:80/style.css
|
||||
| Line number: 1
|
||||
| Comment:
|
||||
|_ /* this declares a better box model */
|
||||
|_http-fetch: Please enter the complete path of the directory to save data in.
|
||||
|_http-errors: Couldn't find any error pages.
|
||||
|_http-mobileversion-checker: No mobile version detected.
|
||||
| http-vhosts:
|
||||
|_128 names had status 200
|
||||
|_http-dombased-xss: Couldn't find any DOM based XSS.
|
||||
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|
||||
| http-sitemap-generator:
|
||||
| Directory structure:
|
||||
| /
|
||||
| Other: 1; css: 1; js: 1
|
||||
| Longest directory structure:
|
||||
| Depth: 0
|
||||
| Dir: /
|
||||
| Total files found (by extension):
|
||||
|_ Other: 1; css: 1; js: 1
|
||||
| http-useragent-tester:
|
||||
| Status for browser useragent: 200
|
||||
| Allowed User Agents:
|
||||
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
|
||||
| libwww
|
||||
| lwp-trivial
|
||||
| libcurl-agent/1.0
|
||||
| PHP/
|
||||
| Python-urllib/2.5
|
||||
| GT::WWW
|
||||
| Snoopy
|
||||
| MFC_Tear_Sample
|
||||
| HTTP::Lite
|
||||
| PHPCrawl
|
||||
| URI::Fetch
|
||||
| Zend_Http_Client
|
||||
| http client
|
||||
| PECL::HTTP
|
||||
| Wget/1.13.4 (linux-gnu)
|
||||
|_ WWW-Mechanize/1.34
|
||||
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|
||||
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|
||||
| http-referer-checker:
|
||||
| Spidering limited to: maxpagecount=30
|
||||
|_ https://cdnjs.cloudflare.com:443/ajax/libs/prefixfree/1.0.7/prefixfree.min.js
|
||||
|_http-feed: Couldn't find any feeds.
|
||||
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|
||||
|_http-chrono: Request times for /; avg: 159.55ms; min: 156.41ms; max: 162.52ms
|
||||
|_http-date: Sat, 28 Oct 2023 13:05:55 GMT; +37m49s from local time.
|
||||
|_http-title: Slandovia Energy
|
||||
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|
||||
|_http-malware-host: Host appears to be clean
|
||||
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
|
||||
|
||||
Read data files from: /usr/bin/../share/nmap
|
||||
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
|
||||
# Nmap done at Sat Oct 28 14:30:06 2023 -- 1 IP address (1 host up) scanned in 133.76 seconds
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 2.0 MiB |
@@ -0,0 +1,46 @@
|
||||
WhatWeb report for http://10.129.243.131:80
|
||||
Status : 200 OK
|
||||
Title : Slandovia Energy
|
||||
IP : 10.129.243.131
|
||||
Country : RESERVED, ZZ
|
||||
|
||||
Summary : HTML5, HTTPServer[Microsoft-IIS/10.0], Microsoft-IIS[10.0], Script
|
||||
|
||||
Detected Plugins:
|
||||
[ HTML5 ]
|
||||
HTML version 5, detected by the doctype declaration
|
||||
|
||||
|
||||
[ HTTPServer ]
|
||||
HTTP server header string. This plugin also attempts to
|
||||
identify the operating system from the server header.
|
||||
|
||||
String : Microsoft-IIS/10.0 (from server string)
|
||||
|
||||
[ Microsoft-IIS ]
|
||||
Microsoft Internet Information Services (IIS) for Windows
|
||||
Server is a flexible, secure and easy-to-manage Web server
|
||||
for hosting anything on the Web. From media streaming to
|
||||
web application hosting, IIS's scalable and open
|
||||
architecture is ready to handle the most demanding tasks.
|
||||
|
||||
Version : 10.0
|
||||
Website : http://www.iis.net/
|
||||
|
||||
[ Script ]
|
||||
This plugin detects instances of script HTML elements and
|
||||
returns the script language/type.
|
||||
|
||||
|
||||
HTTP Headers:
|
||||
HTTP/1.1 200 OK
|
||||
Content-Type: text/html
|
||||
Last-Modified: Fri, 20 Aug 2021 13:39:48 GMT
|
||||
Accept-Ranges: bytes
|
||||
ETag: "0eaf6d7c895d71:0"
|
||||
Server: Microsoft-IIS/10.0
|
||||
Date: Sat, 28 Oct 2023 13:05:55 GMT
|
||||
Connection: close
|
||||
Content-Length: 1034
|
||||
|
||||
|
||||
@@ -0,0 +1,81 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE nmaprun>
|
||||
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
|
||||
<!-- Nmap 7.93 scan initiated Sat Oct 28 14:27:53 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.243.131 -->
|
||||
<nmaprun scanner="nmap" args="nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.243.131" start="1698496073" startstr="Sat Oct 28 14:27:53 2023" version="7.93" xmloutputversion="1.05">
|
||||
<scaninfo type="syn" protocol="tcp" numservices="1" services="80"/>
|
||||
<verbose level="2"/>
|
||||
<debugging level="0"/>
|
||||
<taskbegin task="NSE" time="1698496077"/>
|
||||
<taskend task="NSE" time="1698496077"/>
|
||||
<taskbegin task="NSE" time="1698496077"/>
|
||||
<taskend task="NSE" time="1698496077"/>
|
||||
<taskbegin task="NSE" time="1698496077"/>
|
||||
<taskend task="NSE" time="1698496077"/>
|
||||
<taskbegin task="SYN Stealth Scan" time="1698496077"/>
|
||||
<taskend task="SYN Stealth Scan" time="1698496078" extrainfo="1 total ports"/>
|
||||
<taskbegin task="Service scan" time="1698496078"/>
|
||||
<taskend task="Service scan" time="1698496084" extrainfo="1 service on 1 host"/>
|
||||
<taskbegin task="NSE" time="1698496084"/>
|
||||
<taskprogress task="NSE" time="1698496115" percent="99.67" remaining="1" etc="1698496115"/>
|
||||
<taskprogress task="NSE" time="1698496145" percent="99.67" remaining="1" etc="1698496145"/>
|
||||
<taskprogress task="NSE" time="1698496175" percent="99.67" remaining="1" etc="1698496175"/>
|
||||
<taskprogress task="NSE" time="1698496205" percent="99.67" remaining="1" etc="1698496205"/>
|
||||
<taskend task="NSE" time="1698496206"/>
|
||||
<taskbegin task="NSE" time="1698496206"/>
|
||||
<taskend task="NSE" time="1698496206"/>
|
||||
<taskbegin task="NSE" time="1698496206"/>
|
||||
<taskend task="NSE" time="1698496206"/>
|
||||
<host starttime="1698496078" endtime="1698496206"><status state="up" reason="user-set" reason_ttl="0"/>
|
||||
<address addr="10.129.243.131" addrtype="ipv4"/>
|
||||
<hostnames>
|
||||
<hostname name="megacorp.htb" type="PTR"/>
|
||||
</hostnames>
|
||||
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="http" product="Microsoft IIS httpd" version="10.0" ostype="Windows" method="probed" conf="10"><cpe>cpe:/a:microsoft:internet_information_services:10.0</cpe><cpe>cpe:/o:microsoft:windows</cpe></service><script id="http-headers" output="
 Content-Length: 1034
 Content-Type: text/html
 Last-Modified: Fri, 20 Aug 2021 13:39:48 GMT
 Accept-Ranges: bytes
 ETag: "0eaf6d7c895d71:0"
 Server: Microsoft-IIS/10.0
 Date: Sat, 28 Oct 2023 13:05:55 GMT
 Connection: close
 
 (Request type: HEAD)
"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-server-header" output="Microsoft-IIS/10.0"><elem>Microsoft-IIS/10.0</elem>
|
||||
</script><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)"/><script id="http-stored-xss" output="Couldn't find any stored XSS vulnerabilities."/><script id="http-php-version" output="Logo query returned unknown hash a38e7a4db6688b811d52e1eab13a9b5c
Credits query returned unknown hash a38e7a4db6688b811d52e1eab13a9b5c"/><script id="http-methods" output="
 Supported Methods: OPTIONS TRACE GET HEAD POST
 Potentially risky methods: TRACE"><table key="Supported Methods">
|
||||
<elem>OPTIONS</elem>
|
||||
<elem>TRACE</elem>
|
||||
<elem>GET</elem>
|
||||
<elem>HEAD</elem>
|
||||
<elem>POST</elem>
|
||||
</table>
|
||||
<table key="Potentially risky methods">
|
||||
<elem>TRACE</elem>
|
||||
</table>
|
||||
</script><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-comments-displayer" output="
Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=megacorp.htb
 
 Path: http://megacorp.htb:80/style.css
 Line number: 117
 Comment: 
 /*
 The following are styles purely for the surroundings
 */
 
 Path: http://megacorp.htb:80/
 Line number: 11
 Comment: 
 <!-- partial:index.partial.html -->
 
 Path: http://megacorp.htb:80/
 Line number: 37
 Comment: 
 <!-- partial -->
 
 Path: http://megacorp.htb:80/style.css
 Line number: 1
 Comment: 
 /* this declares a better box model */
"/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
|
||||
</script><script id="http-errors" output="Couldn't find any error pages."/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-vhosts" output="
128 names had status 200"/><script id="http-dombased-xss" output="Couldn't find any DOM based XSS."/><script id="http-jsonp-detection" output="Couldn't find any JSONP endpoints."/><script id="http-sitemap-generator" output="
 Directory structure:
 /
 Other: 1; css: 1; js: 1
 Longest directory structure:
 Depth: 0
 Dir: /
 Total files found (by extension):
 Other: 1; css: 1; js: 1
"/><script id="http-useragent-tester" output="
 Status for browser useragent: 200
 Allowed User Agents: 
 Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
 libwww
 lwp-trivial
 libcurl-agent/1.0
 PHP/
 Python-urllib/2.5
 GT::WWW
 Snoopy
 MFC_Tear_Sample
 HTTP::Lite
 PHPCrawl
 URI::Fetch
 Zend_Http_Client
 http client
 PECL::HTTP
 Wget/1.13.4 (linux-gnu)
 WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
|
||||
<table key="Allowed User Agents">
|
||||
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
|
||||
<elem>libwww</elem>
|
||||
<elem>lwp-trivial</elem>
|
||||
<elem>libcurl-agent/1.0</elem>
|
||||
<elem>PHP/</elem>
|
||||
<elem>Python-urllib/2.5</elem>
|
||||
<elem>GT::WWW</elem>
|
||||
<elem>Snoopy</elem>
|
||||
<elem>MFC_Tear_Sample</elem>
|
||||
<elem>HTTP::Lite</elem>
|
||||
<elem>PHPCrawl</elem>
|
||||
<elem>URI::Fetch</elem>
|
||||
<elem>Zend_Http_Client</elem>
|
||||
<elem>http client</elem>
|
||||
<elem>PECL::HTTP</elem>
|
||||
<elem>Wget/1.13.4 (linux-gnu)</elem>
|
||||
<elem>WWW-Mechanize/1.34</elem>
|
||||
</table>
|
||||
</script><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)"/><script id="http-devframework" output="Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages."/><script id="http-referer-checker" output="
Spidering limited to: maxpagecount=30
 https://cdnjs.cloudflare.com:443/ajax/libs/prefixfree/1.0.7/prefixfree.min.js
"/><script id="http-feed" output="Couldn't find any feeds."/><script id="http-csrf" output="Couldn't find any CSRF vulnerabilities."/><script id="http-chrono" output="Request times for /; avg: 159.55ms; min: 156.41ms; max: 162.52ms"/><script id="http-security-headers" output=""></script><script id="http-date" output="Sat, 28 Oct 2023 13:05:55 GMT; +37m49s from local time."><elem key="date">2023-10-28T13:05:55+00:00</elem>
|
||||
<elem key="delta">2269.0</elem>
|
||||
</script><script id="http-title" output="Slandovia Energy"><elem key="title">Slandovia Energy</elem>
|
||||
</script><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn't find wp-login.php"/><script id="http-malware-host" output="Host appears to be clean"/></port>
|
||||
</ports>
|
||||
<times srtt="32870" rttvar="32870" to="164350"/>
|
||||
</host>
|
||||
<taskbegin task="NSE" time="1698496206"/>
|
||||
<taskend task="NSE" time="1698496206"/>
|
||||
<taskbegin task="NSE" time="1698496206"/>
|
||||
<taskend task="NSE" time="1698496206"/>
|
||||
<taskbegin task="NSE" time="1698496206"/>
|
||||
<taskend task="NSE" time="1698496206"/>
|
||||
<runstats><finished time="1698496206" timestr="Sat Oct 28 14:30:06 2023" summary="Nmap done at Sat Oct 28 14:30:06 2023; 1 IP address (1 host up) scanned in 133.76 seconds" elapsed="133.76" exit="success"/><hosts up="1" down="0" total="1"/>
|
||||
</runstats>
|
||||
</nmaprun>
|
||||
Reference in New Issue
Block a user