# Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml interface.htb Nmap scan report for interface.htb (10.129.146.193) Host is up, received user-set (0.019s latency). Scanned at 2023-02-11 20:04:33 CET for 110s PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack ttl 63 nginx 1.14.0 (Ubuntu) |_http-malware-host: Host appears to be clean |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php | http-methods: |_ Supported Methods: GET HEAD |_http-date: Sat, 11 Feb 2023 19:04:43 GMT; +1s from local time. |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages. |_http-mobileversion-checker: No mobile version detected. | http-sitemap-generator: | Directory structure: | / | Other: 1 | Longest directory structure: | Depth: 0 | Dir: / | Total files found (by extension): |_ Other: 1 | http-grep: | (1) http://interface.htb:80/: | (1) email: |_ + contact@interface.htb | http-php-version: Logo query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df |_Credits query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable |_http-jsonp-detection: Couldn't find any JSONP endpoints. |_http-errors: Couldn't find any error pages. | http-vhosts: |_128 names had status 200 |_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA | http-useragent-tester: | Status for browser useragent: 200 | Allowed User Agents: | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) | libwww | lwp-trivial | libcurl-agent/1.0 | PHP/ | Python-urllib/2.5 | GT::WWW | Snoopy | MFC_Tear_Sample | HTTP::Lite | PHPCrawl | URI::Fetch | Zend_Http_Client | http client | PECL::HTTP | Wget/1.13.4 (linux-gnu) |_ WWW-Mechanize/1.34 |_http-fetch: Please enter the complete path of the directory to save data in. |_http-config-backup: ERROR: Script execution failed (use -d to debug) |_http-server-header: nginx/1.14.0 (Ubuntu) |_http-chrono: Request times for /; avg: 270.73ms; min: 153.90ms; max: 523.51ms | http-wordpress-enum: | Search limited to top 100 themes/plugins | plugins | akismet | contact-form-7 | wordpress-seo | jetpack | all-in-one-seo-pack | wordfence | woocommerce | google-sitemap-generator | wordpress-importer | nextgen-gallery | google-analytics-for-wordpress | wp-super-cache | tinymce-advanced | wptouch | better-wp-security | siteorigin-panels | updraftplus | w3-total-cache | google-analytics-dashboard-for-wp | wp-pagenavi | si-contact-form | advanced-custom-fields | mailchimp-for-wp | the-events-calendar | add-to-any | duplicator | wysija-newsletters | ninja-forms | wp-smushit | buddypress | ewww-image-optimizer | so-widgets-bundle | really-simple-captcha | ml-slider | black-studio-tinymce-widget | photo-gallery | broken-link-checker | regenerate-thumbnails | google-analyticator | redirection | captcha | duplicate-post | breadcrumb-navxt | backwpup | user-role-editor | yet-another-related-posts-plugin | contact-form-plugin | newsletter | bbpress | all-in-one-wp-security-and-firewall | disable-comments | social-networks-auto-poster-facebook-twitter-g | wp-optimize | addthis | wp-statistics | wp-e-commerce | all-in-one-wp-migration | backupwordpress | si-captcha-for-wordpress | wp-slimstat | wp-google-maps | wp-spamshield | wp-maintenance-mode | googleanalytics | worker | yith-woocommerce-wishlist | wp-multibyte-patch | wp-to-twitter | image-widget | wp-db-backup | shortcodes-ultimate | ultimate-tinymce | share-this | disqus-comment-system | gallery-bank | types | wp-polls | custom-post-type-ui | shareaholic | polylang | post-types-order | gtranslate | bulletproof-security | wp-fastest-cache | facebook | sociable | iwp-client | nextgen-facebook | seo-ultimate | wp-postviews | formidable | squirrly-seo | wp-mail-smtp | tablepress | redux-framework | page-links-to | youtube-embed-plus | contact-bank | maintenance | wp-retina-2x | themes | twentyeleven | twentytwelve | twentyten | twentythirteen | twentyfourteen | twentyfifteen | responsive | customizr | zerif-lite | virtue | storefront | atahualpa | twentysixteen | vantage | hueman | spacious | evolve | colorway | graphene | sydney | ifeature | mh-magazine-lite | generatepress | mantra | omega | onetone | coraline | pinboard | thematic | sparkling | catch-box | make | colormag | enigma | custom-community | mystique | alexandria | delicate | lightword | attitude | inove | magazine-basic | raindrops | minamaze | zbench | point | eclipse | portfolio-press | twentyseventeen | travelify | swift-basic | iconic-one | arcade-basic | bouquet | pixel | sliding-door | pilcrow | simple-catch | tempera | destro | p2 | sunspot | sundance | dusk-to-dawn | onepress | moesia | dynamic-news-lite | parabola | parament | dazzling | accesspress-lite | optimizer | one-page | chaostheory | business-lite | duster | constructor | nirvana | sixteen | esquire | beach | next-saturday | flat | hatch | minimatica | radiate | accelerate | oxygen | accesspress-parallax | swift | spun | wp-creativix | suevafree | hemingway | pink-touch-2 | motion | fruitful | steira | news |_ llorix-one-lite |_http-dombased-xss: Couldn't find any DOM based XSS. | http-security-headers: | Content_Security_Policy: | Header: Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:; | Description: Define which scripts the protected resource can execute. | Description: Define which styles (CSS) the user applies to the protected resource. | Description: Define from where the protected resource can load images. | Description: Define from where the protected resource can embed frames. |_ Description: Define which URIs the protected resource can load using script interfaces. | http-headers: | Server: nginx/1.14.0 (Ubuntu) | Date: Sat, 11 Feb 2023 19:04:44 GMT | Content-Type: text/html; charset=utf-8 | Content-Length: 6359 | Connection: close | Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:; | X-Powered-By: Next.js | ETag: "i8ubiadkff4wf" | Vary: Accept-Encoding | |_ (Request type: HEAD) |_http-referer-checker: Couldn't find any cross-domain scripts. |_http-feed: Couldn't find any feeds. |_http-comments-displayer: Couldn't find any comments. |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number= for deeper analysis) |_http-title: Site Maintenance Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Feb 11 20:06:23 2023 -- 1 IP address (1 host up) scanned in 113.44 seconds