# Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.026s latency).
Scanned at 2023-01-23 02:12:55 EST for 173s

Bug in http-security-headers: no string output.
PORT   STATE SERVICE REASON  VERSION
80/tcp open  http    syn-ack Apache httpd 2.4.41
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: http://eforenzics.htb:80/service.html
|     Form id: 
|_    Form action: upload.php
| http-useragent-tester: 
|   Status for browser useragent: 200
|   Allowed User Agents: 
|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
|     libwww
|     lwp-trivial
|     libcurl-agent/1.0
|     PHP/
|     Python-urllib/2.5
|     GT::WWW
|     Snoopy
|     MFC_Tear_Sample
|     HTTP::Lite
|     PHPCrawl
|     URI::Fetch
|     Zend_Http_Client
|     http client
|     PECL::HTTP
|     Wget/1.13.4 (linux-gnu)
|_    WWW-Mechanize/1.34
|_http-chrono: Request times for /; avg: 160.74ms; min: 150.93ms; max: 169.60ms
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-errors: Couldn't find any error pages.
| http-sitemap-generator: 
|   Directory structure:
|     /
|       Other: 1
|   Longest directory structure:
|     Depth: 0
|     Dir: /
|   Total files found (by extension):
|_    Other: 1
|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
| http-fileupload-exploiter: 
|   
|     Couldn't find a file-type field.
|   
|     Failed to upload and execute a payload.
|   
|     Failed to upload and execute a payload.
|   
|     Failed to upload and execute a payload.
|   
|_    Failed to upload and execute a payload.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-vhosts: 
| squid.htb
|_127 names had status 301
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-title: eForenzics - Premier Digital Forensics
| http-comments-displayer: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb
|     
|     Path: http://eforenzics.htb:80/assets/css/efore.css
|     Line number: 11390
|     Comment: 
|         /* Page Navbar*/
|     
|     Path: http://eforenzics.htb:80/assets/css/efore.css
|     Line number: 11356
|     Comment: 
|         /* forms */
|     
|     Path: http://eforenzics.htb:80/assets/css/efore.css
|     Line number: 11294
|     Comment: 
|         /* Testemonial */
|     
|     Path: http://eforenzics.htb:80/assets/js/efore.js
|     Line number: 15
|     Comment: 
|         
|         // smooth scroll
|     
|     Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
|     Line number: 14
|     Comment: 
|          // ======================
|     
|     Path: http://eforenzics.htb:80/assets/css/efore.css
|     Line number: 11015
|     Comment: 
|         /* bg-img */
|     
|     Path: http://eforenzics.htb:80/assets/js/efore.js
|     Line number: 1
|     Comment: 
|         /*!
|         =========================================================
|         * Rubic Landing page
|         =========================================================
|         
|         * Copyright: 2019 DevCRUD (https://devcrud.com)
|         * Licensed: (https://devcrud.com/licenses)
|         * Coded by www.devcrud.com
|         
|         =========================================================
|         
|         * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|         */
|     
|     Path: http://eforenzics.htb:80/assets/css/efore.css
|     Line number: 11106
|     Comment: 
|         /* social wrapper*/
|     
|     Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
|     Line number: 116
|     Comment: 
|          // AFFIX PLUGIN DEFINITION
|     
|     Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
|     Line number: 136
|     Comment: 
|          // AFFIX NO CONFLICT
|     
|     Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
|     Line number: 137
|     Comment: 
|          // =================
|     
|     Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
|     Line number: 13
|     Comment: 
|          // AFFIX CLASS DEFINITION
|     
|     Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
|     Line number: 145
|     Comment: 
|          // AFFIX DATA-API
|     
|     Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
|     Line number: 146
|     Comment: 
|          // ==============
|     
|     Path: http://eforenzics.htb:80/assets/css/efore.css
|     Line number: 11213
|     Comment: 
|         /* Pricing cards */
|     
|     Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
|     Line number: 117
|     Comment: 
|          // =======================
|     
|     Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
|     Line number: 1
|     Comment: 
|         /* ========================================================================
|          * Bootstrap: affix.js v3.3.6
|          * http://getbootstrap.com/javascript/#affix
|          * ========================================================================
|          * Copyright 2011-2015 Twitter, Inc.
|          * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
|          * ======================================================================== */
|     
|     Path: http://eforenzics.htb:80/assets/css/efore.css
|     Line number: 11592
|     Comment: 
|         /*Tabs nav section*/
|     
|     Path: http://eforenzics.htb:80/assets/css/efore.css
|     Line number: 11361
|     Comment: 
|_        /*utilities*/
|_http-feed: Couldn't find any feeds.
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-mobileversion-checker: No mobile version detected.
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
| http-php-version: Logo query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c
|_Credits query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c
| http-headers: 
|   Date: Mon, 23 Jan 2023 07:13:02 GMT
|   Server: Apache/2.4.41 (Ubuntu)
|   Upgrade: h2
|   Connection: Upgrade, close
|   Last-Modified: Sat, 01 Oct 2022 00:31:36 GMT
|   ETag: "2acd-5e9ee3baeb4fd"
|   Accept-Ranges: bytes
|   Content-Length: 10957
|   Vary: Accept-Encoding
|   Content-Type: text/html
|   
|_  (Request type: HEAD)
| http-methods: 
|_  Supported Methods: GET HEAD POST
|_http-malware-host: Host appears to be clean
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-date: Mon, 23 Jan 2023 07:13:04 GMT; 0s from local time.

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:15:48 2023 -- 1 IP address (1 host up) scanned in 173.32 seconds