221 lines
11 KiB
Plaintext
221 lines
11 KiB
Plaintext
# Nmap 7.93 scan initiated Wed Feb 1 17:50:14 2023 as: nmap -vv --reason -Pn -T4 -sV -p 443 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/broscience/results/scans/tcp443/tcp_443_https_nmap.txt -oX /home/kali/htb/broscience/results/scans/tcp443/xml/tcp_443_https_nmap.xml 10.10.11.195
|
|
Nmap scan report for broscience.htb (10.10.11.195)
|
|
Host is up, received user-set (0.030s latency).
|
|
Scanned at 2023-02-01 17:50:14 CET for 352s
|
|
|
|
PORT STATE SERVICE REASON VERSION
|
|
443/tcp open http syn-ack ttl 63 Apache httpd 2.4.54 ((Debian))
|
|
| ssl-enum-ciphers:
|
|
| TLSv1.0:
|
|
| ciphers:
|
|
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 3072) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|
|
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 4096) - A
|
|
| compressors:
|
|
| NULL
|
|
| cipher preference: client
|
|
| warnings:
|
|
| Key exchange (dh 3072) of lower strength than certificate key
|
|
| Key exchange (secp256r1) of lower strength than certificate key
|
|
| TLSv1.1:
|
|
| ciphers:
|
|
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 3072) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|
|
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 4096) - A
|
|
| compressors:
|
|
| NULL
|
|
| cipher preference: client
|
|
| warnings:
|
|
| Key exchange (dh 3072) of lower strength than certificate key
|
|
| Key exchange (secp256r1) of lower strength than certificate key
|
|
| TLSv1.2:
|
|
| ciphers:
|
|
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_128_CCM (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_128_CCM_8 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_256_CCM (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (dh 3072) - A
|
|
| TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 3072) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A
|
|
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|
|
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_128_CCM (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_128_CCM_8 (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_256_CCM (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_256_CCM_8 (rsa 4096) - A
|
|
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 4096) - A
|
|
| TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 4096) - A
|
|
| TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 4096) - A
|
|
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 4096) - A
|
|
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 4096) - A
|
|
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 4096) - A
|
|
| compressors:
|
|
| NULL
|
|
| cipher preference: client
|
|
| warnings:
|
|
| Key exchange (dh 3072) of lower strength than certificate key
|
|
| Key exchange (secp256r1) of lower strength than certificate key
|
|
| TLSv1.3:
|
|
| ciphers:
|
|
| TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|
|
| TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|
|
| TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
|
|
| cipher preference: client
|
|
|_ least strength: A
|
|
|_http-dombased-xss: Couldn't find any DOM based XSS.
|
|
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|
|
|_http-server-header: Apache/2.4.54 (Debian)
|
|
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
|
|
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|
|
|_http-feed: Couldn't find any feeds.
|
|
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|
|
| http-vhosts:
|
|
|_128 names had status 400
|
|
|_http-date: Wed, 01 Feb 2023 16:50:48 GMT; +1s from local time.
|
|
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|
|
|_http-fetch: Please enter the complete path of the directory to save data in.
|
|
|_http-referer-checker: Couldn't find any cross-domain scripts.
|
|
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|
|
| http-methods:
|
|
|_ Supported Methods: GET HEAD POST OPTIONS
|
|
| ssl-cert: Subject: commonName=broscience.htb/organizationName=BroScience/countryName=AT/localityName=Vienna/emailAddress=administrator@broscience.htb
|
|
| Issuer: commonName=broscience.htb/organizationName=BroScience/countryName=AT/localityName=Vienna/emailAddress=administrator@broscience.htb
|
|
| Public Key type: rsa
|
|
| Public Key bits: 4096
|
|
| Signature Algorithm: sha256WithRSAEncryption
|
|
| Not valid before: 2022-07-14T19:48:36
|
|
| Not valid after: 2023-07-14T19:48:36
|
|
| MD5: 5328ddd62f3429d11d26ae8a68d86e0c
|
|
| SHA-1: 20568d0d9e4109cde5a22021fe3f349c40d8d75b
|
|
| -----BEGIN CERTIFICATE-----
|
|
| MIIF0zCCA7ugAwIBAgIUD+qpK08oB9Kng1mp3mIxnO21+s4wDQYJKoZIhvcNAQEL
|
|
| BQAweTELMAkGA1UEBhMCQVQxDzANBgNVBAcMBlZpZW5uYTETMBEGA1UECgwKQnJv
|
|
| U2NpZW5jZTEXMBUGA1UEAwwOYnJvc2NpZW5jZS5odGIxKzApBgkqhkiG9w0BCQEW
|
|
| HGFkbWluaXN0cmF0b3JAYnJvc2NpZW5jZS5odGIwHhcNMjIwNzE0MTk0ODM2WhcN
|
|
| MjMwNzE0MTk0ODM2WjB5MQswCQYDVQQGEwJBVDEPMA0GA1UEBwwGVmllbm5hMRMw
|
|
| EQYDVQQKDApCcm9TY2llbmNlMRcwFQYDVQQDDA5icm9zY2llbmNlLmh0YjErMCkG
|
|
| CSqGSIb3DQEJARYcYWRtaW5pc3RyYXRvckBicm9zY2llbmNlLmh0YjCCAiIwDQYJ
|
|
| KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKcyX2E/e8BqyRU6FoKOWoWFJo6nLHhK
|
|
| B0wNgmPrcUZ5ycizPc+6ereoFgzZmj5qI0lBW4ZZNn5m5nBcAlVxCC6qzT+vUY1N
|
|
| j8VyC0seh90AJYGXHylWOJoEl+a8UOrbirbkuvJNhwG6Eryo2enWgmSkyHHIjH2d
|
|
| mS29vmydxAJafTR04IQkbmyfhbuYMEl5aZZQCS+ZuA+5MRCWbpZg8E02O5zAWSa6
|
|
| Kc3W1DnjEFJNECY9fwiga842sR7QxQYaJN30bBQAG0DJgay6Af+7cB82czIt8aRa
|
|
| gcrkrCeBtWc6t0VXyCOAqeVSghqzYhZuAbGQaQJN/lgcVL2Zky8Jte70EGW9Lsq1
|
|
| m6o92goMCfEFKxKieD0niVtOW1v/mkuwMG7R6VRY9D6ySn9jTK0WmmBYX0V145oY
|
|
| BU8WUbhAqZAPb/vsayGmVsKaX6ruNUO0t07ZhMjO8GO1mBh507+3YRtYztwueCOL
|
|
| 7e3N5jdOWXIauGXQafo9jhuhletktmeFs5ytM5gTf0X7R+Ink2coum5TI/KVK2WQ
|
|
| Lb+oSOkgqbrVpIyr3YrpqW1NnyekPweUbC/n4/uSZv1+9QHjGJ3aQtWmf73JFCkG
|
|
| BBeirNufb4/imdX8GZpkJs35kcL32gRyfpLHF9gyEIbW9NEnX1kpg8VfCrUJOjR5
|
|
| PFedjVtw4G/bAgMBAAGjUzBRMB0GA1UdDgQWBBR8vMUiyG5QWyER5cOhk24raL+A
|
|
| WjAfBgNVHSMEGDAWgBR8vMUiyG5QWyER5cOhk24raL+AWjAPBgNVHRMBAf8EBTAD
|
|
| AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCjEIzE+EpLeuGgCY18AREB4t2xSwqiYgqC
|
|
| H+gRoSbQ64xpNrbjOLBeyB4b1FotYdquKiaiFs7P1taY7hQiyHGFk4HOJlhyBnRK
|
|
| atjKt6ZE24yWgsGikGx0D57SYTeJwhqafYRnNuqNPCvnvhO1zQjMTl03T30PvSeb
|
|
| TDfcgd3rzG72w4S/zL59Vr4kr9Js01LpjDgt2Kyd5zW4RZKHA+RdIE+ePJXZaTwj
|
|
| +Ko8QzNKwt3qDlOXAV5MiqUfKPHyg6Rzq8i5bKNMpwU1UxYGpE64T0t+IfhiOX/O
|
|
| r/dW59nLXoHTGhqwAStFCzCqu+6Jfod2wFb+9Ty5rctVIpHw2XMEKfC8DSewvCc6
|
|
| QjMMMCRc2vpkc/YHberK+VYb8eVf4GcKzq6ns341jZ0FAwNEpB6tY6eeGovOLeeO
|
|
| P5ONg9XAO8EipKj/tJhmIZ2G6GHKh1Enj7zg1DoGCMttLeaC5lMzaxAWdwUplaBm
|
|
| w/+0dzFuuJL+XlxQIrVpGpmJOmBvPq/WvzU6ZFi4UwbHkow5EVvUPvW2GmTVecpx
|
|
| Or1X3z3W5aGvj1tH2OcqY5WTcgDNoBtFc3tob8xNd7KB88DQfNbSHuFShKymwAVK
|
|
| bcb0jeUT6YRF6NEmoLu80xyrro+Ejt1fLd3WE6q4+BXvhdj62OPtt5ue2rEhycgc
|
|
| dfC1SCd82A==
|
|
|_-----END CERTIFICATE-----
|
|
|_http-mobileversion-checker: No mobile version detected.
|
|
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|
|
| http-sitemap-generator:
|
|
| Directory structure:
|
|
| Longest directory structure:
|
|
| Depth: 0
|
|
| Dir: /
|
|
| Total files found (by extension):
|
|
|_
|
|
| http-errors:
|
|
| Spidering limited to: maxpagecount=40; withinhost=broscience.htb
|
|
| Found the following error pages:
|
|
|
|
|
| Error Code: 400
|
|
|_ http://broscience.htb:443/
|
|
|_ssl-date: TLS randomness does not represent time
|
|
|_http-chrono: Request times for /; avg: 260.46ms; min: 153.74ms; max: 364.01ms
|
|
|_http-comments-displayer: Couldn't find any comments.
|
|
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|
|
| http-headers:
|
|
| Date: Wed, 01 Feb 2023 16:50:51 GMT
|
|
| Server: Apache/2.4.54 (Debian)
|
|
| Content-Length: 458
|
|
| Connection: close
|
|
| Content-Type: text/html; charset=iso-8859-1
|
|
|
|
|
|_ (Request type: GET)
|
|
|_http-malware-host: Host appears to be clean
|
|
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|
|
| http-security-headers:
|
|
| Strict_Transport_Security:
|
|
|_ HSTS not configured in HTTPS Server
|
|
| http-useragent-tester:
|
|
| Status for browser useragent: 400
|
|
| Allowed User Agents:
|
|
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
|
|
| libwww
|
|
| lwp-trivial
|
|
| libcurl-agent/1.0
|
|
| PHP/
|
|
| Python-urllib/2.5
|
|
| GT::WWW
|
|
| Snoopy
|
|
| MFC_Tear_Sample
|
|
| HTTP::Lite
|
|
| PHPCrawl
|
|
| URI::Fetch
|
|
| Zend_Http_Client
|
|
| http client
|
|
| PECL::HTTP
|
|
| Wget/1.13.4 (linux-gnu)
|
|
|_ WWW-Mechanize/1.34
|
|
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|
|
|_http-title: 400 Bad Request
|
|
|
|
Read data files from: /usr/bin/../share/nmap
|
|
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
|
|
# Nmap done at Wed Feb 1 17:56:06 2023 -- 1 IP address (1 host up) scanned in 352.25 seconds
|