simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
9621715a322e59a82bc29f39f736c057d6edfd46
CTF/HTB/investigation/results/scans/tcp80/tcp_80_http_nmap.txt
Simon 82b0759f1e init htb 
old htb folders
2023-08-29 21:53:22 +02:00

216 lines
7.9 KiB
Plaintext
Raw Blame History

# Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.026s latency).
Scanned at 2023-01-23 02:12:55 EST for 173s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack Apache httpd 2.4.41
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb
| Found the following possible CSRF vulnerabilities:
|
| Path: http://eforenzics.htb:80/service.html
| Form id:
|_ Form action: upload.php
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-chrono: Request times for /; avg: 160.74ms; min: 150.93ms; max: 169.60ms
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-errors: Couldn't find any error pages.
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_ Other: 1
|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
| http-fileupload-exploiter:
|
| Couldn't find a file-type field.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
|_ Failed to upload and execute a payload.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-vhosts:
| squid.htb
|_127 names had status 301
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-title: eForenzics - Premier Digital Forensics
| http-comments-displayer:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11390
| Comment:
| /* Page Navbar*/
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11356
| Comment:
| /* forms */
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11294
| Comment:
| /* Testemonial */
|
| Path: http://eforenzics.htb:80/assets/js/efore.js
| Line number: 15
| Comment:
|
| // smooth scroll
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 14
| Comment:
| // ======================
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11015
| Comment:
| /* bg-img */
|
| Path: http://eforenzics.htb:80/assets/js/efore.js
| Line number: 1
| Comment:
| /*!
| =========================================================
| * Rubic Landing page
| =========================================================
|
| * Copyright: 2019 DevCRUD (https://devcrud.com)
| * Licensed: (https://devcrud.com/licenses)
| * Coded by www.devcrud.com
|
| =========================================================
|
| * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
| */
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11106
| Comment:
| /* social wrapper*/
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 116
| Comment:
| // AFFIX PLUGIN DEFINITION
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 136
| Comment:
| // AFFIX NO CONFLICT
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 137
| Comment:
| // =================
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 13
| Comment:
| // AFFIX CLASS DEFINITION
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 145
| Comment:
| // AFFIX DATA-API
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 146
| Comment:
| // ==============
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11213
| Comment:
| /* Pricing cards */
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 117
| Comment:
| // =======================
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 1
| Comment:
| /* ========================================================================
| * Bootstrap: affix.js v3.3.6
| * http://getbootstrap.com/javascript/#affix
| * ========================================================================
| * Copyright 2011-2015 Twitter, Inc.
| * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
| * ======================================================================== */
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11592
| Comment:
| /*Tabs nav section*/
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11361
| Comment:
|_ /*utilities*/
|_http-feed: Couldn't find any feeds.
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-mobileversion-checker: No mobile version detected.
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
| http-php-version: Logo query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c
|_Credits query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c
| http-headers:
| Date: Mon, 23 Jan 2023 07:13:02 GMT
| Server: Apache/2.4.41 (Ubuntu)
| Upgrade: h2
| Connection: Upgrade, close
| Last-Modified: Sat, 01 Oct 2022 00:31:36 GMT
| ETag: "2acd-5e9ee3baeb4fd"
| Accept-Ranges: bytes
| Content-Length: 10957
| Vary: Accept-Encoding
| Content-Type: text/html
|
|_ (Request type: HEAD)
| http-methods:
|_ Supported Methods: GET HEAD POST
|_http-malware-host: Host appears to be clean
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-date: Mon, 23 Jan 2023 07:13:04 GMT; 0s from local time.
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:15:48 2023 -- 1 IP address (1 host up) scanned in 173.32 seconds
Reference in New Issue View Git Blame Copy Permalink