221 lines
13 KiB
Plaintext
221 lines
13 KiB
Plaintext
# Nmap 7.93 scan initiated Sun Feb 19 22:35:24 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/bagel/results/bagel.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/bagel/results/bagel.htb/scans/xml/_full_tcp_nmap.xml bagel.htb
|
|
Increasing send delay for 10.129.132.58 from 0 to 5 due to 584 out of 1459 dropped probes since last increase.
|
|
Increasing send delay for 10.129.132.58 from 5 to 10 due to 11 out of 21 dropped probes since last increase.
|
|
adjust_timeouts2: packet supposedly had rtt of -138516 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -138516 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -107250 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -107250 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -132207 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -132207 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -130059 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -130059 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -138986 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -138986 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -138941 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -138941 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -154613 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -154613 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -206524 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -206524 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -467997 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -467997 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -482893 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -482893 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -426312 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -426312 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -451382 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -451382 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -121961 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -121961 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -1082462 microseconds. Ignoring time.
|
|
adjust_timeouts2: packet supposedly had rtt of -1082462 microseconds. Ignoring time.
|
|
Nmap scan report for bagel.htb (10.129.132.58)
|
|
Host is up, received user-set (0.12s latency).
|
|
Scanned at 2023-02-19 22:35:25 CET for 1000s
|
|
Not shown: 65532 closed tcp ports (reset)
|
|
PORT STATE SERVICE REASON VERSION
|
|
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.8 (protocol 2.0)
|
|
| ssh-hostkey:
|
|
| 256 6e4e1341f2fed9e0f7275bededcc68c2 (ECDSA)
|
|
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEwHzrBpcTXWKbxBWhc6yfWMiWfWjPmUJv2QqB/c2tJDuGt/97OvgzC+Zs31X/IW2WM6P0rtrKemiz3C5mUE67k=
|
|
| 256 80a7cd10e72fdb958b869b1b20652a98 (ED25519)
|
|
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnQ9frzL5hKjBf6oUklfUhQCMFuM0EtdYJOIxUiDuFl
|
|
5000/tcp open upnp? syn-ack ttl 63
|
|
| fingerprint-strings:
|
|
| GetRequest:
|
|
| HTTP/1.1 400 Bad Request
|
|
| Server: Microsoft-NetCore/2.0
|
|
| Date: Sun, 19 Feb 2023 21:47:15 GMT
|
|
| Connection: close
|
|
| HTTPOptions:
|
|
| HTTP/1.1 400 Bad Request
|
|
| Server: Microsoft-NetCore/2.0
|
|
| Date: Sun, 19 Feb 2023 21:47:31 GMT
|
|
| Connection: close
|
|
| Hello:
|
|
| HTTP/1.1 400 Bad Request
|
|
| Content-Type: text/html
|
|
| Server: Microsoft-NetCore/2.0
|
|
| Date: Sun, 19 Feb 2023 21:47:41 GMT
|
|
| Content-Length: 52
|
|
| Connection: close
|
|
| Keep-Alive: true
|
|
| <h1>Bad Request (Invalid request line (parts).)</h1>
|
|
| Help, SSLSessionReq, TerminalServerCookie:
|
|
| HTTP/1.1 400 Bad Request
|
|
| Content-Type: text/html
|
|
| Server: Microsoft-NetCore/2.0
|
|
| Date: Sun, 19 Feb 2023 21:47:42 GMT
|
|
| Content-Length: 52
|
|
| Connection: close
|
|
| Keep-Alive: true
|
|
| <h1>Bad Request (Invalid request line (parts).)</h1>
|
|
| RTSPRequest:
|
|
| HTTP/1.1 400 Bad Request
|
|
| Content-Type: text/html
|
|
| Server: Microsoft-NetCore/2.0
|
|
| Date: Sun, 19 Feb 2023 21:47:15 GMT
|
|
| Content-Length: 54
|
|
| Connection: close
|
|
| Keep-Alive: true
|
|
|_ <h1>Bad Request (Invalid request line (version).)</h1>
|
|
8000/tcp open http-alt syn-ack ttl 63 Werkzeug/2.2.2 Python/3.10.9
|
|
| fingerprint-strings:
|
|
| FourOhFourRequest:
|
|
| HTTP/1.1 404 NOT FOUND
|
|
| Server: Werkzeug/2.2.2 Python/3.10.9
|
|
| Date: Sun, 19 Feb 2023 21:47:16 GMT
|
|
| Content-Type: text/html; charset=utf-8
|
|
| Content-Length: 207
|
|
| Connection: close
|
|
| <!doctype html>
|
|
| <html lang=en>
|
|
| <title>404 Not Found</title>
|
|
| <h1>Not Found</h1>
|
|
| <p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
|
|
| GetRequest:
|
|
| HTTP/1.1 302 FOUND
|
|
| Server: Werkzeug/2.2.2 Python/3.10.9
|
|
| Date: Sun, 19 Feb 2023 21:47:10 GMT
|
|
| Content-Type: text/html; charset=utf-8
|
|
| Content-Length: 263
|
|
| Location: http://bagel.htb:8000/?page=index.html
|
|
| Connection: close
|
|
| <!doctype html>
|
|
| <html lang=en>
|
|
| <title>Redirecting...</title>
|
|
| <h1>Redirecting...</h1>
|
|
| <p>You should be redirected automatically to the target URL: <a href="http://bagel.htb:8000/?page=index.html">http://bagel.htb:8000/?page=index.html</a>. If not, click the link.
|
|
| Socks5:
|
|
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
|
|
| "http://www.w3.org/TR/html4/strict.dtd">
|
|
| <html>
|
|
| <head>
|
|
| <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
|
|
| <title>Error response</title>
|
|
| </head>
|
|
| <body>
|
|
| <h1>Error response</h1>
|
|
| <p>Error code: 400</p>
|
|
| <p>Message: Bad request syntax ('
|
|
| ').</p>
|
|
| <p>Error code explanation: HTTPStatus.BAD_REQUEST - Bad request syntax or unsupported method.</p>
|
|
| </body>
|
|
|_ </html>
|
|
| http-methods:
|
|
|_ Supported Methods: OPTIONS HEAD GET
|
|
| http-title: Bagel — Free Website Template, Free HTML5 Template by fr...
|
|
|_Requested resource was http://bagel.htb:8000/?page=index.html
|
|
|_http-server-header: Werkzeug/2.2.2 Python/3.10.9
|
|
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
|
|
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
|
|
SF-Port5000-TCP:V=7.93%I=9%D=2/19%Time=63F298E6%P=x86_64-pc-linux-gnu%r(Ge
|
|
SF:tRequest,73,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x20Microsoft
|
|
SF:-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:47:15\x20GMT\
|
|
SF:r\nConnection:\x20close\r\n\r\n")%r(RTSPRequest,E8,"HTTP/1\.1\x20400\x2
|
|
SF:0Bad\x20Request\r\nContent-Type:\x20text/html\r\nServer:\x20Microsoft-N
|
|
SF:etCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:47:15\x20GMT\r\
|
|
SF:nContent-Length:\x2054\r\nConnection:\x20close\r\nKeep-Alive:\x20true\r
|
|
SF:\n\r\n<h1>Bad\x20Request\x20\(Invalid\x20request\x20line\x20\(version\)
|
|
SF:\.\)</h1>")%r(HTTPOptions,73,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nSer
|
|
SF:ver:\x20Microsoft-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2
|
|
SF:021:47:31\x20GMT\r\nConnection:\x20close\r\n\r\n")%r(Hello,E6,"HTTP/1\.
|
|
SF:1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nServer:\x20
|
|
SF:Microsoft-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:47:4
|
|
SF:1\x20GMT\r\nContent-Length:\x2052\r\nConnection:\x20close\r\nKeep-Alive
|
|
SF::\x20true\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x20request\x20line\x20
|
|
SF:\(parts\)\.\)</h1>")%r(Help,E6,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nC
|
|
SF:ontent-Type:\x20text/html\r\nServer:\x20Microsoft-NetCore/2\.0\r\nDate:
|
|
SF:\x20Sun,\x2019\x20Feb\x202023\x2021:47:42\x20GMT\r\nContent-Length:\x20
|
|
SF:52\r\nConnection:\x20close\r\nKeep-Alive:\x20true\r\n\r\n<h1>Bad\x20Req
|
|
SF:uest\x20\(Invalid\x20request\x20line\x20\(parts\)\.\)</h1>")%r(SSLSessi
|
|
SF:onReq,E6,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/h
|
|
SF:tml\r\nServer:\x20Microsoft-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\
|
|
SF:x202023\x2021:47:42\x20GMT\r\nContent-Length:\x2052\r\nConnection:\x20c
|
|
SF:lose\r\nKeep-Alive:\x20true\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x20r
|
|
SF:equest\x20line\x20\(parts\)\.\)</h1>")%r(TerminalServerCookie,E6,"HTTP/
|
|
SF:1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nServer:\
|
|
SF:x20Microsoft-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:4
|
|
SF:7:42\x20GMT\r\nContent-Length:\x2052\r\nConnection:\x20close\r\nKeep-Al
|
|
SF:ive:\x20true\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x20request\x20line\
|
|
SF:x20\(parts\)\.\)</h1>");
|
|
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
|
|
SF-Port8000-TCP:V=7.93%I=9%D=2/19%Time=63F298E1%P=x86_64-pc-linux-gnu%r(Ge
|
|
SF:tRequest,1EA,"HTTP/1\.1\x20302\x20FOUND\r\nServer:\x20Werkzeug/2\.2\.2\
|
|
SF:x20Python/3\.10\.9\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:47:10\x2
|
|
SF:0GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:
|
|
SF:\x20263\r\nLocation:\x20http://bagel\.htb:8000/\?page=index\.html\r\nCo
|
|
SF:nnection:\x20close\r\n\r\n<!doctype\x20html>\n<html\x20lang=en>\n<title
|
|
SF:>Redirecting\.\.\.</title>\n<h1>Redirecting\.\.\.</h1>\n<p>You\x20shoul
|
|
SF:d\x20be\x20redirected\x20automatically\x20to\x20the\x20target\x20URL:\x
|
|
SF:20<a\x20href=\"http://bagel\.htb:8000/\?page=index\.html\">http://bagel
|
|
SF:\.htb:8000/\?page=index\.html</a>\.\x20If\x20not,\x20click\x20the\x20li
|
|
SF:nk\.\n")%r(FourOhFourRequest,184,"HTTP/1\.1\x20404\x20NOT\x20FOUND\r\nS
|
|
SF:erver:\x20Werkzeug/2\.2\.2\x20Python/3\.10\.9\r\nDate:\x20Sun,\x2019\x2
|
|
SF:0Feb\x202023\x2021:47:16\x20GMT\r\nContent-Type:\x20text/html;\x20chars
|
|
SF:et=utf-8\r\nContent-Length:\x20207\r\nConnection:\x20close\r\n\r\n<!doc
|
|
SF:type\x20html>\n<html\x20lang=en>\n<title>404\x20Not\x20Found</title>\n<
|
|
SF:h1>Not\x20Found</h1>\n<p>The\x20requested\x20URL\x20was\x20not\x20found
|
|
SF:\x20on\x20the\x20server\.\x20If\x20you\x20entered\x20the\x20URL\x20manu
|
|
SF:ally\x20please\x20check\x20your\x20spelling\x20and\x20try\x20again\.</p
|
|
SF:>\n")%r(Socks5,213,"<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTM
|
|
SF:L\x204\.01//EN\"\n\x20\x20\x20\x20\x20\x20\x20\x20\"http://www\.w3\.org
|
|
SF:/TR/html4/strict\.dtd\">\n<html>\n\x20\x20\x20\x20<head>\n\x20\x20\x20\
|
|
SF:x20\x20\x20\x20\x20<meta\x20http-equiv=\"Content-Type\"\x20content=\"te
|
|
SF:xt/html;charset=utf-8\">\n\x20\x20\x20\x20\x20\x20\x20\x20<title>Error\
|
|
SF:x20response</title>\n\x20\x20\x20\x20</head>\n\x20\x20\x20\x20<body>\n\
|
|
SF:x20\x20\x20\x20\x20\x20\x20\x20<h1>Error\x20response</h1>\n\x20\x20\x20
|
|
SF:\x20\x20\x20\x20\x20<p>Error\x20code:\x20400</p>\n\x20\x20\x20\x20\x20\
|
|
SF:x20\x20\x20<p>Message:\x20Bad\x20request\x20syntax\x20\('\\x05\\x04\\x0
|
|
SF:0\\x01\\x02\\x80\\x05\\x01\\x00\\x03'\)\.</p>\n\x20\x20\x20\x20\x20\x20
|
|
SF:\x20\x20<p>Error\x20code\x20explanation:\x20HTTPStatus\.BAD_REQUEST\x20
|
|
SF:-\x20Bad\x20request\x20syntax\x20or\x20unsupported\x20method\.</p>\n\x2
|
|
SF:0\x20\x20\x20</body>\n</html>\n");
|
|
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.3 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 5.0 (93%)
|
|
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
|
|
TCP/IP fingerprint:
|
|
OS:SCAN(V=7.93%E=4%D=2/19%OT=22%CT=1%CU=41239%PV=Y%DS=2%DC=T%G=Y%TM=63F29A0
|
|
OS:5%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)SEQ
|
|
OS:(SP=105%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)OPS(O1=M54EST11NW7%O2=M54EST11NW7%O
|
|
OS:3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)WIN(W1=FE88%W2=
|
|
OS:FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M54ENNSN
|
|
OS:W7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%D
|
|
OS:F=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O
|
|
OS:=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W
|
|
OS:=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%R
|
|
OS:IPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
|
|
|
|
Uptime guess: 23.826 days (since Fri Jan 27 03:01:58 2023)
|
|
Network Distance: 2 hops
|
|
TCP Sequence Prediction: Difficulty=260 (Good luck!)
|
|
IP ID Sequence Generation: All zeros
|
|
|
|
TRACEROUTE (using port 587/tcp)
|
|
HOP RTT ADDRESS
|
|
1 115.15 ms 10.10.16.1
|
|
2 115.37 ms bagel.htb (10.129.132.58)
|
|
|
|
Read data files from: /usr/bin/../share/nmap
|
|
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
|
|
# Nmap done at Sun Feb 19 22:52:05 2023 -- 1 IP address (1 host up) scanned in 1001.59 seconds
|