simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
HTB/awkward/results/hat-valley.htb/report/local.txt Normal file
View File

16
HTB/awkward/results/hat-valley.htb/report/notes.txt Normal file
View File

@@ -0,0 +1,16 @@
[*] ssh found on tcp/22.
[*] http found on tcp/80.
[*] ssh found on tcp/22.
[*] http found on tcp/80.

0
HTB/awkward/results/hat-valley.htb/report/proof.txt Normal file
View File

55
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Commands.md Normal file
View File

@@ -0,0 +1,55 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" hat-valley.htb
feroxbuster -u http://hat-valley.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://hat-valley.htb:80/.well-known/security.txt
curl -sSikf http://hat-valley.htb:80/robots.txt
curl -sSik http://hat-valley.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" hat-valley.htb
curl -sk -o /dev/null -H "Host: EGBPgNKZlNXXTPPMQaVH.hat-valley.htb" http://hat-valley.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://hat-valley.htb:80 2>&1
wkhtmltoimage --format png http://hat-valley.htb:80/ /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://hat-valley.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.hat-valley.htb" -fs 132 -noninteractive -s | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" hat-valley.htb
feroxbuster -u http://hat-valley.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://hat-valley.htb:80/.well-known/security.txt
curl -sSikf http://hat-valley.htb:80/robots.txt
curl -sSik http://hat-valley.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" hat-valley.htb
curl -sk -o /dev/null -H "Host: huCKKYPfSgpWqvlEZXkR.hat-valley.htb" http://hat-valley.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://hat-valley.htb:80 2>&1
wkhtmltoimage --format png http://hat-valley.htb:80/ /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://hat-valley.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.hat-valley.htb" -fs 132 -noninteractive -s | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt"
```

67
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Manual Commands.md Normal file
View File

@@ -0,0 +1,67 @@
```bash
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://hat-valley.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h hat-valley.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://hat-valley.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://hat-valley.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h hat-valley.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://hat-valley.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h hat-valley.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://hat-valley.htb:80 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://hat-valley.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://hat-valley.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h hat-valley.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://hat-valley.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://hat-valley.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h hat-valley.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://hat-valley.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h hat-valley.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://hat-valley.htb:80 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://hat-valley.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_wpscan.txt"
```

8
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Patterns.md Normal file
View File

@@ -0,0 +1,8 @@
Matched Pattern: Powered-By: Express
Identified HTTP Server: nginx/1.18.0 (Ubuntu)
Matched Pattern: Powered-By: Express
Identified HTTP Server: nginx/1.18.0 (Ubuntu)

70
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Port Scans/PortScan - All TCP Ports.md Normal file
View File

@@ -0,0 +1,70 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml" hat-valley.htb
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml hat-valley.htb
adjust_timeouts2: packet supposedly had rtt of -426957 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -426957 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -432244 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -432244 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -434168 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -434168 microseconds. Ignoring time.
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.032s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:44:44 CET for 56s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-title: Hat Valley
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-favicon: Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (93%), Linux 5.3 - 5.4 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 2.6.32 (92%), Linux 5.0 - 5.3 (92%), Linux 3.1 (91%), Linux 3.2 (91%), Linux 5.0 (90%), Crestron XPanel control system (90%), Linux 5.0 - 5.4 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2D494%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)
SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=N)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 45.425 days (since Sat Dec 24 13:34:05 2022)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 3389/tcp)
HOP RTT ADDRESS
1 29.03 ms 10.10.16.1
2 52.62 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:45:40 2023 -- 1 IP address (1 host up) scanned in 56.65 seconds
```

53
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Port Scans/PortScan - Top 100 UDP Ports.md Normal file
View File

@@ -0,0 +1,53 @@
```bash
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml" hat-valley.htb
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml hat-valley.htb
Warning: 10.10.11.185 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.185 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.185 from 200 to 400 due to 11 out of 13 dropped probes since last increase.
Increasing send delay for 10.10.11.185 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.040s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:44:44 CET for 244s
Not shown: 87 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
17/udp open|filtered qotd no-response
19/udp open|filtered chargen no-response
68/udp open|filtered dhcpc no-response
136/udp open|filtered profile no-response
137/udp open|filtered netbios-ns no-response
999/udp open|filtered applix no-response
5000/udp open|filtered upnp no-response
5060/udp open|filtered sip no-response
5353/udp open|filtered zeroconf no-response
20031/udp open|filtered bakbonenetvault no-response
33281/udp open|filtered unknown no-response
49152/udp open|filtered unknown no-response
49186/udp open|filtered unknown no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E2D550%P=x86_64-pc-linux-gnu)
SEQ(CI=Z%II=I)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 518/udp)
HOP RTT ADDRESS
1 32.44 ms 10.10.16.1
2 32.45 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:48:48 2023 -- 1 IP address (1 host up) scanned in 245.28 seconds
```

73
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Port Scans/PortScan - Top TCP Ports.md Normal file
View File

@@ -0,0 +1,73 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml" hat-valley.htb
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml hat-valley.htb
adjust_timeouts2: packet supposedly had rtt of -447742 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -447742 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -560595 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -560595 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -190646 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -190646 microseconds. Ignoring time.
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.043s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:44:44 CET for 28s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-title: Hat Valley
|_http-favicon: Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554
|_http-server-header: nginx/1.18.0 (Ubuntu)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 4.15 - 5.6 (92%), Linux 5.3 - 5.4 (91%), Linux 2.6.32 (91%), Linux 5.0 - 5.3 (91%), Linux 3.1 (89%), Linux 3.2 (89%), Linux 5.0 (89%), Linux 5.0 - 5.4 (89%), Crestron XPanel control system (88%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2D478%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10A%TI=Z%TS=A)
SEQ(SP=106%GCD=1%ISR=10A%TI=Z%CI=Z%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=N)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=N)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
T6(R=N)
T6(R=Y%DF=Y%TG=40%W=0%S=O%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 45.424 days (since Sat Dec 24 13:34:05 2022)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 8888/tcp)
HOP RTT ADDRESS
1 40.62 ms 10.10.16.1
2 40.69 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:45:12 2023 -- 1 IP address (1 host up) scanned in 29.31 seconds
```

70
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Services/Service - tcp-22-ssh/Nmap SSH.md Normal file
View File

@@ -0,0 +1,70 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" hat-valley.htb
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 23:45:13 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml hat-valley.htb
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.041s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:45:13 CET for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
|_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| sntrup761x25519-sha512@openssh.com
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (4)
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:45:15 2023 -- 1 IP address (1 host up) scanned in 2.35 seconds
```

73
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Services/Service - tcp-80-http/Curl Robots.md Normal file
View File

@@ -0,0 +1,73 @@
```bash
curl -sSikf http://hat-valley.htb:80/robots.txt
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_curl-robots.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_curl-robots.txt):
```
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:45:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2881
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
<!DOCTYPE html>
<html lang="">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel = "stylesheet" href = "/css/main.css">
<link rel="stylesheet" href="/css/bootstrap.min.css">
<!-- style css -->
<link rel="stylesheet" href="/css/style.css">
<!-- Responsive-->
<link rel="stylesheet" href="/css/responsive.css">
<!-- fevicon -->
<link rel="icon" href="/static/blue.png" type="image/png" />
<!-- Scrollbar Custom CSS -->
<link rel="stylesheet" href="/css/jquery.mCustomScrollbar.min.css">
<!-- Tweaks for older IEs-->
<link rel="stylesheet" href="/css/font-awesome.css">
<link rel="stylesheet" href="/css/jquery.fancybox.min.css" media="screen">
<link rel="stylesheet" href="/static/vendors/mdi/css/materialdesignicons.min.css">
<link rel="stylesheet" href="/static/vendors/feather/feather.css">
<link rel="stylesheet" href="/static/vendors/base/vendor.bundle.base.css">
<link rel="stylesheet" href="/static/vendors/flag-icon-css/css/flag-icon.min.css">
<link rel="stylesheet" href="/static/vendors/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars-o.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars.css">
<link rel="stylesheet" href="/static/css/style.css">
<title>Hat Valley</title>
<link href="/js/app.js" rel="preload" as="script"><link href="/js/chunk-vendors.js" rel="preload" as="script"></head>
<body>
<noscript>
<strong>We're sorry but hat-valley doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
</noscript>
<div id="app"></div>
<!-- built files will be auto injected -->
<script src="/js/jquery.min.js"></script>
<script src="/js/popper.min.js"></script>
<script src="/js/bootstrap.bundle.min.js"></script>
<script src="/js/jquery-3.0.0.min.js"></script>
<script src="/js/plugin.js"></script>
<!-- sidebar -->
<script src="/js/jquery.mCustomScrollbar.concat.min.js"></script>
<script src="/js/custom.js"></script>
<script src="/js/jquery.fancybox.min.js"></script>
<script src="/static/vendors/base/vendor.bundle.base.js"></script>
<script src="/static/js/off-canvas.js"></script>
<script src="/static/js/hoverable-collapse.js"></script>
<script src="/static/js/template.js"></script>
<script src="/static/vendors/chart.js/Chart.min.js"></script>
<script src="/static/vendors/jquery-bar-rating/jquery.barrating.min.js"></script>
<script src="/static/js/dashboard.js"></script>
<script type="text/javascript" src="/js/chunk-vendors.js"></script><script type="text/javascript" src="/js/app.js"></script></body>
</html>
```

74
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Services/Service - tcp-80-http/Curl.md Normal file
View File

@@ -0,0 +1,74 @@
```bash
curl -sSik http://hat-valley.htb:80/
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_curl.html](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_curl.html):
```
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:45:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2881
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
<!DOCTYPE html>
<html lang="">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel = "stylesheet" href = "/css/main.css">
<link rel="stylesheet" href="/css/bootstrap.min.css">
<!-- style css -->
<link rel="stylesheet" href="/css/style.css">
<!-- Responsive-->
<link rel="stylesheet" href="/css/responsive.css">
<!-- fevicon -->
<link rel="icon" href="/static/blue.png" type="image/png" />
<!-- Scrollbar Custom CSS -->
<link rel="stylesheet" href="/css/jquery.mCustomScrollbar.min.css">
<!-- Tweaks for older IEs-->
<link rel="stylesheet" href="/css/font-awesome.css">
<link rel="stylesheet" href="/css/jquery.fancybox.min.css" media="screen">
<link rel="stylesheet" href="/static/vendors/mdi/css/materialdesignicons.min.css">
<link rel="stylesheet" href="/static/vendors/feather/feather.css">
<link rel="stylesheet" href="/static/vendors/base/vendor.bundle.base.css">
<link rel="stylesheet" href="/static/vendors/flag-icon-css/css/flag-icon.min.css">
<link rel="stylesheet" href="/static/vendors/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars-o.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars.css">
<link rel="stylesheet" href="/static/css/style.css">
<title>Hat Valley</title>
<link href="/js/app.js" rel="preload" as="script"><link href="/js/chunk-vendors.js" rel="preload" as="script"></head>
<body>
<noscript>
<strong>We're sorry but hat-valley doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
</noscript>
<div id="app"></div>
<!-- built files will be auto injected -->
<script src="/js/jquery.min.js"></script>
<script src="/js/popper.min.js"></script>
<script src="/js/bootstrap.bundle.min.js"></script>
<script src="/js/jquery-3.0.0.min.js"></script>
<script src="/js/plugin.js"></script>
<!-- sidebar -->
<script src="/js/jquery.mCustomScrollbar.concat.min.js"></script>
<script src="/js/custom.js"></script>
<script src="/js/jquery.fancybox.min.js"></script>
<script src="/static/vendors/base/vendor.bundle.base.js"></script>
<script src="/static/js/off-canvas.js"></script>
<script src="/static/js/hoverable-collapse.js"></script>
<script src="/static/js/template.js"></script>
<script src="/static/vendors/chart.js/Chart.min.js"></script>
<script src="/static/vendors/jquery-bar-rating/jquery.barrating.min.js"></script>
<script src="/static/js/dashboard.js"></script>
<script type="text/javascript" src="/js/chunk-vendors.js"></script><script type="text/javascript" src="/js/app.js"></script></body>
</html>
```

19
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Services/Service - tcp-80-http/Directory Buster.md Normal file
View File

@@ -0,0 +1,19 @@
```bash
feroxbuster -u http://hat-valley.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt):
```
WLD GET 54l 163w 2881c Got 200 for http://hat-valley.htb/d24d1944513e4b5d8b7f4f60bcb0210e (url length: 32)
301 GET 10l 16w 173c http://hat-valley.htb/css => http://hat-valley.htb/css/
200 GET 1l 35w 4286c http://hat-valley.htb/favicon.ico
301 GET 10l 16w 171c http://hat-valley.htb/js => http://hat-valley.htb/js/
301 GET 10l 16w 179c http://hat-valley.htb/static => http://hat-valley.htb/static/
WLD GET 54l 163w 2881c Got 200 for http://hat-valley.htb/dda138e55e784b60b2e4c4dcc7ee80f5 (url length: 32)
301 GET 10l 16w 173c http://hat-valley.htb/css => http://hat-valley.htb/css/
200 GET 1l 35w 4286c http://hat-valley.htb/favicon.ico
301 GET 10l 16w 171c http://hat-valley.htb/js => http://hat-valley.htb/js/
301 GET 10l 16w 179c http://hat-valley.htb/static => http://hat-valley.htb/static/
```

73
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Services/Service - tcp-80-http/Known Security.md Normal file
View File

@@ -0,0 +1,73 @@
```bash
curl -sSikf http://hat-valley.htb:80/.well-known/security.txt
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_known-security.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_known-security.txt):
```
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:45:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2881
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
<!DOCTYPE html>
<html lang="">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel = "stylesheet" href = "/css/main.css">
<link rel="stylesheet" href="/css/bootstrap.min.css">
<!-- style css -->
<link rel="stylesheet" href="/css/style.css">
<!-- Responsive-->
<link rel="stylesheet" href="/css/responsive.css">
<!-- fevicon -->
<link rel="icon" href="/static/blue.png" type="image/png" />
<!-- Scrollbar Custom CSS -->
<link rel="stylesheet" href="/css/jquery.mCustomScrollbar.min.css">
<!-- Tweaks for older IEs-->
<link rel="stylesheet" href="/css/font-awesome.css">
<link rel="stylesheet" href="/css/jquery.fancybox.min.css" media="screen">
<link rel="stylesheet" href="/static/vendors/mdi/css/materialdesignicons.min.css">
<link rel="stylesheet" href="/static/vendors/feather/feather.css">
<link rel="stylesheet" href="/static/vendors/base/vendor.bundle.base.css">
<link rel="stylesheet" href="/static/vendors/flag-icon-css/css/flag-icon.min.css">
<link rel="stylesheet" href="/static/vendors/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars-o.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars.css">
<link rel="stylesheet" href="/static/css/style.css">
<title>Hat Valley</title>
<link href="/js/app.js" rel="preload" as="script"><link href="/js/chunk-vendors.js" rel="preload" as="script"></head>
<body>
<noscript>
<strong>We're sorry but hat-valley doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
</noscript>
<div id="app"></div>
<!-- built files will be auto injected -->
<script src="/js/jquery.min.js"></script>
<script src="/js/popper.min.js"></script>
<script src="/js/bootstrap.bundle.min.js"></script>
<script src="/js/jquery-3.0.0.min.js"></script>
<script src="/js/plugin.js"></script>
<!-- sidebar -->
<script src="/js/jquery.mCustomScrollbar.concat.min.js"></script>
<script src="/js/custom.js"></script>
<script src="/js/jquery.fancybox.min.js"></script>
<script src="/static/vendors/base/vendor.bundle.base.js"></script>
<script src="/static/js/off-canvas.js"></script>
<script src="/static/js/hoverable-collapse.js"></script>
<script src="/static/js/template.js"></script>
<script src="/static/vendors/chart.js/Chart.min.js"></script>
<script src="/static/vendors/jquery-bar-rating/jquery.barrating.min.js"></script>
<script src="/static/js/dashboard.js"></script>
<script type="text/javascript" src="/js/chunk-vendors.js"></script><script type="text/javascript" src="/js/app.js"></script></body>
</html>
```

92
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Services/Service - tcp-80-http/Nmap HTTP.md Normal file
View File

@@ -0,0 +1,92 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" hat-valley.htb
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt):
```
# Nmap 7.93 scan initiated Tue Feb 7 23:45:13 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml hat-valley.htb
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.040s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:45:13 CET for 816s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-chrono: ERROR: Script execution failed (use -d to debug)
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-devframework: Express detected. Found Express in X-Powered-By Header
| http-sitemap-generator:
| Directory structure:
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_
|_http-date: Tue, 07 Feb 2023 22:45:20 GMT; 0s from local time.
|_http-feed: Couldn't find any feeds.
| http-enum:
| /css/: Potentially interesting folder
|_ /js/: Potentially interesting folder
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-comments-displayer: Couldn't find any comments.
|_http-errors: Couldn't find any error pages.
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-mobileversion-checker: No mobile version detected.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-title: Hat Valley
| http-php-version: Logo query returned unknown hash eec43f2e72fc1fa2be35d0ba190ea4fd
|_Credits query returned unknown hash eec43f2e72fc1fa2be35d0ba190ea4fd
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-malware-host: Host appears to be clean
|_http-favicon: Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-vhosts:
|_128 names had status 200
| http-headers:
| Server: nginx/1.18.0 (Ubuntu)
| Date: Tue, 07 Feb 2023 22:45:25 GMT
| Content-Type: text/html; charset=UTF-8
| Content-Length: 2881
| Connection: close
| X-Powered-By: Express
| Accept-Ranges: bytes
| ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
|
|_ (Request type: HEAD)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:58:49 2023 -- 1 IP address (1 host up) scanned in 816.11 seconds
```

12
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Services/Service - tcp-80-http/Virtual Host Enumeration.md Normal file
View File

@@ -0,0 +1,12 @@
```bash
curl -sk -o /dev/null -H "Host: huCKKYPfSgpWqvlEZXkR.hat-valley.htb" http://hat-valley.htb:80/ -w "%{size_download}"
``````bash
ffuf -u http://hat-valley.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.hat-valley.htb" -fs 132 -noninteractive -s | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt"
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt):
```
store
```

87
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Services/Service - tcp-80-http/whatweb.md Normal file
View File

@@ -0,0 +1,87 @@
```bash
whatweb --color=never --no-errors -a 3 -v http://hat-valley.htb:80 2>&1
```
[/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_whatweb.txt):
```
WhatWeb report for http://hat-valley.htb/
Status : 200 OK
Title : Hat Valley
IP : 10.10.11.185
Country : RESERVED, ZZ
Summary : Bootstrap[4.1.0], HTML5, HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], JQuery[3.0.0], nginx[1.18.0], Script[text/javascript], X-Powered-By[Express], X-UA-Compatible[IE=edge]
Detected Plugins:
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Version : 4.1.0
Version : 4.1.0
Version : 4.1.0
Version : 4.1.0
Version : 4.1.0
Version : 4.1.0
Website : https://getbootstrap.com/
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : nginx/1.18.0 (Ubuntu) (from server string)
[ JQuery ]
A fast, concise, JavaScript that simplifies how to traverse
HTML documents, handle events, perform animations, and add
AJAX.
Version : 3.0.0
Website : http://jquery.com/
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
String : text/javascript
[ X-Powered-By ]
X-Powered-By HTTP header
String : Express (from x-powered-by string)
[ X-UA-Compatible ]
This plugin retrieves the X-UA-Compatible value from the
HTTP header and meta http-equiv tag. - More Info:
http://msdn.microsoft.com/en-us/library/cc817574.aspx
String : IE=edge
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.18.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:45:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: Express
ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
Content-Encoding: gzip
```

3
HTB/awkward/results/hat-valley.htb/report/report.md/hat-valley.htb/Services/Service - tcp-80-http/wkhtmltoimage.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
wkhtmltoimage --format png http://hat-valley.htb:80/ /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png
```

52
HTB/awkward/results/hat-valley.htb/scans/_commands.log Normal file
View File

@@ -0,0 +1,52 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" hat-valley.htb
feroxbuster -u http://hat-valley.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://hat-valley.htb:80/.well-known/security.txt
curl -sSikf http://hat-valley.htb:80/robots.txt
curl -sSik http://hat-valley.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" hat-valley.htb
curl -sk -o /dev/null -H "Host: EGBPgNKZlNXXTPPMQaVH.hat-valley.htb" http://hat-valley.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://hat-valley.htb:80 2>&1
wkhtmltoimage --format png http://hat-valley.htb:80/ /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://hat-valley.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.hat-valley.htb" -fs 132 -noninteractive -s | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt"
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml" hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" hat-valley.htb
feroxbuster -u http://hat-valley.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://hat-valley.htb:80/.well-known/security.txt
curl -sSikf http://hat-valley.htb:80/robots.txt
curl -sSik http://hat-valley.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" hat-valley.htb
curl -sk -o /dev/null -H "Host: huCKKYPfSgpWqvlEZXkR.hat-valley.htb" http://hat-valley.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://hat-valley.htb:80 2>&1
wkhtmltoimage --format png http://hat-valley.htb:80/ /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://hat-valley.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.hat-valley.htb" -fs 132 -noninteractive -s | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt"

61
HTB/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,61 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml hat-valley.htb
adjust_timeouts2: packet supposedly had rtt of -426957 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -426957 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -432244 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -432244 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -434168 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -434168 microseconds. Ignoring time.
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.032s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:44:44 CET for 56s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-title: Hat Valley
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-favicon: Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (93%), Linux 5.3 - 5.4 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 2.6.32 (92%), Linux 5.0 - 5.3 (92%), Linux 3.1 (91%), Linux 3.2 (91%), Linux 5.0 (90%), Crestron XPanel control system (90%), Linux 5.0 - 5.4 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2D494%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)
SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=N)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 45.425 days (since Sat Dec 24 13:34:05 2022)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 3389/tcp)
HOP RTT ADDRESS
1 29.03 ms 10.10.16.1
2 52.62 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:45:40 2023 -- 1 IP address (1 host up) scanned in 56.65 seconds

64
HTB/awkward/results/hat-valley.htb/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,64 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://hat-valley.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h hat-valley.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://hat-valley.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://hat-valley.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h hat-valley.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://hat-valley.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h hat-valley.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://hat-valley.htb:80 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://hat-valley.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://hat-valley.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h hat-valley.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://hat-valley.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://hat-valley.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h hat-valley.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://hat-valley.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h hat-valley.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://hat-valley.htb:80 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://hat-valley.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_wpscan.txt"

8
HTB/awkward/results/hat-valley.htb/scans/_patterns.log Normal file
View File

@@ -0,0 +1,8 @@
Matched Pattern: Powered-By: Express
Identified HTTP Server: nginx/1.18.0 (Ubuntu)
Matched Pattern: Powered-By: Express
Identified HTTP Server: nginx/1.18.0 (Ubuntu)

64
HTB/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,64 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml hat-valley.htb
adjust_timeouts2: packet supposedly had rtt of -447742 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -447742 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -560595 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -560595 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -190646 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -190646 microseconds. Ignoring time.
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.043s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:44:44 CET for 28s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-title: Hat Valley
|_http-favicon: Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554
|_http-server-header: nginx/1.18.0 (Ubuntu)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 4.15 - 5.6 (92%), Linux 5.3 - 5.4 (91%), Linux 2.6.32 (91%), Linux 5.0 - 5.3 (91%), Linux 3.1 (89%), Linux 3.2 (89%), Linux 5.0 (89%), Linux 5.0 - 5.4 (89%), Crestron XPanel control system (88%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2D478%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10A%TI=Z%TS=A)
SEQ(SP=106%GCD=1%ISR=10A%TI=Z%CI=Z%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=N)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=N)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
T6(R=N)
T6(R=Y%DF=Y%TG=40%W=0%S=O%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 45.424 days (since Sat Dec 24 13:34:05 2022)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 8888/tcp)
HOP RTT ADDRESS
1 40.62 ms 10.10.16.1
2 40.69 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:45:12 2023 -- 1 IP address (1 host up) scanned in 29.31 seconds

44
HTB/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt Normal file
View File

@@ -0,0 +1,44 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml hat-valley.htb
Warning: 10.10.11.185 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.185 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.185 from 200 to 400 due to 11 out of 13 dropped probes since last increase.
Increasing send delay for 10.10.11.185 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.040s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:44:44 CET for 244s
Not shown: 87 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
17/udp open|filtered qotd no-response
19/udp open|filtered chargen no-response
68/udp open|filtered dhcpc no-response
136/udp open|filtered profile no-response
137/udp open|filtered netbios-ns no-response
999/udp open|filtered applix no-response
5000/udp open|filtered upnp no-response
5060/udp open|filtered sip no-response
5353/udp open|filtered zeroconf no-response
20031/udp open|filtered bakbonenetvault no-response
33281/udp open|filtered unknown no-response
49152/udp open|filtered unknown no-response
49186/udp open|filtered unknown no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/7%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E2D550%P=x86_64-pc-linux-gnu)
SEQ(CI=Z%II=I)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 518/udp)
HOP RTT ADDRESS
1 32.44 ms 10.10.16.1
2 32.45 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:48:48 2023 -- 1 IP address (1 host up) scanned in 245.28 seconds

61
HTB/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,61 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:45:13 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml hat-valley.htb
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.041s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:45:13 CET for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
|_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| sntrup761x25519-sha512@openssh.com
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (4)
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:45:15 2023 -- 1 IP address (1 host up) scanned in 2.35 seconds

95
HTB/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,95 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:45:13 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml hat-valley.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml hat-valley.htb" start="1675809913" startstr="Tue Feb 7 23:45:13 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675809913"/>
<taskend task="NSE" time="1675809913"/>
<taskbegin task="NSE" time="1675809913"/>
<taskend task="NSE" time="1675809913"/>
<taskbegin task="SYN Stealth Scan" time="1675809913"/>
<taskend task="SYN Stealth Scan" time="1675809913" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675809913"/>
<taskend task="Service scan" time="1675809913" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675809913"/>
<taskend task="NSE" time="1675809915"/>
<taskbegin task="NSE" time="1675809915"/>
<taskend task="NSE" time="1675809915"/>
<host starttime="1675809913" endtime="1675809915"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="hat-valley.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=&#xa; 256 59365bba3c7821e326b37d23605aec38 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy"><table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=</elem>
<elem key="bits">256</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="fingerprint">7254afbaf6e2835941b7cd611c2f418b</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy</elem>
<elem key="bits">256</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="fingerprint">59365bba3c7821e326b37d23605aec38</elem>
</table>
</script><script id="banner" output="SSH-2.0-OpenSSH_8.9p1 Ubuntu-3"/><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (10)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; sntrup761x25519-sha512@openssh.com&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (4)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>sntrup761x25519-sha512@openssh.com</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script></port>
</ports>
<times srtt="40995" rttvar="40995" to="204975"/>
</host>
<taskbegin task="NSE" time="1675809915"/>
<taskend task="NSE" time="1675809915"/>
<taskbegin task="NSE" time="1675809915"/>
<taskend task="NSE" time="1675809915"/>
<runstats><finished time="1675809915" timestr="Tue Feb 7 23:45:15 2023" summary="Nmap done at Tue Feb 7 23:45:15 2023; 1 IP address (1 host up) scanned in 2.35 seconds" elapsed="2.35" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

64
HTB/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_curl-robots.txt Normal file
View File

@@ -0,0 +1,64 @@
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:45:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2881
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
<!DOCTYPE html>
<html lang="">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel = "stylesheet" href = "/css/main.css">
<link rel="stylesheet" href="/css/bootstrap.min.css">
<!-- style css -->
<link rel="stylesheet" href="/css/style.css">
<!-- Responsive-->
<link rel="stylesheet" href="/css/responsive.css">
<!-- fevicon -->
<link rel="icon" href="/static/blue.png" type="image/png" />
<!-- Scrollbar Custom CSS -->
<link rel="stylesheet" href="/css/jquery.mCustomScrollbar.min.css">
<!-- Tweaks for older IEs-->
<link rel="stylesheet" href="/css/font-awesome.css">
<link rel="stylesheet" href="/css/jquery.fancybox.min.css" media="screen">
<link rel="stylesheet" href="/static/vendors/mdi/css/materialdesignicons.min.css">
<link rel="stylesheet" href="/static/vendors/feather/feather.css">
<link rel="stylesheet" href="/static/vendors/base/vendor.bundle.base.css">
<link rel="stylesheet" href="/static/vendors/flag-icon-css/css/flag-icon.min.css">
<link rel="stylesheet" href="/static/vendors/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars-o.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars.css">
<link rel="stylesheet" href="/static/css/style.css">
<title>Hat Valley</title>
<link href="/js/app.js" rel="preload" as="script"><link href="/js/chunk-vendors.js" rel="preload" as="script"></head>
<body>
<noscript>
<strong>We're sorry but hat-valley doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
</noscript>
<div id="app"></div>
<!-- built files will be auto injected -->
<script src="/js/jquery.min.js"></script>
<script src="/js/popper.min.js"></script>
<script src="/js/bootstrap.bundle.min.js"></script>
<script src="/js/jquery-3.0.0.min.js"></script>
<script src="/js/plugin.js"></script>
<!-- sidebar -->
<script src="/js/jquery.mCustomScrollbar.concat.min.js"></script>
<script src="/js/custom.js"></script>
<script src="/js/jquery.fancybox.min.js"></script>
<script src="/static/vendors/base/vendor.bundle.base.js"></script>
<script src="/static/js/off-canvas.js"></script>
<script src="/static/js/hoverable-collapse.js"></script>
<script src="/static/js/template.js"></script>
<script src="/static/vendors/chart.js/Chart.min.js"></script>
<script src="/static/vendors/jquery-bar-rating/jquery.barrating.min.js"></script>
<script src="/static/js/dashboard.js"></script>
<script type="text/javascript" src="/js/chunk-vendors.js"></script><script type="text/javascript" src="/js/app.js"></script></body>
</html>

65
HTB/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,65 @@
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:45:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2881
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
<!DOCTYPE html>
<html lang="">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel = "stylesheet" href = "/css/main.css">
<link rel="stylesheet" href="/css/bootstrap.min.css">
<!-- style css -->
<link rel="stylesheet" href="/css/style.css">
<!-- Responsive-->
<link rel="stylesheet" href="/css/responsive.css">
<!-- fevicon -->
<link rel="icon" href="/static/blue.png" type="image/png" />
<!-- Scrollbar Custom CSS -->
<link rel="stylesheet" href="/css/jquery.mCustomScrollbar.min.css">
<!-- Tweaks for older IEs-->
<link rel="stylesheet" href="/css/font-awesome.css">
<link rel="stylesheet" href="/css/jquery.fancybox.min.css" media="screen">
<link rel="stylesheet" href="/static/vendors/mdi/css/materialdesignicons.min.css">
<link rel="stylesheet" href="/static/vendors/feather/feather.css">
<link rel="stylesheet" href="/static/vendors/base/vendor.bundle.base.css">
<link rel="stylesheet" href="/static/vendors/flag-icon-css/css/flag-icon.min.css">
<link rel="stylesheet" href="/static/vendors/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars-o.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars.css">
<link rel="stylesheet" href="/static/css/style.css">
<title>Hat Valley</title>
<link href="/js/app.js" rel="preload" as="script"><link href="/js/chunk-vendors.js" rel="preload" as="script"></head>
<body>
<noscript>
<strong>We're sorry but hat-valley doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
</noscript>
<div id="app"></div>
<!-- built files will be auto injected -->
<script src="/js/jquery.min.js"></script>
<script src="/js/popper.min.js"></script>
<script src="/js/bootstrap.bundle.min.js"></script>
<script src="/js/jquery-3.0.0.min.js"></script>
<script src="/js/plugin.js"></script>
<!-- sidebar -->
<script src="/js/jquery.mCustomScrollbar.concat.min.js"></script>
<script src="/js/custom.js"></script>
<script src="/js/jquery.fancybox.min.js"></script>
<script src="/static/vendors/base/vendor.bundle.base.js"></script>
<script src="/static/js/off-canvas.js"></script>
<script src="/static/js/hoverable-collapse.js"></script>
<script src="/static/js/template.js"></script>
<script src="/static/vendors/chart.js/Chart.min.js"></script>
<script src="/static/vendors/jquery-bar-rating/jquery.barrating.min.js"></script>
<script src="/static/js/dashboard.js"></script>
<script type="text/javascript" src="/js/chunk-vendors.js"></script><script type="text/javascript" src="/js/app.js"></script></body>
</html>

10
HTB/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt Normal file
View File

@@ -0,0 +1,10 @@
WLD GET 54l 163w 2881c Got 200 for http://hat-valley.htb/d24d1944513e4b5d8b7f4f60bcb0210e (url length: 32)
301 GET 10l 16w 173c http://hat-valley.htb/css => http://hat-valley.htb/css/
200 GET 1l 35w 4286c http://hat-valley.htb/favicon.ico
301 GET 10l 16w 171c http://hat-valley.htb/js => http://hat-valley.htb/js/
301 GET 10l 16w 179c http://hat-valley.htb/static => http://hat-valley.htb/static/
WLD GET 54l 163w 2881c Got 200 for http://hat-valley.htb/dda138e55e784b60b2e4c4dcc7ee80f5 (url length: 32)
301 GET 10l 16w 173c http://hat-valley.htb/css => http://hat-valley.htb/css/
200 GET 1l 35w 4286c http://hat-valley.htb/favicon.ico
301 GET 10l 16w 171c http://hat-valley.htb/js => http://hat-valley.htb/js/
301 GET 10l 16w 179c http://hat-valley.htb/static => http://hat-valley.htb/static/

1
HTB/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_hat-valley.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

@@ -0,0 +1 @@
store

64
HTB/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_known-security.txt Normal file
View File

@@ -0,0 +1,64 @@
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:45:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2881
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
<!DOCTYPE html>
<html lang="">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel = "stylesheet" href = "/css/main.css">
<link rel="stylesheet" href="/css/bootstrap.min.css">
<!-- style css -->
<link rel="stylesheet" href="/css/style.css">
<!-- Responsive-->
<link rel="stylesheet" href="/css/responsive.css">
<!-- fevicon -->
<link rel="icon" href="/static/blue.png" type="image/png" />
<!-- Scrollbar Custom CSS -->
<link rel="stylesheet" href="/css/jquery.mCustomScrollbar.min.css">
<!-- Tweaks for older IEs-->
<link rel="stylesheet" href="/css/font-awesome.css">
<link rel="stylesheet" href="/css/jquery.fancybox.min.css" media="screen">
<link rel="stylesheet" href="/static/vendors/mdi/css/materialdesignicons.min.css">
<link rel="stylesheet" href="/static/vendors/feather/feather.css">
<link rel="stylesheet" href="/static/vendors/base/vendor.bundle.base.css">
<link rel="stylesheet" href="/static/vendors/flag-icon-css/css/flag-icon.min.css">
<link rel="stylesheet" href="/static/vendors/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars-o.css">
<link rel="stylesheet" href="/static/vendors/jquery-bar-rating/fontawesome-stars.css">
<link rel="stylesheet" href="/static/css/style.css">
<title>Hat Valley</title>
<link href="/js/app.js" rel="preload" as="script"><link href="/js/chunk-vendors.js" rel="preload" as="script"></head>
<body>
<noscript>
<strong>We're sorry but hat-valley doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
</noscript>
<div id="app"></div>
<!-- built files will be auto injected -->
<script src="/js/jquery.min.js"></script>
<script src="/js/popper.min.js"></script>
<script src="/js/bootstrap.bundle.min.js"></script>
<script src="/js/jquery-3.0.0.min.js"></script>
<script src="/js/plugin.js"></script>
<!-- sidebar -->
<script src="/js/jquery.mCustomScrollbar.concat.min.js"></script>
<script src="/js/custom.js"></script>
<script src="/js/jquery.fancybox.min.js"></script>
<script src="/static/vendors/base/vendor.bundle.base.js"></script>
<script src="/static/js/off-canvas.js"></script>
<script src="/static/js/hoverable-collapse.js"></script>
<script src="/static/js/template.js"></script>
<script src="/static/vendors/chart.js/Chart.min.js"></script>
<script src="/static/vendors/jquery-bar-rating/jquery.barrating.min.js"></script>
<script src="/static/js/dashboard.js"></script>
<script type="text/javascript" src="/js/chunk-vendors.js"></script><script type="text/javascript" src="/js/app.js"></script></body>
</html>

83
HTB/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,83 @@
# Nmap 7.93 scan initiated Tue Feb 7 23:45:13 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml hat-valley.htb
Nmap scan report for hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.040s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-07 23:45:13 CET for 816s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-chrono: ERROR: Script execution failed (use -d to debug)
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-devframework: Express detected. Found Express in X-Powered-By Header
| http-sitemap-generator:
| Directory structure:
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_
|_http-date: Tue, 07 Feb 2023 22:45:20 GMT; 0s from local time.
|_http-feed: Couldn't find any feeds.
| http-enum:
| /css/: Potentially interesting folder
|_ /js/: Potentially interesting folder
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-comments-displayer: Couldn't find any comments.
|_http-errors: Couldn't find any error pages.
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-mobileversion-checker: No mobile version detected.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-title: Hat Valley
| http-php-version: Logo query returned unknown hash eec43f2e72fc1fa2be35d0ba190ea4fd
|_Credits query returned unknown hash eec43f2e72fc1fa2be35d0ba190ea4fd
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-malware-host: Host appears to be clean
|_http-favicon: Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-vhosts:
|_128 names had status 200
| http-headers:
| Server: nginx/1.18.0 (Ubuntu)
| Date: Tue, 07 Feb 2023 22:45:25 GMT
| Content-Type: text/html; charset=UTF-8
| Content-Length: 2881
| Connection: close
| X-Powered-By: Express
| Accept-Ranges: bytes
| ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
|
|_ (Request type: HEAD)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Feb 7 23:58:49 2023 -- 1 IP address (1 host up) scanned in 816.11 seconds

BIN
HTB/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

78
HTB/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,78 @@
WhatWeb report for http://hat-valley.htb/
Status : 200 OK
Title : Hat Valley
IP : 10.10.11.185
Country : RESERVED, ZZ
Summary : Bootstrap[4.1.0], HTML5, HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], JQuery[3.0.0], nginx[1.18.0], Script[text/javascript], X-Powered-By[Express], X-UA-Compatible[IE=edge]
Detected Plugins:
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Version : 4.1.0
Version : 4.1.0
Version : 4.1.0
Version : 4.1.0
Version : 4.1.0
Version : 4.1.0
Website : https://getbootstrap.com/
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : nginx/1.18.0 (Ubuntu) (from server string)
[ JQuery ]
A fast, concise, JavaScript that simplifies how to traverse
HTML documents, handle events, perform animations, and add
AJAX.
Version : 3.0.0
Website : http://jquery.com/
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
String : text/javascript
[ X-Powered-By ]
X-Powered-By HTTP header
String : Express (from x-powered-by string)
[ X-UA-Compatible ]
This plugin retrieves the X-UA-Compatible value from the
HTTP header and meta http-equiv tag. - More Info:
http://msdn.microsoft.com/en-us/library/cc817574.aspx
String : IE=edge
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.18.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Feb 2023 22:45:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: Express
ETag: W/"b41-tn8t3x3qcvcm126OQ/i0AXwBj8M"
Content-Encoding: gzip

100
HTB/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,100 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:45:13 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml hat-valley.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml hat-valley.htb" start="1675809913" startstr="Tue Feb 7 23:45:13 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675809913"/>
<taskend task="NSE" time="1675809913"/>
<taskbegin task="NSE" time="1675809913"/>
<taskend task="NSE" time="1675809913"/>
<taskbegin task="NSE" time="1675809913"/>
<taskend task="NSE" time="1675809913"/>
<taskbegin task="SYN Stealth Scan" time="1675809913"/>
<taskend task="SYN Stealth Scan" time="1675809913" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675809913"/>
<taskend task="Service scan" time="1675809919" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675809919"/>
<taskprogress task="NSE" time="1675809950" percent="99.02" remaining="1" etc="1675809950"/>
<taskprogress task="NSE" time="1675809980" percent="99.02" remaining="1" etc="1675809981"/>
<taskprogress task="NSE" time="1675810010" percent="99.67" remaining="1" etc="1675810010"/>
<taskprogress task="NSE" time="1675810040" percent="99.67" remaining="1" etc="1675810040"/>
<taskprogress task="NSE" time="1675810070" percent="99.67" remaining="1" etc="1675810070"/>
<taskprogress task="NSE" time="1675810100" percent="99.67" remaining="1" etc="1675810101"/>
<taskprogress task="NSE" time="1675810130" percent="99.67" remaining="1" etc="1675810131"/>
<taskprogress task="NSE" time="1675810160" percent="99.67" remaining="1" etc="1675810161"/>
<taskprogress task="NSE" time="1675810190" percent="99.67" remaining="1" etc="1675810191"/>
<taskprogress task="NSE" time="1675810220" percent="99.67" remaining="1" etc="1675810221"/>
<taskprogress task="NSE" time="1675810250" percent="99.67" remaining="2" etc="1675810251"/>
<taskprogress task="NSE" time="1675810280" percent="99.67" remaining="2" etc="1675810281"/>
<taskprogress task="NSE" time="1675810310" percent="99.67" remaining="2" etc="1675810311"/>
<taskprogress task="NSE" time="1675810340" percent="99.67" remaining="2" etc="1675810341"/>
<taskprogress task="NSE" time="1675810370" percent="99.67" remaining="2" etc="1675810371"/>
<taskprogress task="NSE" time="1675810400" percent="99.67" remaining="2" etc="1675810402"/>
<taskprogress task="NSE" time="1675810430" percent="99.67" remaining="2" etc="1675810432"/>
<taskprogress task="NSE" time="1675810460" percent="99.67" remaining="2" etc="1675810462"/>
<taskprogress task="NSE" time="1675810490" percent="99.67" remaining="2" etc="1675810492"/>
<taskprogress task="NSE" time="1675810520" percent="99.67" remaining="2" etc="1675810522"/>
<taskprogress task="NSE" time="1675810550" percent="99.67" remaining="3" etc="1675810552"/>
<taskprogress task="NSE" time="1675810580" percent="99.67" remaining="3" etc="1675810582"/>
<taskprogress task="NSE" time="1675810610" percent="99.67" remaining="3" etc="1675810612"/>
<taskprogress task="NSE" time="1675810640" percent="99.67" remaining="3" etc="1675810642"/>
<taskprogress task="NSE" time="1675810670" percent="99.67" remaining="3" etc="1675810672"/>
<taskprogress task="NSE" time="1675810700" percent="99.67" remaining="3" etc="1675810703"/>
<taskend task="NSE" time="1675810728"/>
<taskbegin task="NSE" time="1675810728"/>
<taskend task="NSE" time="1675810729"/>
<taskbegin task="NSE" time="1675810729"/>
<taskend task="NSE" time="1675810729"/>
<host starttime="1675809913" endtime="1675810729"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="hat-valley.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-chrono" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-devframework" output="Express detected. Found Express in X-Powered-By Header"/><script id="http-sitemap-generator" output="&#xa; Directory structure:&#xa; Longest directory structure:&#xa; Depth: 0&#xa; Dir: /&#xa; Total files found (by extension):&#xa; &#xa;"/><script id="http-date" output="Tue, 07 Feb 2023 22:45:20 GMT; 0s from local time."><elem key="date">2023-02-07T22:45:20+00:00</elem>
<elem key="delta">0.0</elem>
</script><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-enum" output="&#xa; /css/: Potentially interesting folder&#xa; /js/: Potentially interesting folder&#xa;"/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-comments-displayer" output="Couldn&apos;t find any comments."/><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-useragent-tester" output="&#xa; Status for browser useragent: 200&#xa; Allowed User Agents: &#xa; Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa; libwww&#xa; lwp-trivial&#xa; libcurl-agent/1.0&#xa; PHP/&#xa; Python-urllib/2.5&#xa; GT::WWW&#xa; Snoopy&#xa; MFC_Tear_Sample&#xa; HTTP::Lite&#xa; PHPCrawl&#xa; URI::Fetch&#xa; Zend_Http_Client&#xa; http client&#xa; PECL::HTTP&#xa; Wget/1.13.4 (linux-gnu)&#xa; WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
<table key="Allowed User Agents">
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
<elem>libwww</elem>
<elem>lwp-trivial</elem>
<elem>libcurl-agent/1.0</elem>
<elem>PHP/</elem>
<elem>Python-urllib/2.5</elem>
<elem>GT::WWW</elem>
<elem>Snoopy</elem>
<elem>MFC_Tear_Sample</elem>
<elem>HTTP::Lite</elem>
<elem>PHPCrawl</elem>
<elem>URI::Fetch</elem>
<elem>Zend_Http_Client</elem>
<elem>http client</elem>
<elem>PECL::HTTP</elem>
<elem>Wget/1.13.4 (linux-gnu)</elem>
<elem>WWW-Mechanize/1.34</elem>
</table>
</script><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
</script><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-title" output="Hat Valley"><elem key="title">Hat Valley</elem>
</script><script id="http-php-version" output="Logo query returned unknown hash eec43f2e72fc1fa2be35d0ba190ea4fd&#xa;Credits query returned unknown hash eec43f2e72fc1fa2be35d0ba190ea4fd"/><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-malware-host" output="Host appears to be clean"/><script id="http-favicon" output="Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554"/><script id="http-security-headers" output=""></script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-vhosts" output="&#xa;128 names had status 200"/><script id="http-headers" output="&#xa; Server: nginx/1.18.0 (Ubuntu)&#xa; Date: Tue, 07 Feb 2023 22:45:25 GMT&#xa; Content-Type: text/html; charset=UTF-8&#xa; Content-Length: 2881&#xa; Connection: close&#xa; X-Powered-By: Express&#xa; Accept-Ranges: bytes&#xa; ETag: W/&quot;b41-tn8t3x3qcvcm126OQ/i0AXwBj8M&quot;&#xa; &#xa; (Request type: HEAD)&#xa;"/></port>
</ports>
<times srtt="40410" rttvar="40410" to="202050"/>
</host>
<taskbegin task="NSE" time="1675810729"/>
<taskend task="NSE" time="1675810729"/>
<taskbegin task="NSE" time="1675810729"/>
<taskend task="NSE" time="1675810729"/>
<taskbegin task="NSE" time="1675810729"/>
<taskend task="NSE" time="1675810729"/>
<runstats><finished time="1675810729" timestr="Tue Feb 7 23:58:49 2023" summary="Nmap done at Tue Feb 7 23:58:49 2023; 1 IP address (1 host up) scanned in 816.11 seconds" elapsed="816.11" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

116
HTB/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,116 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml hat-valley.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_full_tcp_nmap.xml hat-valley.htb" start="1675809883" startstr="Tue Feb 7 23:44:43 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675809884"/>
<taskend task="NSE" time="1675809884"/>
<taskbegin task="NSE" time="1675809884"/>
<taskend task="NSE" time="1675809884"/>
<taskbegin task="NSE" time="1675809884"/>
<taskend task="NSE" time="1675809884"/>
<taskbegin task="SYN Stealth Scan" time="1675809884"/>
<taskend task="SYN Stealth Scan" time="1675809913" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1675809913"/>
<taskend task="Service scan" time="1675809919" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1675809923"/>
<taskend task="Traceroute" time="1675809923"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675809923"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675809934"/>
<taskbegin task="NSE" time="1675809934"/>
<taskend task="NSE" time="1675809939"/>
<taskbegin task="NSE" time="1675809939"/>
<taskend task="NSE" time="1675809940"/>
<taskbegin task="NSE" time="1675809940"/>
<taskend task="NSE" time="1675809940"/>
<host starttime="1675809884" endtime="1675809940"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="hat-valley.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65533">
<extrareasons reason="reset" count="65533" proto="tcp" ports="1-21,23-79,81-65535"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=&#xa; 256 59365bba3c7821e326b37d23605aec38 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy"><table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">7254afbaf6e2835941b7cd611c2f418b</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">59365bba3c7821e326b37d23605aec38</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-title" output="Hat Valley"><elem key="title">Hat Valley</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
</script><script id="http-favicon" output="Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554"/></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<osmatch name="Linux 4.15 - 5.6" accuracy="93" line="67238">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.3 - 5.4" accuracy="93" line="68140">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="92" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="92"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="92" line="55653">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.3" accuracy="92" line="68082">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1" accuracy="91" line="62917">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:3.1</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.2" accuracy="91" line="64664">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:3.2</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0" accuracy="90" line="68042">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:5.0</cpe></osclass>
</osmatch>
<osmatch name="Crestron XPanel control system" accuracy="90" line="19543">
<osclass type="specialized" vendor="Crestron" osfamily="2-Series" accuracy="90"><cpe>cpe:/o:crestron:2_series</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.4" accuracy="90" line="68103">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2D494%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)&#xa;SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)&#xa;OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=N)&#xa;T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=N)&#xa;T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=40%CD=S)&#xa;"/>
</os>
<uptime seconds="3924695" lastboot="Sat Dec 24 13:34:05 2022"/>
<distance value="2"/>
<tcpsequence index="263" difficulty="Good luck!" values="49F791B6,F473834B,897BC0CB,570FC711,D2FFC8CF,CCA2F823"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="E9EDD376,E9EDD3DA,E9EDD43F,E9EDD4A4,E9EDD507,E9EDD57F"/>
<trace port="3389" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="29.03"/>
<hop ttl="2" ipaddr="10.10.11.185" rtt="52.62" host="awkward.htb"/>
</trace>
<times srtt="32200" rttvar="10032" to="100000"/>
</host>
<taskbegin task="NSE" time="1675809940"/>
<taskend task="NSE" time="1675809940"/>
<taskbegin task="NSE" time="1675809940"/>
<taskend task="NSE" time="1675809940"/>
<taskbegin task="NSE" time="1675809940"/>
<taskend task="NSE" time="1675809940"/>
<runstats><finished time="1675809940" timestr="Tue Feb 7 23:45:40 2023" summary="Nmap done at Tue Feb 7 23:45:40 2023; 1 IP address (1 host up) scanned in 56.65 seconds" elapsed="56.65" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

116
HTB/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,116 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml hat-valley.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_quick_tcp_nmap.xml hat-valley.htb" start="1675809883" startstr="Tue Feb 7 23:44:43 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675809884"/>
<taskend task="NSE" time="1675809884"/>
<taskbegin task="NSE" time="1675809884"/>
<taskend task="NSE" time="1675809884"/>
<taskbegin task="NSE" time="1675809884"/>
<taskend task="NSE" time="1675809884"/>
<taskbegin task="SYN Stealth Scan" time="1675809884"/>
<taskend task="SYN Stealth Scan" time="1675809885" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1675809885"/>
<taskend task="Service scan" time="1675809891" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1675809896"/>
<taskend task="Traceroute" time="1675809896"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675809896"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675809907"/>
<taskbegin task="NSE" time="1675809907"/>
<taskend task="NSE" time="1675809912"/>
<taskbegin task="NSE" time="1675809912"/>
<taskend task="NSE" time="1675809912"/>
<taskbegin task="NSE" time="1675809912"/>
<taskend task="NSE" time="1675809912"/>
<host starttime="1675809884" endtime="1675809912"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="hat-valley.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="998">
<extrareasons reason="reset" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=&#xa; 256 59365bba3c7821e326b37d23605aec38 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy"><table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="fingerprint">7254afbaf6e2835941b7cd611c2f418b</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="fingerprint">59365bba3c7821e326b37d23605aec38</elem>
<elem key="bits">256</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-title" output="Hat Valley"><elem key="title">Hat Valley</elem>
</script><script id="http-favicon" output="Unknown favicon MD5: 56BF0DDEA4641BFDDD743E1B04149554"/><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
</script></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="92" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="92"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="Linux 4.15 - 5.6" accuracy="92" line="67238">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.3 - 5.4" accuracy="91" line="68140">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="91" line="55653">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.3" accuracy="91" line="68082">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1" accuracy="89" line="62917">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="89"><cpe>cpe:/o:linux:linux_kernel:3.1</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.2" accuracy="89" line="64664">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="89"><cpe>cpe:/o:linux:linux_kernel:3.2</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0" accuracy="89" line="68042">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="89"><cpe>cpe:/o:linux:linux_kernel:5.0</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.4" accuracy="89" line="68103">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="89"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Crestron XPanel control system" accuracy="88" line="19543">
<osclass type="specialized" vendor="Crestron" osfamily="2-Series" accuracy="88"><cpe>cpe:/o:crestron:2_series</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/7%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E2D478%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=107%GCD=1%ISR=10A%TI=Z%TS=A)&#xa;SEQ(SP=106%GCD=1%ISR=10A%TI=Z%CI=Z%TS=A)&#xa;OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=N)&#xa;ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=N)&#xa;T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=N)&#xa;T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)&#xa;T6(R=N)&#xa;T6(R=Y%DF=Y%TG=40%W=0%S=O%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=N)&#xa;IE(R=N)&#xa;IE(R=Y%DFI=N%TG=40%CD=S)&#xa;"/>
</os>
<uptime seconds="3924667" lastboot="Sat Dec 24 13:34:05 2022"/>
<distance value="2"/>
<tcpsequence index="262" difficulty="Good luck!" values="E66770E2,3D0141F,328E7DE,BCE5DDBC,309C2FD5,D8067753"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="E9ED680F,E9ED6847,E9ED68E6,E9ED690E,E9ED6986,E9ED69DD"/>
<trace port="8888" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="40.62"/>
<hop ttl="2" ipaddr="10.10.11.185" rtt="40.69" host="awkward.htb"/>
</trace>
<times srtt="42874" rttvar="4781" to="100000"/>
</host>
<taskbegin task="NSE" time="1675809912"/>
<taskend task="NSE" time="1675809912"/>
<taskbegin task="NSE" time="1675809912"/>
<taskend task="NSE" time="1675809912"/>
<taskbegin task="NSE" time="1675809912"/>
<taskend task="NSE" time="1675809912"/>
<runstats><finished time="1675809912" timestr="Tue Feb 7 23:45:12 2023" summary="Nmap done at Tue Feb 7 23:45:12 2023; 1 IP address (1 host up) scanned in 29.31 seconds" elapsed="29.31" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

72
HTB/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml Normal file
View File

@@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Tue Feb 7 23:44:43 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml hat-valley.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/awkward/results/hat-valley.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/hat-valley.htb/scans/xml/_top_100_udp_nmap.xml hat-valley.htb" start="1675809883" startstr="Tue Feb 7 23:44:43 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="udp" protocol="udp" numservices="100" services="7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675809884"/>
<taskend task="NSE" time="1675809884"/>
<taskbegin task="NSE" time="1675809884"/>
<taskend task="NSE" time="1675809884"/>
<taskbegin task="NSE" time="1675809884"/>
<taskend task="NSE" time="1675809884"/>
<taskbegin task="UDP Scan" time="1675809884"/>
<taskend task="UDP Scan" time="1675809974" extrainfo="100 total ports"/>
<taskbegin task="Service scan" time="1675809974"/>
<taskprogress task="Service scan" time="1675810034" percent="7.69" remaining="720" etc="1675810754"/>
<taskend task="Service scan" time="1675810071" extrainfo="13 services on 1 host"/>
<taskbegin task="Traceroute" time="1675810073"/>
<taskend task="Traceroute" time="1675810073"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675810073"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675810084"/>
<taskbegin task="NSE" time="1675810084"/>
<taskprogress task="NSE" time="1675810115" percent="99.39" remaining="1" etc="1675810115"/>
<taskend task="NSE" time="1675810127"/>
<taskbegin task="NSE" time="1675810127"/>
<taskend task="NSE" time="1675810128"/>
<taskbegin task="NSE" time="1675810128"/>
<taskend task="NSE" time="1675810128"/>
<host starttime="1675809884" endtime="1675810128"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="hat-valley.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="87">
<extrareasons reason="port-unreach" count="87" proto="udp" ports="7,9,49,53,67,69,80,88,111,120,123,135,138-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-998,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5632,9200,10000,17185,30718,31337,32768-32769,32771,32815,49153-49154,49156,49181-49182,49185,49188,49190-49194,49200-49201,65024"/>
</extraports>
<port protocol="udp" portid="17"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="qotd" method="table" conf="3"/></port>
<port protocol="udp" portid="19"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="chargen" method="table" conf="3"/></port>
<port protocol="udp" portid="68"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="dhcpc" method="table" conf="3"/></port>
<port protocol="udp" portid="136"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="profile" method="table" conf="3"/></port>
<port protocol="udp" portid="137"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ns" method="table" conf="3"/></port>
<port protocol="udp" portid="999"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="applix" method="table" conf="3"/></port>
<port protocol="udp" portid="5000"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
<port protocol="udp" portid="5060"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="sip" method="table" conf="3"/></port>
<port protocol="udp" portid="5353"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="zeroconf" method="table" conf="3"/></port>
<port protocol="udp" portid="20031"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="bakbonenetvault" method="table" conf="3"/></port>
<port protocol="udp" portid="33281"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49152"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49186"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
</ports>
<os><portused state="closed" proto="udp" portid="7"/>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/7%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E2D550%P=x86_64-pc-linux-gnu)&#xa;SEQ(CI=Z%II=I)&#xa;T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)&#xa;IE(R=Y%DFI=N%T=40%CD=S)&#xa;"/>
</os>
<distance value="2"/>
<trace port="518" proto="udp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="32.44"/>
<hop ttl="2" ipaddr="10.10.11.185" rtt="32.45" host="awkward.htb"/>
</trace>
<times srtt="39945" rttvar="13380" to="100000"/>
</host>
<taskbegin task="NSE" time="1675810128"/>
<taskend task="NSE" time="1675810128"/>
<taskbegin task="NSE" time="1675810128"/>
<taskend task="NSE" time="1675810128"/>
<taskbegin task="NSE" time="1675810128"/>
<taskend task="NSE" time="1675810128"/>
<runstats><finished time="1675810128" timestr="Tue Feb 7 23:48:48 2023" summary="Nmap done at Tue Feb 7 23:48:48 2023; 1 IP address (1 host up) scanned in 245.28 seconds" elapsed="245.28" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>