simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
HTB/awkward/results/store.hat-valley.htb/scans/_commands.log Normal file
View File

@@ -0,0 +1,26 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_quick_tcp_nmap.xml" store.hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_full_tcp_nmap.xml" store.hat-valley.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/_top_100_udp_nmap.txt" -oX "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_top_100_udp_nmap.xml" store.hat-valley.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" store.hat-valley.htb
feroxbuster -u http://store.hat-valley.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://store.hat-valley.htb:80/.well-known/security.txt
curl -sSikf http://store.hat-valley.htb:80/robots.txt
curl -sSik http://store.hat-valley.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" store.hat-valley.htb
curl -sk -o /dev/null -H "Host: UTKpOMMoFswwGDitFqad.store.hat-valley.htb" http://store.hat-valley.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://store.hat-valley.htb:80 2>&1
wkhtmltoimage --format png http://store.hat-valley.htb:80/ /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://store.hat-valley.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.store.hat-valley.htb" -fs 132 -noninteractive -s | tee "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_store.hat-valley.htb_vhosts_subdomains-top1million-110000.txt"

12
HTB/awkward/results/store.hat-valley.htb/scans/_errors.log Normal file
View File

@@ -0,0 +1,12 @@
[*] Service scan wkhtmltoimage (tcp/80/http/wkhtmltoimage) ran a command which returned a non-zero exit code (1).
[-] Command: wkhtmltoimage --format png http://store.hat-valley.htb:80/ /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png
[-] Error Output:
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
Loading page (1/2)
[> ] 0%
Error: Authentication Required
Error: Failed to load http://store.hat-valley.htb/, with network status code 204 and http status code 401 - Host requires authentication
[==============================> ] 50%
[============================================================] 100%
Rendering (2/2)
[> ] 0%

54
HTB/awkward/results/store.hat-valley.htb/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,54 @@
# Nmap 7.93 scan initiated Thu Feb 9 13:00:26 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_full_tcp_nmap.xml store.hat-valley.htb
Nmap scan report for store.hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.060s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-09 13:00:27 CET for 35s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-title: 401 Authorization Required
| http-auth:
| HTTP/1.1 401 Unauthorized\x0D
|_ Basic realm=Restricted
| http-methods:
|_ Supported Methods: GET HEAD POST
|_http-server-header: nginx/1.18.0 (Ubuntu)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (94%), Linux 5.3 - 5.4 (94%), Linux 2.6.32 (94%), Linux 5.0 - 5.3 (93%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 5.0 (91%), Crestron XPanel control system (91%), Linux 2.6.39 - 3.2 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/9%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E4E07E%P=x86_64-pc-linux-gnu)
SEQ(SP=106%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 13.506 days (since Fri Jan 27 00:52:22 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 199/tcp)
HOP RTT ADDRESS
1 39.76 ms 10.10.16.1
2 87.03 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 9 13:01:02 2023 -- 1 IP address (1 host up) scanned in 36.22 seconds

32
HTB/awkward/results/store.hat-valley.htb/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,32 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://store.hat-valley.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h store.hat-valley.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://store.hat-valley.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://store.hat-valley.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h store.hat-valley.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://store.hat-valley.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h store.hat-valley.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://store.hat-valley.htb:80 2>&1 | tee "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://store.hat-valley.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_wpscan.txt"

338
HTB/awkward/results/store.hat-valley.htb/scans/_patterns.log Normal file
View File

@@ -0,0 +1,338 @@
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Matched Pattern: Unauthorized
Identified HTTP Server: nginx/1.18.0 (Ubuntu)
Matched Pattern: Unauthorized
Matched Pattern: unauthorized
Matched Pattern: Unauthorized

58
HTB/awkward/results/store.hat-valley.htb/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,58 @@
# Nmap 7.93 scan initiated Thu Feb 9 13:00:26 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_quick_tcp_nmap.xml store.hat-valley.htb
Nmap scan report for store.hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.046s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-09 13:00:27 CET for 27s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-title: 401 Authorization Required
| http-auth:
| HTTP/1.1 401 Unauthorized\x0D
|_ Basic realm=Restricted
| http-methods:
|_ Supported Methods: GET HEAD POST
|_http-server-header: nginx/1.18.0 (Ubuntu)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 4.15 - 5.6 (94%), Linux 5.0 - 5.3 (93%), Linux 5.3 - 5.4 (93%), Linux 2.6.32 (93%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Linux 5.0 (91%), Crestron XPanel control system (91%), Adtran 424RG FTTH gateway (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/9%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E4E076%P=x86_64-pc-linux-gnu)
SEQ(SP=109%GCD=1%ISR=109%TI=Z%TS=A)
SEQ(SP=109%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=N)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=N)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=N)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 13.506 days (since Fri Jan 27 00:52:21 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=265 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 111/tcp)
HOP RTT ADDRESS
1 52.75 ms 10.10.16.1
2 52.77 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 9 13:00:54 2023 -- 1 IP address (1 host up) scanned in 27.80 seconds

60
HTB/awkward/results/store.hat-valley.htb/scans/_top_100_udp_nmap.txt Normal file
View File

@@ -0,0 +1,60 @@
# Nmap 7.93 scan initiated Thu Feb 9 13:00:26 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_top_100_udp_nmap.xml store.hat-valley.htb
Warning: 10.10.11.185 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.185 from 100 to 200 due to 11 out of 13 dropped probes since last increase.
Increasing send delay for 10.10.11.185 from 200 to 400 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.185 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
adjust_timeouts2: packet supposedly had rtt of -221353 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -221353 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -443501 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -443501 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -500539 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -500539 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -275921 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -275921 microseconds. Ignoring time.
Nmap scan report for store.hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.031s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-09 13:00:27 CET for 252s
Not shown: 79 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
19/udp open|filtered chargen no-response
68/udp open|filtered dhcpc no-response
88/udp open|filtered kerberos-sec no-response
158/udp open|filtered pcmail-srv no-response
500/udp open|filtered isakmp no-response
623/udp open|filtered asf-rmcp no-response
1025/udp open|filtered blackjack no-response
1029/udp open|filtered solid-mux no-response
2222/udp open|filtered msantipiracy no-response
2223/udp open|filtered rockwell-csp2 no-response
4500/udp open|filtered nat-t-ike no-response
5353/udp open|filtered zeroconf no-response
9200/udp open|filtered wap-wsp no-response
20031/udp open|filtered bakbonenetvault no-response
31337/udp open|filtered BackOrifice no-response
32769/udp open|filtered filenet-rpc no-response
33281/udp open|filtered unknown no-response
49188/udp open|filtered unknown no-response
49193/udp open|filtered unknown no-response
49201/udp open|filtered unknown no-response
65024/udp open|filtered unknown no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/9%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E4E157%P=x86_64-pc-linux-gnu)
SEQ(CI=Z)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 515/udp)
HOP RTT ADDRESS
1 36.67 ms 10.10.16.1
2 32.78 ms awkward.htb (10.10.11.185)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 9 13:04:39 2023 -- 1 IP address (1 host up) scanned in 253.38 seconds

61
HTB/awkward/results/store.hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,61 @@
# Nmap 7.93 scan initiated Thu Feb 9 13:00:54 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml store.hat-valley.htb
Nmap scan report for store.hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.057s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-09 13:00:54 CET for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
|_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| sntrup761x25519-sha512@openssh.com
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (4)
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-hostkey:
| 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=
| 256 59365bba3c7821e326b37d23605aec38 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 9 13:00:56 2023 -- 1 IP address (1 host up) scanned in 1.68 seconds

95
HTB/awkward/results/store.hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,95 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Thu Feb 9 13:00:54 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml store.hat-valley.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml store.hat-valley.htb" start="1675944054" startstr="Thu Feb 9 13:00:54 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675944054"/>
<taskend task="NSE" time="1675944054"/>
<taskbegin task="NSE" time="1675944054"/>
<taskend task="NSE" time="1675944054"/>
<taskbegin task="SYN Stealth Scan" time="1675944054"/>
<taskend task="SYN Stealth Scan" time="1675944055" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675944055"/>
<taskend task="Service scan" time="1675944055" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675944055"/>
<taskend task="NSE" time="1675944056"/>
<taskbegin task="NSE" time="1675944056"/>
<taskend task="NSE" time="1675944056"/>
<host starttime="1675944054" endtime="1675944056"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="store.hat-valley.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="banner" output="SSH-2.0-OpenSSH_8.9p1 Ubuntu-3"/><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (10)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; sntrup761x25519-sha512@openssh.com&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (4)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>sntrup761x25519-sha512@openssh.com</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script><script id="ssh-hostkey" output="&#xa; 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=&#xa; 256 59365bba3c7821e326b37d23605aec38 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy"><table>
<elem key="bits">256</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=</elem>
<elem key="fingerprint">7254afbaf6e2835941b7cd611c2f418b</elem>
</table>
<table>
<elem key="bits">256</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy</elem>
<elem key="fingerprint">59365bba3c7821e326b37d23605aec38</elem>
</table>
</script></port>
</ports>
<times srtt="56633" rttvar="56633" to="283165"/>
</host>
<taskbegin task="NSE" time="1675944056"/>
<taskend task="NSE" time="1675944056"/>
<taskbegin task="NSE" time="1675944056"/>
<taskend task="NSE" time="1675944056"/>
<runstats><finished time="1675944056" timestr="Thu Feb 9 13:00:56 2023" summary="Nmap done at Thu Feb 9 13:00:56 2023; 1 IP address (1 host up) scanned in 1.68 seconds" elapsed="1.68" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

16
HTB/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,16 @@
HTTP/1.1 401 Unauthorized
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 09 Feb 2023 12:00:54 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Restricted"
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>

119006
HTB/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt Normal file
View File

File diff suppressed because it is too large Load Diff

246
HTB/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,246 @@
# Nmap 7.93 scan initiated Thu Feb 9 13:00:54 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml store.hat-valley.htb
Nmap scan report for store.hat-valley.htb (10.10.11.185)
Host is up, received user-set (0.027s latency).
rDNS record for 10.10.11.185: awkward.htb
Scanned at 2023-02-09 13:00:55 CET for 77s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
| http-sitemap-generator:
| Directory structure:
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-chrono: Request times for /; avg: 160.15ms; min: 155.75ms; max: 167.02ms
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-fetch: Please enter the complete path of the directory to save data in.
| http-waf-detect: IDS/IPS/WAF detected:
|_store.hat-valley.htb:80/?p4yl04d3=<script>alert(document.cookie)</script>
| http-enum:
| /tools_admin.php: D-Link DIR-300 (401 Unauthorized)
| /bsc_lan.php: D-Link DIR-300, DIR-320, DIR-615 revD (401 Unauthorized)
| /awstatstotals/awstatstotals.php: AWStats Totals (401 Unauthorized)
| /awstats/awstatstotals.php: AWStats Totals (401 Unauthorized)
| /awstatstotals.php: AWStats Totals (401 Unauthorized)
| /awstats/index.php: AWStats Totals (401 Unauthorized)
| /awstatstotals/index.php: AWStats Totals (401 Unauthorized)
| /calendar/cal_search.php: ExtCalendar (401 Unauthorized)
| /cal_search.php: ExtCalendar (401 Unauthorized)
| /a_viewusers.php: Andys PHP Knowledgebase (401 Unauthorized)
| /LightNEasy.php?do=login: LightNEasy (401 Unauthorized)
| /channel_detail.php: DzTube (401 Unauthorized)
| /vbseo.php: vBSEO (401 Unauthorized)
| /admin.php: Possible admin folder (401 Unauthorized)
| /admin/account.php: Possible admin folder (401 Unauthorized)
| /admin/index.php: Possible admin folder (401 Unauthorized)
| /admin/login.php: Possible admin folder (401 Unauthorized)
| /admin/admin.php: Possible admin folder (401 Unauthorized)
| /login.php: Possible admin folder (401 Unauthorized)
| /admin_area/admin.php: Possible admin folder (401 Unauthorized)
| /admin_area/login.php: Possible admin folder (401 Unauthorized)
| /siteadmin/login.php: Possible admin folder (401 Unauthorized)
| /siteadmin/index.php: Possible admin folder (401 Unauthorized)
| /admin_area/index.php: Possible admin folder (401 Unauthorized)
| /bb-admin/index.php: Possible admin folder (401 Unauthorized)
| /bb-admin/login.php: Possible admin folder (401 Unauthorized)
| /bb-admin/admin.php: Possible admin folder (401 Unauthorized)
| /admin/home.php: Possible admin folder (401 Unauthorized)
| /admin/controlpanel.php: Possible admin folder (401 Unauthorized)
| /admincp/login.php: Possible admin folder (401 Unauthorized)
| /admin/cp.php: Possible admin folder (401 Unauthorized)
| /cp.php: Possible admin folder (401 Unauthorized)
| /administrator/index.php: Possible admin folder (401 Unauthorized)
| /administrator/login.php: Possible admin folder (401 Unauthorized)
| /nsw/admin/login.php: Possible admin folder (401 Unauthorized)
| /webadmin/login.php: Possible admin folder (401 Unauthorized)
| /admin/admin_login.php: Possible admin folder (401 Unauthorized)
| /admin_login.php: Possible admin folder (401 Unauthorized)
| /administrator/account.php: Possible admin folder (401 Unauthorized)
| /administrator.php: Possible admin folder (401 Unauthorized)
| /pages/admin/admin-login.php: Possible admin folder (401 Unauthorized)
| /admin/admin-login.php: Possible admin folder (401 Unauthorized)
| /admin-login.php: Possible admin folder (401 Unauthorized)
| /modelsearch/login.php: Possible admin folder (401 Unauthorized)
| /moderator.php: Possible admin folder (401 Unauthorized)
| /moderator/login.php: Possible admin folder (401 Unauthorized)
| /moderator/admin.php: Possible admin folder (401 Unauthorized)
| /account.php: Possible admin folder (401 Unauthorized)
| /controlpanel.php: Possible admin folder (401 Unauthorized)
| /admincontrol.php: Possible admin folder (401 Unauthorized)
| /rcjakar/admin/login.php: Possible admin folder (401 Unauthorized)
| /webadmin.php: Possible admin folder (401 Unauthorized)
| /webadmin/index.php: Possible admin folder (401 Unauthorized)
| /webadmin/admin.php: Possible admin folder (401 Unauthorized)
| /adminpanel.php: Possible admin folder (401 Unauthorized)
| /user.php: Possible admin folder (401 Unauthorized)
| /panel-administracion/login.php: Possible admin folder (401 Unauthorized)
| /wp-login.php: Possible admin folder (401 Unauthorized)
| /adminLogin.php: Possible admin folder (401 Unauthorized)
| /admin/adminLogin.php: Possible admin folder (401 Unauthorized)
| /adminarea/index.php: Possible admin folder (401 Unauthorized)
| /adminarea/admin.php: Possible admin folder (401 Unauthorized)
| /adminarea/login.php: Possible admin folder (401 Unauthorized)
| /panel-administracion/index.php: Possible admin folder (401 Unauthorized)
| /panel-administracion/admin.php: Possible admin folder (401 Unauthorized)
| /modelsearch/index.php: Possible admin folder (401 Unauthorized)
| /modelsearch/admin.php: Possible admin folder (401 Unauthorized)
| /admincontrol/login.php: Possible admin folder (401 Unauthorized)
| /adm/admloginuser.php: Possible admin folder (401 Unauthorized)
| /admloginuser.php: Possible admin folder (401 Unauthorized)
| /admin2.php: Possible admin folder (401 Unauthorized)
| /admin2/login.php: Possible admin folder (401 Unauthorized)
| /admin2/index.php: Possible admin folder (401 Unauthorized)
| /adm/index.php: Possible admin folder (401 Unauthorized)
| /adm.php: Possible admin folder (401 Unauthorized)
| /affiliate.php: Possible admin folder (401 Unauthorized)
| /adm_auth.php: Possible admin folder (401 Unauthorized)
| /memberadmin.php: Possible admin folder (401 Unauthorized)
| /administratorlogin.php: Possible admin folder (401 Unauthorized)
| /admin1.php: Possible admin folder (401 Unauthorized)
| /administr8.php: Possible admin folder (401 Unauthorized)
| /administracao.php: Possible admin folder (401 Unauthorized)
| /administracion.php: Possible admin folder (401 Unauthorized)
| /admins.php: Possible admin folder (401 Unauthorized)
| /AdminLogin.php: Possible admin folder (401 Unauthorized)
| /atom.php: RSS or Atom feed (401 Unauthorized)
| /rss.php: RSS or Atom feed (401 Unauthorized)
| /test.php: Test page (401 Unauthorized)
| /log.php: Logs (401 Unauthorized)
| /logs.php: Logs (401 Unauthorized)
| /js/vendors.php: CakePHP application (401 Unauthorized)
| /fshow.php: Horizon Web App (401 Unauthorized)
| /admin/upload.php: Admin File Upload (401 Unauthorized)
| /upload_multiple_js.php: NAS Uploader (401 Unauthorized)
| /info.php: Possible information file (401 Unauthorized)
| /phpinfo.php: Possible information file (401 Unauthorized)
| /kusabax/manage_page.php: Kusabax Image Board (401 Unauthorized)
| /plus/lurking.php: phpMyChat Plus (401 Unauthorized)
| /adm/barra/assetmanager/assetmanager.php: 360 Web Manager (401 Unauthorized)
| /confirminvite.php: phpMyBitTorrent (401 Unauthorized)
| /swfupload/index.php: SWFUpload (401 Unauthorized)
| /mymarket/shopping/index.php: MyMarket (401 Unauthorized)
| /myshop_start.php: FozzCom shopping (401 Unauthorized)
| /upload/scp/ajax.php: osTicket / AJAX File Upload (401 Unauthorized)
| /fm.php: Simple File Manager (401 Unauthorized)
| /cal_cat.php: Calendarix (401 Unauthorized)
| /calendar/cal_cat.php: Calendarix (401 Unauthorized)
| /cal/cal_cat.php: Calendarix (401 Unauthorized)
| /wiki/rankings.php: Bit Weaver (401 Unauthorized)
| /reqdetails.php: BtiTracker (401 Unauthorized)
| /shared/help.php: OpenBiblio/WebBiblio Subject Gateway System (401 Unauthorized)
| /seti.php: PHP SETI@home (401 Unauthorized)
| /Base/upload.php: MassMirror Uploader (401 Unauthorized)
| /Base/example_1.php: MassMirror Uploader (401 Unauthorized)
| /tools/filemanager/skins/mobile/admin1.template.php: ispCP Omega (401 Unauthorized)
| /updown.php: PHP Uploader Downloader (401 Unauthorized)
| /engine/api/api.class.php: DatalifeEngine (401 Unauthorized)
| /spControl.php: IBM Proventia (401 Unauthorized)
| /lib/usermanagement/userInfo.php: Testlink TestManagement (401 Unauthorized)
| /security/xamppsecurity.php: XAMPP (401 Unauthorized)
| /dm-albums/dm-albums.php: DM FileManager (401 Unauthorized)
| /downloadFile.php: NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure (401 Unauthorized)
| /BackupConfig.php: NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure (401 Unauthorized)
| /wp-login.php: Wordpress login page. (401 Unauthorized)
| /wordpress/wp-login.php: Wordpress login page. (401 Unauthorized)
| /blog/wp-login.php: Wordpress login page. (401 Unauthorized)
| /administrator/wp-login.php: Wordpress login page. (401 Unauthorized)
| /weblog/wp-login.php: Wordpress login page. (401 Unauthorized)
| /wp-admin/upgrade.php: Wordpress login page. (401 Unauthorized)
| /cmspages.php: 2Point Solutions CMS (401 Unauthorized)
| /sc_webcat/ecat/cms_view.php: Webcat (401 Unauthorized)
| /forum_answer.php?que_id=1: Guru JustAnswer (401 Unauthorized)
| /templates1/view_product.php: HB ECommerce (401 Unauthorized)
| /escort-profile.php: First Escort Marketing CMS (401 Unauthorized)
| /pages/indexheader.php: Green Pants CMS (401 Unauthorized)
| /pages/searcher.php: Green Pants CMS (401 Unauthorized)
| /pages/indexviewentry.php: Green Pants CMS (401 Unauthorized)
| /admin/libraries/ajaxfilemanager/ajaxfilemanager.php: Log1 CMS (401 Unauthorized)
| /leftmenubody.php: Quicktech (401 Unauthorized)
| /zikula/index.php: Zikula CMS (401 Unauthorized)
| /system/admin/header.php: Habari Blog (401 Unauthorized)
| /system/admin/comments_items.php: Habari Blog (401 Unauthorized)
| /fckeditor/editor/filemanager/connectors/php/config.php: DM File Manager/FCKeditor File upload (401 Unauthorized)
| /includes/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php: PHPnuke/Remote File Download (401 Unauthorized)
| /admin/includes/tiny_mce/plugins/tinybrowser/upload.php: CompactCMS or B-Hind CMS/FCKeditor File upload (401 Unauthorized)
| /html/news_fckeditor/editor/filemanager/upload/php/upload.php: cardinalCms/FCKeditor File upload (401 Unauthorized)
| /uploadsnaps.php: ZeeMatri/File upload (401 Unauthorized)
| /upload/includes/js/files/upload.php: Digital College/File upload (401 Unauthorized)
| /tinybrowser/upload.php: Tinybrowser Remote File Upload (401 Unauthorized)
| /photogallery_open.php: Heaven Soft CMS (401 Unauthorized)
| /Final/login/ava_upl.php: CH-CMS (401 Unauthorized)
| /Final/login/ava_upl2.php: CH-CMS (401 Unauthorized)
| /spaw/demo.php: SpawCMS/Remote File upload (401 Unauthorized)
| /admin/jscript/upload.php: Lizard Cart/Remote File upload (401 Unauthorized)
| /infusions/avatar_studio/avatar_studio.php: PHP-Fusion Mod avatar_studio (401 Unauthorized)
| /bnnr.php: vBulletin ads_saed (401 Unauthorized)
| /vb/bnnr.php: vBulletin ads_saed (401 Unauthorized)
| /forum/bnnr.php: vBulletin ads_saed (401 Unauthorized)
| /weblink_cat_list.php: WHMCompleteSolution CMS (401 Unauthorized)
|_ /typo3/index.php: Typo3 Installation (401 Unauthorized)
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-errors:
| Spidering limited to: maxpagecount=40; withinhost=store.hat-valley.htb
| Found the following error pages:
|
| Error Code: 416
|_ http://store.hat-valley.htb:80/
|_http-feed: Couldn't find any feeds.
|_http-malware-host: Host appears to be clean
|_http-title: 416 Requested Range Not Satisfiable
|_http-mobileversion-checker: No mobile version detected.
| http-useragent-tester:
| Status for browser useragent: 401
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-comments-displayer: Couldn't find any comments.
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-headers:
| Server: nginx/1.18.0 (Ubuntu)
| Date: Thu, 09 Feb 2023 12:01:02 GMT
| Content-Type: text/html
| Content-Length: 206
| Connection: close
| Content-Range: bytes */132
|
|_ (Request type: GET)
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
| http-vhosts:
|_128 names had status 200
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-methods:
|_ Supported Methods: GET HEAD POST
| http-auth:
| HTTP/1.1 401 Unauthorized\x0D
|_ Basic realm=Restricted
|_http-date: Thu, 09 Feb 2023 12:01:02 GMT; -1s from local time.
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Feb 9 13:02:12 2023 -- 1 IP address (1 host up) scanned in 77.57 seconds

BIN
HTB/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 421 KiB

0
HTB/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_store.hat-valley.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

41
HTB/awkward/results/store.hat-valley.htb/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,41 @@
WhatWeb report for http://store.hat-valley.htb/
Status : 401 Unauthorized
Title : 401 Authorization Required
IP : 10.10.11.185
Country : RESERVED, ZZ
Summary : HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], nginx[1.18.0], WWW-Authenticate[Restricted][Basic]
Detected Plugins:
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : nginx/1.18.0 (Ubuntu) (from server string)
[ WWW-Authenticate ]
This plugin identifies the WWW-Authenticate HTTP header and
extracts the authentication method and realm.
Module : Basic
String : Restricted
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.18.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 401 Unauthorized
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 09 Feb 2023 12:00:56 GMT
Content-Type: text/html
Content-Length: 188
Connection: close
WWW-Authenticate: Basic realm="Restricted"

81
HTB/awkward/results/store.hat-valley.htb/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

File diff suppressed because one or more lines are too long

122
HTB/awkward/results/store.hat-valley.htb/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,122 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Thu Feb 9 13:00:26 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_full_tcp_nmap.xml store.hat-valley.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/_full_tcp_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_full_tcp_nmap.xml store.hat-valley.htb" start="1675944026" startstr="Thu Feb 9 13:00:26 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675944027"/>
<taskend task="NSE" time="1675944027"/>
<taskbegin task="NSE" time="1675944027"/>
<taskend task="NSE" time="1675944027"/>
<taskbegin task="NSE" time="1675944027"/>
<taskend task="NSE" time="1675944027"/>
<taskbegin task="SYN Stealth Scan" time="1675944027"/>
<taskend task="SYN Stealth Scan" time="1675944036" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1675944036"/>
<taskend task="Service scan" time="1675944042" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1675944046"/>
<taskend task="Traceroute" time="1675944046"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675944046"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675944057"/>
<taskbegin task="NSE" time="1675944057"/>
<taskend task="NSE" time="1675944062"/>
<taskbegin task="NSE" time="1675944062"/>
<taskend task="NSE" time="1675944062"/>
<taskbegin task="NSE" time="1675944062"/>
<taskend task="NSE" time="1675944062"/>
<host starttime="1675944027" endtime="1675944062"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="store.hat-valley.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65533">
<extrareasons reason="reset" count="65533" proto="tcp" ports="1-21,23-79,81-65535"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=&#xa; 256 59365bba3c7821e326b37d23605aec38 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy"><table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=</elem>
<elem key="fingerprint">7254afbaf6e2835941b7cd611c2f418b</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy</elem>
<elem key="fingerprint">59365bba3c7821e326b37d23605aec38</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-title" output="401 Authorization Required"><elem key="title">401 Authorization Required</elem>
</script><script id="http-auth" output="&#xa;HTTP/1.1 401 Unauthorized&#xd;&#xa; Basic realm=Restricted&#xa;"><table>
<table key="params">
<elem key="realm">Restricted</elem>
</table>
<elem key="scheme">Basic</elem>
</table>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
</table>
</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
</script></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<osmatch name="Linux 4.15 - 5.6" accuracy="94" line="67238">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.3 - 5.4" accuracy="94" line="68140">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="94" line="55653">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.3" accuracy="93" line="68082">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1" accuracy="93" line="62917">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.1</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.2" accuracy="93" line="64664">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.2</cpe></osclass>
</osmatch>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="92" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="92"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0" accuracy="91" line="68042">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:5.0</cpe></osclass>
</osmatch>
<osmatch name="Crestron XPanel control system" accuracy="91" line="19543">
<osclass type="specialized" vendor="Crestron" osfamily="2-Series" accuracy="91"><cpe>cpe:/o:crestron:2_series</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.39 - 3.2" accuracy="90" line="58264">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:2.6</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:3</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/9%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E4E07E%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=106%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A)&#xa;OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=40%CD=S)&#xa;"/>
</os>
<uptime seconds="1166920" lastboot="Fri Jan 27 00:52:22 2023"/>
<distance value="2"/>
<tcpsequence index="262" difficulty="Good luck!" values="D36D7E71,AFA19A53,F5A42194,43FC70D4,C1F6C45E,CA1A1626"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="458D89FF,458D8A64,458D8AC8,458D8B2D,458D8B91,458D8BF6"/>
<trace port="199" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="39.76"/>
<hop ttl="2" ipaddr="10.10.11.185" rtt="87.03" host="awkward.htb"/>
</trace>
<times srtt="59858" rttvar="30234" to="180794"/>
</host>
<taskbegin task="NSE" time="1675944062"/>
<taskend task="NSE" time="1675944062"/>
<taskbegin task="NSE" time="1675944062"/>
<taskend task="NSE" time="1675944062"/>
<taskbegin task="NSE" time="1675944062"/>
<taskend task="NSE" time="1675944062"/>
<runstats><finished time="1675944062" timestr="Thu Feb 9 13:01:02 2023" summary="Nmap done at Thu Feb 9 13:01:02 2023; 1 IP address (1 host up) scanned in 36.22 seconds" elapsed="36.22" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

121
HTB/awkward/results/store.hat-valley.htb/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,121 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Thu Feb 9 13:00:26 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_quick_tcp_nmap.xml store.hat-valley.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_quick_tcp_nmap.xml store.hat-valley.htb" start="1675944026" startstr="Thu Feb 9 13:00:26 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675944027"/>
<taskend task="NSE" time="1675944027"/>
<taskbegin task="NSE" time="1675944027"/>
<taskend task="NSE" time="1675944027"/>
<taskbegin task="NSE" time="1675944027"/>
<taskend task="NSE" time="1675944027"/>
<taskbegin task="SYN Stealth Scan" time="1675944027"/>
<taskend task="SYN Stealth Scan" time="1675944027" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1675944027"/>
<taskend task="Service scan" time="1675944033" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1675944037"/>
<taskend task="Traceroute" time="1675944037"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675944037"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675944048"/>
<taskbegin task="NSE" time="1675944048"/>
<taskend task="NSE" time="1675944054"/>
<taskbegin task="NSE" time="1675944054"/>
<taskend task="NSE" time="1675944054"/>
<taskbegin task="NSE" time="1675944054"/>
<taskend task="NSE" time="1675944054"/>
<host starttime="1675944027" endtime="1675944054"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="store.hat-valley.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="998">
<extrareasons reason="reset" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.9p1 Ubuntu 3" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 256 7254afbaf6e2835941b7cd611c2f418b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=&#xa; 256 59365bba3c7821e326b37d23605aec38 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy"><table>
<elem key="fingerprint">7254afbaf6e2835941b7cd611c2f418b</elem>
<elem key="bits">256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMaN1wQtPg5uk2w3xD0d0ND6JQgzw40PoqCSBDGB7Q0/f5lQSGU2eSTw4uCdL99hdM/+Uv84ffp2tNkCXyV8l8=</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
</table>
<table>
<elem key="fingerprint">59365bba3c7821e326b37d23605aec38</elem>
<elem key="bits">256</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIFsq9sSC1uhq5CBWylh+yiC7jz4tuegMj/4FVTp6bzZy</elem>
<elem key="type">ssh-ed25519</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-title" output="401 Authorization Required"><elem key="title">401 Authorization Required</elem>
</script><script id="http-auth" output="&#xa;HTTP/1.1 401 Unauthorized&#xd;&#xa; Basic realm=Restricted&#xa;"><table>
<table key="params">
<elem key="realm">Restricted</elem>
</table>
<elem key="scheme">Basic</elem>
</table>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
</table>
</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
</script></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<osmatch name="Linux 4.15 - 5.6" accuracy="94" line="67238">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.3" accuracy="93" line="68082">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.3 - 5.4" accuracy="93" line="68140">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="93" line="55653">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1" accuracy="93" line="62917">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.1</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.2" accuracy="93" line="64664">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.2</cpe></osclass>
</osmatch>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="92" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="92"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="92"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0" accuracy="91" line="68042">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:5.0</cpe></osclass>
</osmatch>
<osmatch name="Crestron XPanel control system" accuracy="91" line="19543">
<osclass type="specialized" vendor="Crestron" osfamily="2-Series" accuracy="91"><cpe>cpe:/o:crestron:2_series</cpe></osclass>
</osmatch>
<osmatch name="Adtran 424RG FTTH gateway" accuracy="90" line="1576">
<osclass type="specialized" vendor="Adtran" osfamily="embedded" accuracy="90"><cpe>cpe:/h:adtran:424rg</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/9%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E4E076%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=109%GCD=1%ISR=109%TI=Z%TS=A)&#xa;SEQ(SP=109%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)&#xa;OPS(O1=M54BST11NW7%O2=M54BST11NW7%O3=M54BNNT11NW7%O4=M54BST11NW7%O5=M54BST11NW7%O6=M54BST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=N)&#xa;ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M54BNNSNW7%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=N)&#xa;T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=N)&#xa;T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=40%CD=S)&#xa;"/>
</os>
<uptime seconds="1166913" lastboot="Fri Jan 27 00:52:21 2023"/>
<distance value="2"/>
<tcpsequence index="265" difficulty="Good luck!" values="34052A0C,A259B1CF,A60E5CAB,8F69DB3D,B8F8DD9,EF22EDD9"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="458D68E6,458D694C,458D69B0,458D6A15,458D6A79,458D6ADF"/>
<trace port="111" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="52.75"/>
<hop ttl="2" ipaddr="10.10.11.185" rtt="52.77" host="awkward.htb"/>
</trace>
<times srtt="46376" rttvar="10235" to="100000"/>
</host>
<taskbegin task="NSE" time="1675944054"/>
<taskend task="NSE" time="1675944054"/>
<taskbegin task="NSE" time="1675944054"/>
<taskend task="NSE" time="1675944054"/>
<taskbegin task="NSE" time="1675944054"/>
<taskend task="NSE" time="1675944054"/>
<runstats><finished time="1675944054" timestr="Thu Feb 9 13:00:54 2023" summary="Nmap done at Thu Feb 9 13:00:54 2023; 1 IP address (1 host up) scanned in 27.80 seconds" elapsed="27.80" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

80
HTB/awkward/results/store.hat-valley.htb/scans/xml/_top_100_udp_nmap.xml Normal file
View File

@@ -0,0 +1,80 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Thu Feb 9 13:00:26 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_top_100_udp_nmap.xml store.hat-valley.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/kali/htb/awkward/results/store.hat-valley.htb/scans/_top_100_udp_nmap.txt -oX /home/kali/htb/awkward/results/store.hat-valley.htb/scans/xml/_top_100_udp_nmap.xml store.hat-valley.htb" start="1675944026" startstr="Thu Feb 9 13:00:26 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="udp" protocol="udp" numservices="100" services="7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675944027"/>
<taskend task="NSE" time="1675944027"/>
<taskbegin task="NSE" time="1675944027"/>
<taskend task="NSE" time="1675944027"/>
<taskbegin task="NSE" time="1675944027"/>
<taskend task="NSE" time="1675944027"/>
<taskbegin task="UDP Scan" time="1675944027"/>
<taskend task="UDP Scan" time="1675944107" extrainfo="100 total ports"/>
<taskbegin task="Service scan" time="1675944107"/>
<taskprogress task="Service scan" time="1675944168" percent="4.76" remaining="1220" etc="1675945388"/>
<taskend task="Service scan" time="1675944205" extrainfo="21 services on 1 host"/>
<taskbegin task="Traceroute" time="1675944208"/>
<taskend task="Traceroute" time="1675944210"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1675944210"/>
<taskend task="Parallel DNS resolution of 1 host." time="1675944221"/>
<taskbegin task="NSE" time="1675944221"/>
<taskprogress task="NSE" time="1675944252" percent="99.34" remaining="1" etc="1675944252"/>
<taskend task="NSE" time="1675944278"/>
<taskbegin task="NSE" time="1675944278"/>
<taskend task="NSE" time="1675944279"/>
<taskbegin task="NSE" time="1675944279"/>
<taskend task="NSE" time="1675944279"/>
<host starttime="1675944027" endtime="1675944279"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.185" addrtype="ipv4"/>
<hostnames>
<hostname name="store.hat-valley.htb" type="user"/>
<hostname name="awkward.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="79">
<extrareasons reason="port-unreach" count="79" proto="udp" ports="7,9,17,49,53,67,69,80,111,120,123,135-139,161-162,177,427,443,445,497,514-515,518,520,593,626,631,996-999,1022-1023,1026-1028,1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,3283,3456,3703,4444,5000,5060,5632,10000,17185,30718,32768,32771,32815,49152-49154,49156,49181-49182,49185-49186,49190-49192,49194,49200"/>
</extraports>
<port protocol="udp" portid="19"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="chargen" method="table" conf="3"/></port>
<port protocol="udp" portid="68"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="dhcpc" method="table" conf="3"/></port>
<port protocol="udp" portid="88"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="kerberos-sec" method="table" conf="3"/></port>
<port protocol="udp" portid="158"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="pcmail-srv" method="table" conf="3"/></port>
<port protocol="udp" portid="500"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
<port protocol="udp" portid="623"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="asf-rmcp" method="table" conf="3"/></port>
<port protocol="udp" portid="1025"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="blackjack" method="table" conf="3"/></port>
<port protocol="udp" portid="1029"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="solid-mux" method="table" conf="3"/></port>
<port protocol="udp" portid="2222"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="msantipiracy" method="table" conf="3"/></port>
<port protocol="udp" portid="2223"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="rockwell-csp2" method="table" conf="3"/></port>
<port protocol="udp" portid="4500"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="nat-t-ike" method="table" conf="3"/></port>
<port protocol="udp" portid="5353"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="zeroconf" method="table" conf="3"/></port>
<port protocol="udp" portid="9200"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="wap-wsp" method="table" conf="3"/></port>
<port protocol="udp" portid="20031"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="bakbonenetvault" method="table" conf="3"/></port>
<port protocol="udp" portid="31337"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="BackOrifice" method="table" conf="3"/></port>
<port protocol="udp" portid="32769"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="filenet-rpc" method="table" conf="3"/></port>
<port protocol="udp" portid="33281"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49188"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49193"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49201"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="65024"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
</ports>
<os><portused state="closed" proto="udp" portid="7"/>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/9%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E4E157%P=x86_64-pc-linux-gnu)&#xa;SEQ(CI=Z)&#xa;T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)&#xa;IE(R=Y%DFI=N%T=40%CD=S)&#xa;"/>
</os>
<distance value="2"/>
<trace port="515" proto="udp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="36.67"/>
<hop ttl="2" ipaddr="10.10.11.185" rtt="32.78" host="awkward.htb"/>
</trace>
<times srtt="31311" rttvar="3245" to="100000"/>
</host>
<taskbegin task="NSE" time="1675944279"/>
<taskend task="NSE" time="1675944279"/>
<taskbegin task="NSE" time="1675944279"/>
<taskend task="NSE" time="1675944279"/>
<taskbegin task="NSE" time="1675944279"/>
<taskend task="NSE" time="1675944279"/>
<runstats><finished time="1675944279" timestr="Thu Feb 9 13:04:39 2023" summary="Nmap done at Thu Feb 9 13:04:39 2023; 1 IP address (1 host up) scanned in 253.38 seconds" elapsed="253.38" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>