simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
HTB/bagel/results/bagel.htb/scans/tcp8000/xml/tcp_8000_http_nmap.xml Normal file
View File

@@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Feb 19 22:40:48 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 8000 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/simon/htb/bagel/results/bagel.htb/scans/tcp8000/tcp_8000_http_nmap.txt -oX /home/simon/htb/bagel/results/bagel.htb/scans/tcp8000/xml/tcp_8000_http_nmap.xml bagel.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 8000 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/simon/htb/bagel/results/bagel.htb/scans/tcp8000/tcp_8000_http_nmap.txt -oX /home/simon/htb/bagel/results/bagel.htb/scans/tcp8000/xml/tcp_8000_http_nmap.xml bagel.htb" start="1676842848" startstr="Sun Feb 19 22:40:48 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="8000"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1676842850"/>
<taskend task="NSE" time="1676842850"/>
<taskbegin task="NSE" time="1676842850"/>
<taskend task="NSE" time="1676842850"/>
<taskbegin task="NSE" time="1676842850"/>
<taskend task="NSE" time="1676842850"/>
<taskbegin task="SYN Stealth Scan" time="1676842850"/>
<taskend task="SYN Stealth Scan" time="1676842851" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1676842851"/>
<taskend task="Service scan" time="1676842947" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1676842947"/>
<taskprogress task="NSE" time="1676842978" percent="98.98" remaining="1" etc="1676842978"/>
<taskprogress task="NSE" time="1676843008" percent="98.98" remaining="1" etc="1676843009"/>
<taskprogress task="NSE" time="1676843038" percent="99.66" remaining="1" etc="1676843038"/>
<taskprogress task="NSE" time="1676843068" percent="99.66" remaining="1" etc="1676843068"/>
<taskprogress task="NSE" time="1676843098" percent="99.66" remaining="1" etc="1676843099"/>
<taskprogress task="NSE" time="1676843128" percent="99.66" remaining="1" etc="1676843129"/>
<taskprogress task="NSE" time="1676843158" percent="99.66" remaining="1" etc="1676843159"/>
<taskprogress task="NSE" time="1676843188" percent="99.66" remaining="1" etc="1676843189"/>
<taskprogress task="NSE" time="1676843218" percent="99.66" remaining="1" etc="1676843219"/>
<taskprogress task="NSE" time="1676843248" percent="99.66" remaining="2" etc="1676843249"/>
<taskprogress task="NSE" time="1676843278" percent="99.66" remaining="2" etc="1676843279"/>
<taskprogress task="NSE" time="1676843308" percent="99.66" remaining="2" etc="1676843309"/>
<taskprogress task="NSE" time="1676843338" percent="99.66" remaining="2" etc="1676843339"/>
<taskprogress task="NSE" time="1676843368" percent="99.66" remaining="2" etc="1676843369"/>
<taskprogress task="NSE" time="1676843398" percent="99.66" remaining="2" etc="1676843400"/>
<taskprogress task="NSE" time="1676843428" percent="99.66" remaining="2" etc="1676843430"/>
<taskprogress task="NSE" time="1676843458" percent="99.66" remaining="2" etc="1676843460"/>
<taskend task="NSE" time="1676843486"/>
<taskbegin task="NSE" time="1676843486"/>
<taskend task="NSE" time="1676843489"/>
<taskbegin task="NSE" time="1676843489"/>
<taskend task="NSE" time="1676843489"/>
<host starttime="1676842850" endtime="1676843489"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.132.58" addrtype="ipv4"/>
<hostnames>
<hostname name="bagel.htb" type="user"/>
<hostname name="bagel.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http-alt" product="Werkzeug/2.2.2 Python/3.10.9" servicefp="SF-Port8000-TCP:V=7.93%I=7%D=2/19%Time=63F29769%P=x86_64-pc-linux-gnu%r(GetRequest,1EA,&quot;HTTP/1\.1\x20302\x20FOUND\r\nServer:\x20Werkzeug/2\.2\.2\x20Python/3\.10\.9\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:40:54\x20GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20263\r\nLocation:\x20http://bagel\.htb:8000/\?page=index\.html\r\nConnection:\x20close\r\n\r\n&lt;!doctype\x20html&gt;\n&lt;html\x20lang=en&gt;\n&lt;title&gt;Redirecting\.\.\.&lt;/title&gt;\n&lt;h1&gt;Redirecting\.\.\.&lt;/h1&gt;\n&lt;p&gt;You\x20should\x20be\x20redirected\x20automatically\x20to\x20the\x20target\x20URL:\x20&lt;a\x20href=\&quot;http://bagel\.htb:8000/\?page=index\.html\&quot;&gt;http://bagel\.htb:8000/\?page=index\.html&lt;/a&gt;\.\x20If\x20not,\x20click\x20the\x20link\.\n&quot;)%r(FourOhFourRequest,184,&quot;HTTP/1\.1\x20404\x20NOT\x20FOUND\r\nServer:\x20Werkzeug/2\.2\.2\x20Python/3\.10\.9\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:41:00\x20GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20207\r\nConnection:\x20close\r\n\r\n&lt;!doctype\x20html&gt;\n&lt;html\x20lang=en&gt;\n&lt;title&gt;404\x20Not\x20Found&lt;/title&gt;\n&lt;h1&gt;Not\x20Found&lt;/h1&gt;\n&lt;p&gt;The\x20requested\x20URL\x20was\x20not\x20found\x20on\x20the\x20server\.\x20If\x20you\x20entered\x20the\x20URL\x20manually\x20please\x20check\x20your\x20spelling\x20and\x20try\x20again\.&lt;/p&gt;\n&quot;)%r(Socks5,213,&quot;&lt;!DOCTYPE\x20HTML\x20PUBLIC\x20\&quot;-//W3C//DTD\x20HTML\x204\.01//EN\&quot;\n\x20\x20\x20\x20\x20\x20\x20\x20\&quot;http://www\.w3\.org/TR/html4/strict\.dtd\&quot;&gt;\n&lt;html&gt;\n\x20\x20\x20\x20&lt;head&gt;\n\x20\x20\x20\x20\x20\x20\x20\x20&lt;meta\x20http-equiv=\&quot;Content-Type\&quot;\x20content=\&quot;text/html;charset=utf-8\&quot;&gt;\n\x20\x20\x20\x20\x20\x20\x20\x20&lt;title&gt;Error\x20response&lt;/title&gt;\n\x20\x20\x20\x20&lt;/head&gt;\n\x20\x20\x20\x20&lt;body&gt;\n\x20\x20\x20\x20\x20\x20\x20\x20&lt;h1&gt;Error\x20response&lt;/h1&gt;\n\x20\x20\x20\x20\x20\x20\x20\x20&lt;p&gt;Error\x20code:\x20400&lt;/p&gt;\n\x20\x20\x20\x20\x20\x20\x20\x20&lt;p&gt;Message:\x20Bad\x20request\x20syntax\x20\(&apos;\\x05\\x04\\x00\\x01\\x02\\x80\\x05\\x01\\x00\\x03&apos;\)\.&lt;/p&gt;\n\x20\x20\x20\x20\x20\x20\x20\x20&lt;p&gt;Error\x20code\x20explanation:\x20HTTPStatus\.BAD_REQUEST\x20-\x20Bad\x20request\x20syntax\x20or\x20unsupported\x20method\.&lt;/p&gt;\n\x20\x20\x20\x20&lt;/body&gt;\n&lt;/html&gt;\n&quot;);" method="probed" conf="10"/><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="fingerprint-strings" output="&#xa; FourOhFourRequest: &#xa; HTTP/1.1 404 NOT FOUND&#xa; Server: Werkzeug/2.2.2 Python/3.10.9&#xa; Date: Sun, 19 Feb 2023 21:41:00 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 207&#xa; Connection: close&#xa; &lt;!doctype html&gt;&#xa; &lt;html lang=en&gt;&#xa; &lt;title&gt;404 Not Found&lt;/title&gt;&#xa; &lt;h1&gt;Not Found&lt;/h1&gt;&#xa; &lt;p&gt;The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.&lt;/p&gt;&#xa; GetRequest: &#xa; HTTP/1.1 302 FOUND&#xa; Server: Werkzeug/2.2.2 Python/3.10.9&#xa; Date: Sun, 19 Feb 2023 21:40:54 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 263&#xa; Location: http://bagel.htb:8000/?page=index.html&#xa; Connection: close&#xa; &lt;!doctype html&gt;&#xa; &lt;html lang=en&gt;&#xa; &lt;title&gt;Redirecting...&lt;/title&gt;&#xa; &lt;h1&gt;Redirecting...&lt;/h1&gt;&#xa; &lt;p&gt;You should be redirected automatically to the target URL: &lt;a href=&quot;http://bagel.htb:8000/?page=index.html&quot;&gt;http://bagel.htb:8000/?page=index.html&lt;/a&gt;. If not, click the link.&#xa; Socks5: &#xa; &lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01//EN&quot;&#xa; &quot;http://www.w3.org/TR/html4/strict.dtd&quot;&gt;&#xa; &lt;html&gt;&#xa; &lt;head&gt;&#xa; &lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html;charset=utf-8&quot;&gt;&#xa; &lt;title&gt;Error response&lt;/title&gt;&#xa; &lt;/head&gt;&#xa; &lt;body&gt;&#xa; &lt;h1&gt;Error response&lt;/h1&gt;&#xa; &lt;p&gt;Error code: 400&lt;/p&gt;&#xa; &lt;p&gt;Message: Bad request syntax (&apos;&#xa; &apos;).&lt;/p&gt;&#xa; &lt;p&gt;Error code explanation: HTTPStatus.BAD_REQUEST - Bad request syntax or unsupported method.&lt;/p&gt;&#xa; &lt;/body&gt;&#xa; &lt;/html&gt;"><elem key="FourOhFourRequest">&#xa; HTTP/1.1 404 NOT FOUND&#xa; Server: Werkzeug/2.2.2 Python/3.10.9&#xa; Date: Sun, 19 Feb 2023 21:41:00 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 207&#xa; Connection: close&#xa; &lt;!doctype html&gt;&#xa; &lt;html lang=en&gt;&#xa; &lt;title&gt;404 Not Found&lt;/title&gt;&#xa; &lt;h1&gt;Not Found&lt;/h1&gt;&#xa; &lt;p&gt;The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.&lt;/p&gt;</elem>
<elem key="GetRequest">&#xa; HTTP/1.1 302 FOUND&#xa; Server: Werkzeug/2.2.2 Python/3.10.9&#xa; Date: Sun, 19 Feb 2023 21:40:54 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 263&#xa; Location: http://bagel.htb:8000/?page=index.html&#xa; Connection: close&#xa; &lt;!doctype html&gt;&#xa; &lt;html lang=en&gt;&#xa; &lt;title&gt;Redirecting...&lt;/title&gt;&#xa; &lt;h1&gt;Redirecting...&lt;/h1&gt;&#xa; &lt;p&gt;You should be redirected automatically to the target URL: &lt;a href=&quot;http://bagel.htb:8000/?page=index.html&quot;&gt;http://bagel.htb:8000/?page=index.html&lt;/a&gt;. If not, click the link.</elem>
<elem key="Socks5">&#xa; &lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01//EN&quot;&#xa; &quot;http://www.w3.org/TR/html4/strict.dtd&quot;&gt;&#xa; &lt;html&gt;&#xa; &lt;head&gt;&#xa; &lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html;charset=utf-8&quot;&gt;&#xa; &lt;title&gt;Error response&lt;/title&gt;&#xa; &lt;/head&gt;&#xa; &lt;body&gt;&#xa; &lt;h1&gt;Error response&lt;/h1&gt;&#xa; &lt;p&gt;Error code: 400&lt;/p&gt;&#xa; &lt;p&gt;Message: Bad request syntax (&apos;&#xa; &apos;).&lt;/p&gt;&#xa; &lt;p&gt;Error code explanation: HTTPStatus.BAD_REQUEST - Bad request syntax or unsupported method.&lt;/p&gt;&#xa; &lt;/body&gt;&#xa; &lt;/html&gt;</elem>
</script><script id="http-vhosts" output="&#xa;128 names had status 302"/><script id="http-passwd" output="Directory traversal found.&#xa;Payload: &quot;%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd&quot;&#xa;Printing first 250 bytes:&#xa;root:x:0:0:root:/root:/bin/bash&#xa;bin:x:1:1:bin:/bin:/sbin/nologin&#xa;daemon:x:2:2:daemon:/sbin:/sbin/nologin&#xa;adm:x:3:4:adm:/var/adm:/sbin/nologin&#xa;lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin&#xa;sync:x:5:0:sync:/sbin:/bin/sync&#xa;shutdown:x:6:0:shutdown:/sbin:/sbin"/><script id="http-server-header" output="Werkzeug/2.2.2 Python/3.10.9"><elem>Werkzeug/2.2.2 Python/3.10.9</elem>
</script><script id="http-chrono" output="Request times for /; avg: 325.48ms; min: 304.48ms; max: 370.37ms"/><script id="http-malware-host" output="Host appears to be clean"/><script id="http-headers" output="&#xa; Server: Werkzeug/2.2.2 Python/3.10.9&#xa; Date: Sun, 19 Feb 2023 21:42:26 GMT&#xa; Content-Disposition: inline; filename=index.html&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 8698&#xa; Last-Modified: Thu, 26 Jan 2023 17:40:39 GMT&#xa; Cache-Control: no-cache&#xa; ETag: &quot;1674754839.6421967-8698-149884447&quot;&#xa; Date: Sun, 19 Feb 2023 21:42:26 GMT&#xa; Connection: close&#xa; &#xa; (Request type: HEAD)&#xa;"/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-title" output="Bagel &amp;mdash; Free Website Template, Free HTML5 Template by fr...&#xa;Requested resource was http://bagel.htb:8000/?page=index.html"><elem key="title">Bagel &amp;mdash; Free Website Template, Free HTML5 Template by freehtml5.co</elem>
<elem key="redirect_url">http://bagel.htb:8000/?page=index.html</elem>
</script><script id="http-litespeed-sourcecode-download" output="Page: /index.php was not found. Try with an existing file."/><script id="http-methods" output="&#xa; Supported Methods: OPTIONS HEAD GET"><table key="Supported Methods">
<elem>OPTIONS</elem>
<elem>HEAD</elem>
<elem>GET</elem>
</table>
</script><script id="http-waf-detect" output="IDS/IPS/WAF detected:&#xa;bagel.htb:8000/?p4yl04d3=&lt;script&gt;alert(document.cookie)&lt;/script&gt;"/><script id="http-php-version" output="Logo query returned unknown hash 91a775c1133a6a0e6a2427a19819309f&#xa;Credits query returned unknown hash 91a775c1133a6a0e6a2427a19819309f"/></port>
</ports>
<times srtt="224891" rttvar="224891" to="1124455"/>
</host>
<taskbegin task="NSE" time="1676843489"/>
<taskend task="NSE" time="1676843489"/>
<taskbegin task="NSE" time="1676843489"/>
<taskend task="NSE" time="1676843489"/>
<taskbegin task="NSE" time="1676843489"/>
<taskend task="NSE" time="1676843489"/>
<runstats><finished time="1676843489" timestr="Sun Feb 19 22:51:29 2023" summary="Nmap done at Sun Feb 19 22:51:29 2023; 1 IP address (1 host up) scanned in 641.14 seconds" elapsed="641.14" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>