init htb

old htb folders
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
--- a/HTB/broscience/results/scans/tcp80/tcp_80_http_broscience.htb_vhosts_subdomains-top1million-110000.txt
+++ b/HTB/broscience/results/scans/tcp80/tcp_80_http_broscience.htb_vhosts_subdomains-top1million-110000.txt
--- a/HTB/broscience/results/scans/tcp80/tcp_80_http_curl-robots.txt
+++ b/HTB/broscience/results/scans/tcp80/tcp_80_http_curl-robots.txt
@@ -0,0 +1,16 @@
+HTTP/1.1 301 Moved Permanently
+Date: Wed, 01 Feb 2023 16:50:15 GMT
+Server: Apache/2.4.54 (Debian)
+Location: https://broscience.htb/robots.txt
+Content-Length: 319
+Content-Type: text/html; charset=iso-8859-1
+
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>301 Moved Permanently</title>
+</head><body>
+<h1>Moved Permanently</h1>
+<p>The document has moved <a href="https://broscience.htb/robots.txt">here</a>.</p>
+<hr>
+<address>Apache/2.4.54 (Debian) Server at 10.10.11.195 Port 80</address>
+</body></html>
--- a/HTB/broscience/results/scans/tcp80/tcp_80_http_curl.html
+++ b/HTB/broscience/results/scans/tcp80/tcp_80_http_curl.html
@@ -0,0 +1,16 @@
+HTTP/1.1 301 Moved Permanently
+Date: Wed, 01 Feb 2023 16:50:15 GMT
+Server: Apache/2.4.54 (Debian)
+Location: https://broscience.htb/
+Content-Length: 309
+Content-Type: text/html; charset=iso-8859-1
+
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>301 Moved Permanently</title>
+</head><body>
+<h1>Moved Permanently</h1>
+<p>The document has moved <a href="https://broscience.htb/">here</a>.</p>
+<hr>
+<address>Apache/2.4.54 (Debian) Server at 10.10.11.195 Port 80</address>
+</body></html>
--- a/HTB/broscience/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
+++ b/HTB/broscience/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
--- a/HTB/broscience/results/scans/tcp80/tcp_80_http_known-security.txt
+++ b/HTB/broscience/results/scans/tcp80/tcp_80_http_known-security.txt
@@ -0,0 +1,16 @@
+HTTP/1.1 301 Moved Permanently
+Date: Wed, 01 Feb 2023 16:50:15 GMT
+Server: Apache/2.4.54 (Debian)
+Location: https://broscience.htb/.well-known/security.txt
+Content-Length: 333
+Content-Type: text/html; charset=iso-8859-1
+
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>301 Moved Permanently</title>
+</head><body>
+<h1>Moved Permanently</h1>
+<p>The document has moved <a href="https://broscience.htb/.well-known/security.txt">here</a>.</p>
+<hr>
+<address>Apache/2.4.54 (Debian) Server at 10.10.11.195 Port 80</address>
+</body></html>
--- a/HTB/broscience/results/scans/tcp80/tcp_80_http_nmap.txt
+++ b/HTB/broscience/results/scans/tcp80/tcp_80_http_nmap.txt
@@ -0,0 +1,82 @@
+# Nmap 7.93 scan initiated Wed Feb  1 17:50:14 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/broscience/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/broscience/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.195
+Nmap scan report for broscience.htb (10.10.11.195)
+Host is up, received user-set (0.032s latency).
+Scanned at 2023-02-01 17:50:14 CET for 41s
+
+PORT   STATE SERVICE REASON         VERSION
+80/tcp open  http    syn-ack ttl 63 Apache httpd 2.4.54
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-passwd: ERROR: Script execution failed (use -d to debug)
+|_http-vuln-cve2013-7091: ERROR: Script execution failed (use -d to debug)
+|_http-malware-host: Host appears to be clean
+|_http-server-header: Apache/2.4.54 (Debian)
+|_http-fetch: Please enter the complete path of the directory to save data in.
+|_http-referer-checker: Couldn't find any cross-domain scripts.
+|_http-feed: Couldn't find any feeds.
+|_http-title: Did not follow redirect to https://broscience.htb/
+| http-useragent-tester: 
+|   Status for browser useragent: 200
+|   Redirected To: https://broscience.htb/
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+|_http-mobileversion-checker: No mobile version detected.
+|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
+| http-vhosts: 
+|_128 names had status 301
+|_http-comments-displayer: Couldn't find any comments.
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+| http-methods: 
+|_  Supported Methods: GET HEAD POST OPTIONS
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+| http-sitemap-generator: 
+|   Directory structure:
+|   Longest directory structure:
+|     Depth: 0
+|     Dir: /
+|   Total files found (by extension):
+|_    
+| http-security-headers: 
+|   Cache_Control: 
+|     Header: Cache-Control: no-store, no-cache, must-revalidate
+|   Pragma: 
+|     Header: Pragma: no-cache
+|   Expires: 
+|_    Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT
+|_http-chrono: Request times for /; avg: 307.69ms; min: 157.39ms; max: 507.13ms
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+| http-headers: 
+|   Date: Wed, 01 Feb 2023 16:50:40 GMT
+|   Server: Apache/2.4.54 (Debian)
+|   Location: https://broscience.htb/
+|   Content-Length: 311
+|   Connection: close
+|   Content-Type: text/html; charset=iso-8859-1
+|   
+|_  (Request type: GET)
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-errors: Couldn't find any error pages.
+|_http-date: Wed, 01 Feb 2023 16:50:32 GMT; 0s from local time.
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Feb  1 17:50:55 2023 -- 1 IP address (1 host up) scanned in 41.47 seconds
--- a/HTB/broscience/results/scans/tcp80/tcp_80_http_screenshot.png
+++ b/HTB/broscience/results/scans/tcp80/tcp_80_http_screenshot.png
--- a/HTB/broscience/results/scans/tcp80/tcp_80_http_whatweb.txt
+++ b/HTB/broscience/results/scans/tcp80/tcp_80_http_whatweb.txt
@@ -0,0 +1,97 @@
+WhatWeb report for http://10.10.11.195:80
+Status    : 301 Moved Permanently
+Title     : 301 Moved Permanently
+IP        : 10.10.11.195
+Country   : RESERVED, ZZ
+
+Summary   : Apache[2.4.54], HTTPServer[Debian Linux][Apache/2.4.54 (Debian)], RedirectLocation[https://broscience.htb/]
+
+Detected Plugins:
+[ Apache ]
+	The Apache HTTP Server Project is an effort to develop and
+	maintain an open-source HTTP server for modern operating
+	systems including UNIX and Windows NT. The goal of this
+	project is to provide a secure, efficient and extensible
+	server that provides HTTP services in sync with the current
+	HTTP standards.
+
+	Version      : 2.4.54 (from HTTP Server Header)
+	Google Dorks: (3)
+	Website     : http://httpd.apache.org/
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Debian Linux
+	String       : Apache/2.4.54 (Debian) (from server string)
+
+[ RedirectLocation ]
+	HTTP Server string location. used with http-status 301 and
+	302
+
+	String       : https://broscience.htb/ (from location)
+
+HTTP Headers:
+	HTTP/1.1 301 Moved Permanently
+	Date: Wed, 01 Feb 2023 16:50:21 GMT
+	Server: Apache/2.4.54 (Debian)
+	Location: https://broscience.htb/
+	Content-Length: 309
+	Connection: close
+	Content-Type: text/html; charset=iso-8859-1
+
+WhatWeb report for https://broscience.htb/
+Status    : 200 OK
+Title     : BroScience : Home
+IP        : 10.10.11.195
+Country   : RESERVED, ZZ
+
+Summary   : Apache[2.4.54], Cookies[PHPSESSID], HTTPServer[Debian Linux][Apache/2.4.54 (Debian)], Script
+
+Detected Plugins:
+[ Apache ]
+	The Apache HTTP Server Project is an effort to develop and
+	maintain an open-source HTTP server for modern operating
+	systems including UNIX and Windows NT. The goal of this
+	project is to provide a secure, efficient and extensible
+	server that provides HTTP services in sync with the current
+	HTTP standards.
+
+	Version      : 2.4.54 (from HTTP Server Header)
+	Google Dorks: (3)
+	Website     : http://httpd.apache.org/
+
+[ Cookies ]
+	Display the names of cookies in the HTTP headers. The
+	values are not returned to save on space.
+
+	String       : PHPSESSID
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Debian Linux
+	String       : Apache/2.4.54 (Debian) (from server string)
+
+[ Script ]
+	This plugin detects instances of script HTML elements and
+	returns the script language/type.
+
+
+HTTP Headers:
+	HTTP/1.1 200 OK
+	Date: Wed, 01 Feb 2023 16:50:39 GMT
+	Server: Apache/2.4.54 (Debian)
+	Set-Cookie: PHPSESSID=mqqap7okl1bs60oanfo17fb97c; path=/
+	Expires: Thu, 19 Nov 1981 08:52:00 GMT
+	Cache-Control: no-store, no-cache, must-revalidate
+	Pragma: no-cache
+	Vary: Accept-Encoding
+	Content-Encoding: gzip
+	Content-Length: 1418
+	Connection: close
+	Content-Type: text/html; charset=UTF-8
+
+
--- a/HTB/broscience/results/scans/tcp80/xml/tcp_80_http_nmap.xml
+++ b/HTB/broscience/results/scans/tcp80/xml/tcp_80_http_nmap.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Wed Feb  1 17:50:14 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/broscience/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/broscience/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.195 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/broscience/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/broscience/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.195" start="1675270214" startstr="Wed Feb  1 17:50:14 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="80"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1675270214"/>
+<taskend task="NSE" time="1675270214"/>
+<taskbegin task="NSE" time="1675270214"/>
+<taskend task="NSE" time="1675270214"/>
+<taskbegin task="NSE" time="1675270214"/>
+<taskend task="NSE" time="1675270214"/>
+<taskbegin task="SYN Stealth Scan" time="1675270214"/>
+<taskend task="SYN Stealth Scan" time="1675270214" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1675270214"/>
+<taskend task="Service scan" time="1675270221" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1675270221"/>
+<taskprogress task="NSE" time="1675270252" percent="99.67" remaining="1" etc="1675270252"/>
+<taskend task="NSE" time="1675270255"/>
+<taskbegin task="NSE" time="1675270255"/>
+<taskend task="NSE" time="1675270255"/>
+<taskbegin task="NSE" time="1675270255"/>
+<taskend task="NSE" time="1675270255"/>
+<host starttime="1675270214" endtime="1675270255"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.195" addrtype="ipv4"/>
+<hostnames>
+<hostname name="broscience.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="Apache httpd" version="2.4.54" hostname="broscience.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.54</cpe></service><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-passwd" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-vuln-cve2013-7091" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-malware-host" output="Host appears to be clean"/><script id="http-server-header" output="Apache/2.4.54 (Debian)"><elem>Apache/2.4.54 (Debian)</elem>
+</script><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
+</script><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-title" output="Did not follow redirect to https://broscience.htb/"><elem key="redirect_url">https://broscience.htb/</elem>
+</script><script id="http-useragent-tester" output="&#xa;  Status for browser useragent: 200&#xa;  Redirected To: https://broscience.htb/&#xa;  Allowed User Agents: &#xa;    Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa;    libwww&#xa;    lwp-trivial&#xa;    libcurl-agent/1.0&#xa;    PHP/&#xa;    Python-urllib/2.5&#xa;    GT::WWW&#xa;    Snoopy&#xa;    MFC_Tear_Sample&#xa;    HTTP::Lite&#xa;    PHPCrawl&#xa;    URI::Fetch&#xa;    Zend_Http_Client&#xa;    http client&#xa;    PECL::HTTP&#xa;    Wget/1.13.4 (linux-gnu)&#xa;    WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
+<elem key="Redirected To">https://broscience.htb/</elem>
+<table key="Allowed User Agents">
+<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
+<elem>libwww</elem>
+<elem>lwp-trivial</elem>
+<elem>libcurl-agent/1.0</elem>
+<elem>PHP/</elem>
+<elem>Python-urllib/2.5</elem>
+<elem>GT::WWW</elem>
+<elem>Snoopy</elem>
+<elem>MFC_Tear_Sample</elem>
+<elem>HTTP::Lite</elem>
+<elem>PHPCrawl</elem>
+<elem>URI::Fetch</elem>
+<elem>Zend_Http_Client</elem>
+<elem>http client</elem>
+<elem>PECL::HTTP</elem>
+<elem>Wget/1.13.4 (linux-gnu)</elem>
+<elem>WWW-Mechanize/1.34</elem>
+</table>
+</script><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-vhosts" output="&#xa;128 names had status 301"/><script id="http-comments-displayer" output="Couldn&apos;t find any comments."/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+<elem>POST</elem>
+<elem>OPTIONS</elem>
+</table>
+</script><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-sitemap-generator" output="&#xa;  Directory structure:&#xa;  Longest directory structure:&#xa;    Depth: 0&#xa;    Dir: /&#xa;  Total files found (by extension):&#xa;    &#xa;"/><script id="http-security-headers" output="&#xa;  Cache_Control: &#xa;    Header: Cache-Control: no-store, no-cache, must-revalidate&#xa;  Pragma: &#xa;    Header: Pragma: no-cache&#xa;  Expires: &#xa;    Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT"><table key="Cache_Control">
+<elem>Header: Cache-Control: no-store, no-cache, must-revalidate</elem>
+</table>
+<table key="Pragma">
+<elem>Header: Pragma: no-cache</elem>
+</table>
+<table key="Expires">
+<elem>Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT</elem>
+</table>
+</script><script id="http-chrono" output="Request times for /; avg: 307.69ms; min: 157.39ms; max: 507.13ms"/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-headers" output="&#xa;  Date: Wed, 01 Feb 2023 16:50:40 GMT&#xa;  Server: Apache/2.4.54 (Debian)&#xa;  Location: https://broscience.htb/&#xa;  Content-Length: 311&#xa;  Connection: close&#xa;  Content-Type: text/html; charset=iso-8859-1&#xa;  &#xa;  (Request type: GET)&#xa;"/><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-date" output="Wed, 01 Feb 2023 16:50:32 GMT; 0s from local time."><elem key="date">2023-02-01T16:50:32+00:00</elem>
+<elem key="delta">0.0</elem>
+</script><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/></port>
+</ports>
+<times srtt="31501" rttvar="31501" to="157505"/>
+</host>
+<taskbegin task="NSE" time="1675270255"/>
+<taskend task="NSE" time="1675270255"/>
+<taskbegin task="NSE" time="1675270255"/>
+<taskend task="NSE" time="1675270255"/>
+<taskbegin task="NSE" time="1675270255"/>
+<taskend task="NSE" time="1675270255"/>
+<runstats><finished time="1675270255" timestr="Wed Feb  1 17:50:55 2023" summary="Nmap done at Wed Feb  1 17:50:55 2023; 1 IP address (1 host up) scanned in 41.47 seconds" elapsed="41.47" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>