simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
HTB/encoding/results/report/report.md/10.129.123.2/Services/Service - tcp-22-ssh/Nmap SSH.md Normal file
View File

@@ -0,0 +1,69 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.129.123.2
```
[/home/kali/htb/results/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/kali/htb/results/scans/tcp22/tcp_22_ssh_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Jan 28 20:07:25 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.123.2
Nmap scan report for encoding.htb (10.129.123.2)
Host is up, received user-set (0.039s latency).
Scanned at 2023-01-28 20:07:26 CET for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0)
|_banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| sntrup761x25519-sha512@openssh.com
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (4)
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
| ssh-hostkey:
| 256 4fe3a667a227f9118dc30ed773a02c28 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIzAFurw3qLK4OEzrjFarOhWslRrQ3K/MDVL2opfXQLI+zYXSwqofxsf8v2MEZuIGj6540YrzldnPf8CTFSW2rk=
| 256 816e78766b8aea7d1babd436b7f8ecc4 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTtbUicaITwpKjAQWp8Dkq1glFodwroxhLwJo6hRBUK
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 28 20:07:28 2023 -- 1 IP address (1 host up) scanned in 2.73 seconds
```

3
HTB/encoding/results/report/report.md/10.129.123.2/Services/Service - tcp-80-http/Curl Robots.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
curl -sSikf http://10.129.123.2:80/robots.txt
```

65
HTB/encoding/results/report/report.md/10.129.123.2/Services/Service - tcp-80-http/Curl.md Normal file
View File

@@ -0,0 +1,65 @@
```bash
curl -sSik http://10.129.123.2:80/
```
[/home/kali/htb/results/scans/tcp80/tcp_80_http_curl.html](file:///home/kali/htb/results/scans/tcp80/tcp_80_http_curl.html):
```
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 19:07:09 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>HaxTables</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="assets/css/main.css">
<script src="./assets/js/main.js"></script>
</head>
<body>
<h1 align="center">HaxTables</h1>
<br><br>
<div class="container">
<nav class="navbar navbar-inverse">
<div class="container-fluid">
<div class="navbar-header">
<a class="navbar-brand" href="/">HaxTables</a>
</div>
<ul class="nav navbar-nav">
<li class="active"><a href="/">Home</a></li>
<li class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">Convertions<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="/index.php?page=string">String</a></li>
<li><a href="/index.php?page=integer">Integer</a></li>
<li><a href="/index.php?page=image">Images</a></li>
</ul>
</li>
<li><a href="#">About us</a></li>
<li><a href="/index.php?page=api">API</a></li>
</ul>
</div>
</nav>
<p align="center">Free online String and Number converter. Just load your input and they will automatically get converted to selected format. A collection of useful utilities for working with String and Integer values. All are simple, free and easy to use. There are no ads, popups or other garbage!</p>
<p align="center">
<img src="../assets/img/index.png">
</p>
</div>
</body>
</html>
```

41
HTB/encoding/results/report/report.md/10.129.123.2/Services/Service - tcp-80-http/Directory Buster.md Normal file
View File

@@ -0,0 +1,41 @@
```bash
feroxbuster -u http://10.129.123.2:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
```
[/home/kali/htb/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt](file:///home/kali/htb/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt):
```
403 GET 9l 28w 277c http://10.129.123.2/.htaccess
403 GET 9l 28w 277c http://10.129.123.2/.hta
403 GET 9l 28w 277c http://10.129.123.2/.htpasswd
403 GET 9l 28w 277c http://10.129.123.2/.htaccess.txt
403 GET 9l 28w 277c http://10.129.123.2/.hta.txt
403 GET 9l 28w 277c http://10.129.123.2/.htpasswd.txt
403 GET 9l 28w 277c http://10.129.123.2/.htaccess.html
403 GET 9l 28w 277c http://10.129.123.2/.hta.html
403 GET 9l 28w 277c http://10.129.123.2/.htpasswd.html
403 GET 9l 28w 277c http://10.129.123.2/.htaccess.php
403 GET 9l 28w 277c http://10.129.123.2/.hta.php
403 GET 9l 28w 277c http://10.129.123.2/.htaccess.asp
403 GET 9l 28w 277c http://10.129.123.2/.htpasswd.php
403 GET 9l 28w 277c http://10.129.123.2/.hta.asp
200 GET 2206l 13654w 619037c http://10.129.123.2/assets/img/index.png
403 GET 9l 28w 277c http://10.129.123.2/.htpasswd.asp
403 GET 9l 28w 277c http://10.129.123.2/.htaccess.aspx
403 GET 9l 28w 277c http://10.129.123.2/.hta.aspx
403 GET 9l 28w 277c http://10.129.123.2/.htpasswd.aspx
403 GET 9l 28w 277c http://10.129.123.2/.htaccess.jsp
403 GET 9l 28w 277c http://10.129.123.2/.hta.jsp
200 GET 48l 137w 0c http://10.129.123.2/index.php
403 GET 9l 28w 277c http://10.129.123.2/.htpasswd.jsp
200 GET 167l 329w 3025c http://10.129.123.2/assets/css/main.css
200 GET 31l 80w 1019c http://10.129.123.2/assets/js/main.js
200 GET 48l 137w 0c http://10.129.123.2/
403 GET 9l 28w 277c http://10.129.123.2/.html
403 GET 9l 28w 277c http://10.129.123.2/.php
301 GET 9l 28w 313c http://10.129.123.2/assets => http://10.129.123.2/assets/
200 GET 1l 2w 0c http://10.129.123.2/handler.php
301 GET 9l 28w 315c http://10.129.123.2/includes => http://10.129.123.2/includes/
403 GET 9l 28w 277c http://10.129.123.2/server-status
```

3
HTB/encoding/results/report/report.md/10.129.123.2/Services/Service - tcp-80-http/Known Security.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
curl -sSikf http://10.129.123.2:80/.well-known/security.txt
```

149
HTB/encoding/results/report/report.md/10.129.123.2/Services/Service - tcp-80-http/Nmap HTTP.md Normal file
View File

@@ -0,0 +1,149 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.123.2
```
[/home/kali/htb/results/scans/tcp80/tcp_80_http_nmap.txt](file:///home/kali/htb/results/scans/tcp80/tcp_80_http_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Jan 28 20:07:25 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.123.2
Nmap scan report for encoding.htb (10.129.123.2)
Host is up, received user-set (0.025s latency).
Scanned at 2023-01-28 20:07:26 CET for 160s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52 ((Ubuntu))
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-mobileversion-checker: No mobile version detected.
|_http-server-header: Apache/2.4.52 (Ubuntu)
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| http-referer-checker:
| Spidering limited to: maxpagecount=30
| https://ajax.googleapis.com:443/ajax/libs/jquery/3.6.0/jquery.min.js
|_ https://maxcdn.bootstrapcdn.com:443/bootstrap/3.4.1/js/bootstrap.min.js
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-feed: Couldn't find any feeds.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
| http-headers:
| Date: Sat, 28 Jan 2023 19:07:19 GMT
| Server: Apache/2.4.52 (Ubuntu)
| Connection: close
| Content-Type: text/html; charset=UTF-8
|
|_ (Request type: HEAD)
| http-comments-displayer:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=encoding.htb
|
| Path: http://encoding.htb:80/assets/css/main.css
| Line number: 29
| Comment:
| /* The textarea itself */
|
| Path: http://encoding.htb:80/assets/css/main.css
| Line number: 14
| Comment:
| /* Containing areas */
|
| Path: http://encoding.htb:80/assets/css/main.css
| Line number: 41
| Comment:
| /* The status bar */
|
| Path: http://encoding.htb:80/assets/css/main.css
| Line number: 1
| Comment:
| /* Import Google Font */
|
| Path: http://encoding.htb:80/assets/css/main.css
| Line number: 63
| Comment:
| /* The submit button */
|
| Path: http://encoding.htb:80/assets/css/main.css
| Line number: 4
| Comment:
|_ /* RESET */
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-errors: Couldn't find any error pages.
| http-fileupload-exploiter:
|
| Couldn't find a file-type field.
|
|_ Couldn't find a file-type field.
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1; php: 1
| /assets/css/
| css: 1
| /assets/img/
| png: 1
| /assets/js/
| js: 1
| Longest directory structure:
| Depth: 2
| Dir: /assets/img/
| Total files found (by extension):
|_ Other: 1; css: 1; js: 1; php: 1; png: 1
|_http-date: Sat, 28 Jan 2023 19:07:18 GMT; -18s from local time.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-traceroute:
| HTML title
| Hop #1: 400 Proxy Error
| Hop #2: HaxTables
| Hop #3: HaxTables
| Status Code
| Hop #1: 400
| Hop #2: 200
| Hop #3: 200
| content-type
| Hop #1: text/html; charset=iso-8859-1
| Hop #2: text/html; charset=UTF-8
| Hop #3: text/html; charset=UTF-8
| content-length
| Hop #1: 424
| Hop #2
|_ Hop #3
|_http-title: HaxTables
|_http-malware-host: Host appears to be clean
| http-enum:
|_ /includes/: Potentially interesting folder
| http-php-version: Logo query returned unknown hash 6f7d4fa5b2f90ff61821fd1e824a06fa
|_Credits query returned unknown hash 6f7d4fa5b2f90ff61821fd1e824a06fa
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-chrono: Request times for /; avg: 172.22ms; min: 158.15ms; max: 186.15ms
| http-vhosts:
|_128 names had status 200
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 28 20:10:06 2023 -- 1 IP address (1 host up) scanned in 160.94 seconds
```

13
HTB/encoding/results/report/report.md/10.129.123.2/Services/Service - tcp-80-http/Virtual Host Enumeration.md Normal file
View File

@@ -0,0 +1,13 @@
```bash
curl -sk -o /dev/null -H "Host: JqivbBibaLLbuUZdVXDy.haxtables.htb" http://haxtables.htb:80/ -w "%{size_download}"
``````bash
ffuf -u http://haxtables.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.haxtables.htb" -fs 1999 -noninteractive -s | tee "/home/kali/htb/results/scans/tcp80/tcp_80_http_haxtables.htb_vhosts_subdomains-top1million-110000.txt"
```
[/home/kali/htb/results/scans/tcp80/tcp_80_http_haxtables.htb_vhosts_subdomains-top1million-110000.txt](file:///home/kali/htb/results/scans/tcp80/tcp_80_http_haxtables.htb_vhosts_subdomains-top1million-110000.txt):
```
api
image
```

80
HTB/encoding/results/report/report.md/10.129.123.2/Services/Service - tcp-80-http/whatweb.md Normal file
View File

@@ -0,0 +1,80 @@
```bash
whatweb --color=never --no-errors -a 3 -v http://10.129.123.2:80 2>&1
```
[/home/kali/htb/results/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/kali/htb/results/scans/tcp80/tcp_80_http_whatweb.txt):
```
WhatWeb report for http://10.129.123.2:80
Status : 200 OK
Title : HaxTables
IP : 10.129.123.2
Country : RESERVED, ZZ
Summary : Apache[2.4.52], Bootstrap[3.4.1], HTML5, HTTPServer[Ubuntu Linux][Apache/2.4.52 (Ubuntu)], JQuery[3.6.0], Script, X-UA-Compatible[IE=edge]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.52 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Version : 3.4.1
Version : 3.4.1
Website : https://getbootstrap.com/
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : Apache/2.4.52 (Ubuntu) (from server string)
[ JQuery ]
A fast, concise, JavaScript that simplifies how to traverse
HTML documents, handle events, perform animations, and add
AJAX.
Version : 3.6.0
Website : http://jquery.com/
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ X-UA-Compatible ]
This plugin retrieves the X-UA-Compatible value from the
HTTP header and meta http-equiv tag. - More Info:
http://msdn.microsoft.com/en-us/library/cc817574.aspx
String : IE=edge
HTTP Headers:
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 19:07:10 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 814
Connection: close
Content-Type: text/html; charset=UTF-8
```

3
HTB/encoding/results/report/report.md/10.129.123.2/Services/Service - tcp-80-http/wkhtmltoimage.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
wkhtmltoimage --format png http://10.129.123.2:80/ /home/kali/htb/results/scans/tcp80/tcp_80_http_screenshot.png
```