init htb

old htb folders
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
--- a/HTB/encoding/results/scans/tcp80/ferox-http_api_haxtables_htb-1674933786.state
+++ b/HTB/encoding/results/scans/tcp80/ferox-http_api_haxtables_htb-1674933786.state
@@ -0,0 +1 @@
+{"scans":[{"id":"a57702627b854c1c90ad3f96ec543203","url":"http://api.haxtables.htb/","normalized_url":"http://api.haxtables.htb/","scan_type":"Directory","status":"Running","num_requests":30000},{"id":"6809b17a31a54a36b557f8cf36b3e463","url":"http://api.haxtables.htb/v2/","normalized_url":"http://api.haxtables.htb/v2/","scan_type":"Directory","status":"Complete","num_requests":30000},{"id":"e94a0fafa13a47819bc2bf530faad678","url":"http://api.haxtables.htb/v3/","normalized_url":"http://api.haxtables.htb/v3/","scan_type":"Directory","status":"Complete","num_requests":30000},{"id":"2f4dbdcce1364f6099c72ab7ac0b0127","url":"http://api.haxtables.htb/v1/","normalized_url":"http://api.haxtables.htb/v1/","scan_type":"Directory","status":"Complete","num_requests":30000}],"config":{"type":"configuration","wordlist":"/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://api.haxtables.htb","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":50,"timeout":7,"verbosity":0,"silent":false,"quiet":false,"auto_bail":false,"auto_tune":false,"json":false,"output":"","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":false,"extensions":[],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":false,"extract_links":false,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://api.haxtables.htb/","original_url":"http://api.haxtables.htb","path":"/","wildcard":false,"status":200,"method":"GET","content_length":0,"line_count":0,"word_count":0,"headers":{"server":"Apache/2.4.52 (Ubuntu)","content-type":"text/html; charset=UTF-8","content-length":"0","date":"Sat, 28 Jan 2023 19:22:46 GMT"},"extension":""},{"type":"response","url":"http://api.haxtables.htb/v2","original_url":"http://api.haxtables.htb","path":"/v2","wildcard":false,"status":301,"method":"GET","content_length":319,"line_count":9,"word_count":28,"headers":{"server":"Apache/2.4.52 (Ubuntu)","content-type":"text/html; charset=iso-8859-1","location":"http://api.haxtables.htb/v2/","date":"Sat, 28 Jan 2023 19:22:46 GMT","content-length":"319"},"extension":""},{"type":"response","url":"http://api.haxtables.htb/v3","original_url":"http://api.haxtables.htb","path":"/v3","wildcard":false,"status":301,"method":"GET","content_length":319,"line_count":9,"word_count":28,"headers":{"content-length":"319","content-type":"text/html; charset=iso-8859-1","date":"Sat, 28 Jan 2023 19:22:46 GMT","server":"Apache/2.4.52 (Ubuntu)","location":"http://api.haxtables.htb/v3/"},"extension":""},{"type":"response","url":"http://api.haxtables.htb/v1","original_url":"http://api.haxtables.htb","path":"/v1","wildcard":false,"status":301,"method":"GET","content_length":319,"line_count":9,"word_count":28,"headers":{"server":"Apache/2.4.52 (Ubuntu)","content-type":"text/html; charset=iso-8859-1","date":"Sat, 28 Jan 2023 19:22:46 GMT","content-length":"319","location":"http://api.haxtables.htb/v1/"},"extension":""},{"type":"response","url":"http://api.haxtables.htb/server-status","original_url":"http://api.haxtables.htb","path":"/server-status","wildcard":false,"status":403,"method":"GET","content_length":282,"line_count":9,"word_count":28,"headers":{"content-length":"282","date":"Sat, 28 Jan 2023 19:22:48 GMT","server":"Apache/2.4.52 (Ubuntu)","content-type":"text/html; charset=iso-8859-1"},"extension":""}],"statistics":{"type":"statistics","timeouts":0,"requests":7411,"expected_per_scan":30000,"total_expected":120000,"errors":12,"successes":7,"redirects":3,"client_errors":7389,"server_errors":0,"total_scans":4,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":7,"status_301s":3,"status_302s":0,"status_401s":0,"status_403s":1,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":5,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":12,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[]}
--- a/HTB/encoding/results/scans/tcp80/tcp_80_http_curl.html
+++ b/HTB/encoding/results/scans/tcp80/tcp_80_http_curl.html
@@ -0,0 +1,56 @@
+HTTP/1.1 200 OK
+Date: Sat, 28 Jan 2023 19:07:09 GMT
+Server: Apache/2.4.52 (Ubuntu)
+Vary: Accept-Encoding
+Transfer-Encoding: chunked
+Content-Type: text/html; charset=UTF-8
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>HaxTables</title>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
+    <link rel="stylesheet" href="assets/css/main.css">
+    <script src="./assets/js/main.js"></script>
+
+</head>
+<body>
+<h1 align="center">HaxTables</h1>
+<br><br>
+<div class="container">
+<nav class="navbar navbar-inverse">
+  <div class="container-fluid">
+    <div class="navbar-header">
+      <a class="navbar-brand" href="/">HaxTables</a>
+    </div>
+    <ul class="nav navbar-nav">
+      <li class="active"><a href="/">Home</a></li>
+      <li class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">Convertions<span class="caret"></span></a>
+        <ul class="dropdown-menu">
+          <li><a href="/index.php?page=string">String</a></li>
+          <li><a href="/index.php?page=integer">Integer</a></li>
+          <li><a href="/index.php?page=image">Images</a></li>
+        </ul>
+      </li>
+      <li><a href="#">About us</a></li>
+      <li><a href="/index.php?page=api">API</a></li>
+    </ul>
+  </div>
+</nav>
+
+<p align="center">Free online String and Number converter. Just load your input  and they will automatically get converted to selected format.  A collection of useful utilities for working with String and Integer values. All are simple, free and easy to use. There are no ads, popups or other garbage!</p>
+
+<p align="center">
+    <img  src="../assets/img/index.png">
+</p>
+</div>
+</body>
+</html>
+
--- a/HTB/encoding/results/scans/tcp80/tcp_80_http_encoding.htb_vhosts_subdomains-top1million-110000.txt
+++ b/HTB/encoding/results/scans/tcp80/tcp_80_http_encoding.htb_vhosts_subdomains-top1million-110000.txt
--- a/HTB/encoding/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
+++ b/HTB/encoding/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
@@ -0,0 +1,32 @@
+403      GET        9l       28w      277c http://10.129.123.2/.htaccess
+403      GET        9l       28w      277c http://10.129.123.2/.hta
+403      GET        9l       28w      277c http://10.129.123.2/.htpasswd
+403      GET        9l       28w      277c http://10.129.123.2/.htaccess.txt
+403      GET        9l       28w      277c http://10.129.123.2/.hta.txt
+403      GET        9l       28w      277c http://10.129.123.2/.htpasswd.txt
+403      GET        9l       28w      277c http://10.129.123.2/.htaccess.html
+403      GET        9l       28w      277c http://10.129.123.2/.hta.html
+403      GET        9l       28w      277c http://10.129.123.2/.htpasswd.html
+403      GET        9l       28w      277c http://10.129.123.2/.htaccess.php
+403      GET        9l       28w      277c http://10.129.123.2/.hta.php
+403      GET        9l       28w      277c http://10.129.123.2/.htaccess.asp
+403      GET        9l       28w      277c http://10.129.123.2/.htpasswd.php
+403      GET        9l       28w      277c http://10.129.123.2/.hta.asp
+200      GET     2206l    13654w   619037c http://10.129.123.2/assets/img/index.png
+403      GET        9l       28w      277c http://10.129.123.2/.htpasswd.asp
+403      GET        9l       28w      277c http://10.129.123.2/.htaccess.aspx
+403      GET        9l       28w      277c http://10.129.123.2/.hta.aspx
+403      GET        9l       28w      277c http://10.129.123.2/.htpasswd.aspx
+403      GET        9l       28w      277c http://10.129.123.2/.htaccess.jsp
+403      GET        9l       28w      277c http://10.129.123.2/.hta.jsp
+200      GET       48l      137w        0c http://10.129.123.2/index.php
+403      GET        9l       28w      277c http://10.129.123.2/.htpasswd.jsp
+200      GET      167l      329w     3025c http://10.129.123.2/assets/css/main.css
+200      GET       31l       80w     1019c http://10.129.123.2/assets/js/main.js
+200      GET       48l      137w        0c http://10.129.123.2/
+403      GET        9l       28w      277c http://10.129.123.2/.html
+403      GET        9l       28w      277c http://10.129.123.2/.php
+301      GET        9l       28w      313c http://10.129.123.2/assets => http://10.129.123.2/assets/
+200      GET        1l        2w        0c http://10.129.123.2/handler.php
+301      GET        9l       28w      315c http://10.129.123.2/includes => http://10.129.123.2/includes/
+403      GET        9l       28w      277c http://10.129.123.2/server-status
--- a/HTB/encoding/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt
+++ b/HTB/encoding/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt
@@ -0,0 +1,32 @@
+200      GET       48l      137w        0c http://10.129.123.2/index.php
+MSG      0.000 feroxbuster::heuristics detected directory listing: http://10.129.123.2/assets/css/ (Apache)
+200      GET      167l      329w     3025c http://10.129.123.2/assets/css/main.css
+200      GET       31l       80w     1019c http://10.129.123.2/assets/js/main.js
+MSG      0.000 feroxbuster::heuristics detected directory listing: http://10.129.123.2/assets/js/ (Apache)
+MSG      0.000 feroxbuster::heuristics detected directory listing: http://10.129.123.2/assets/ (Apache)
+MSG      0.000 feroxbuster::heuristics detected directory listing: http://10.129.123.2/assets/img (Apache)
+200      GET     2206l    13654w   619037c http://10.129.123.2/assets/img/index.png
+200      GET       48l      137w        0c http://10.129.123.2/
+301      GET        9l       28w      313c http://10.129.123.2/assets => http://10.129.123.2/assets/
+403      GET        9l       28w      277c http://10.129.123.2/.html
+403      GET        9l       28w      277c http://10.129.123.2/.php
+301      GET        9l       28w      315c http://10.129.123.2/includes => http://10.129.123.2/includes/
+200      GET        5l       53w      375c http://10.129.123.2/includes/index.html
+200      GET        1l        2w       20c http://10.129.123.2/includes/image.html
+200      GET      110l      344w     3672c http://10.129.123.2/includes/api.html
+200      GET       48l      137w        0c http://10.129.123.2/index.php
+200      GET       31l       80w     1019c http://10.129.123.2/assets/js/main.js
+200      GET      167l      329w     3025c http://10.129.123.2/assets/css/main.css
+MSG      0.000 feroxbuster::heuristics detected directory listing: http://10.129.123.2/assets/css/ (Apache)
+MSG      0.000 feroxbuster::heuristics detected directory listing: http://10.129.123.2/assets/js/ (Apache)
+MSG      0.000 feroxbuster::heuristics detected directory listing: http://10.129.123.2/assets/ (Apache)
+200      GET     2206l    13654w   619037c http://10.129.123.2/assets/img/index.png
+200      GET       48l      137w        0c http://10.129.123.2/
+403      GET        9l       28w      277c http://10.129.123.2/.html
+MSG      0.000 feroxbuster::heuristics detected directory listing: http://10.129.123.2/assets/img/ (Apache)
+403      GET        9l       28w      277c http://10.129.123.2/.php
+301      GET        9l       28w      313c http://10.129.123.2/assets => http://10.129.123.2/assets/
+301      GET        9l       28w      315c http://10.129.123.2/includes => http://10.129.123.2/includes/
+200      GET        5l       53w      375c http://10.129.123.2/includes/index.html
+200      GET        1l        2w       20c http://10.129.123.2/includes/image.html
+200      GET      110l      344w     3672c http://10.129.123.2/includes/api.html
--- a/HTB/encoding/results/scans/tcp80/tcp_80_http_haxtables.htb_vhosts_subdomains-top1million-110000.txt
+++ b/HTB/encoding/results/scans/tcp80/tcp_80_http_haxtables.htb_vhosts_subdomains-top1million-110000.txt
@@ -0,0 +1,2 @@
+api
+image
--- a/HTB/encoding/results/scans/tcp80/tcp_80_http_nmap.txt
+++ b/HTB/encoding/results/scans/tcp80/tcp_80_http_nmap.txt
@@ -0,0 +1,140 @@
+# Nmap 7.93 scan initiated Sat Jan 28 20:07:25 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.123.2
+Nmap scan report for encoding.htb (10.129.123.2)
+Host is up, received user-set (0.025s latency).
+Scanned at 2023-01-28 20:07:26 CET for 160s
+
+Bug in http-security-headers: no string output.
+PORT   STATE SERVICE REASON         VERSION
+80/tcp open  http    syn-ack ttl 63 Apache httpd 2.4.52 ((Ubuntu))
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-mobileversion-checker: No mobile version detected.
+|_http-server-header: Apache/2.4.52 (Ubuntu)
+|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
+|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
+| http-referer-checker: 
+| Spidering limited to: maxpagecount=30
+|   https://ajax.googleapis.com:443/ajax/libs/jquery/3.6.0/jquery.min.js
+|_  https://maxcdn.bootstrapcdn.com:443/bootstrap/3.4.1/js/bootstrap.min.js
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+|_http-fetch: Please enter the complete path of the directory to save data in.
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+|_http-feed: Couldn't find any feeds.
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+| http-useragent-tester: 
+|   Status for browser useragent: 200
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+| http-headers: 
+|   Date: Sat, 28 Jan 2023 19:07:19 GMT
+|   Server: Apache/2.4.52 (Ubuntu)
+|   Connection: close
+|   Content-Type: text/html; charset=UTF-8
+|   
+|_  (Request type: HEAD)
+| http-comments-displayer: 
+| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=encoding.htb
+|     
+|     Path: http://encoding.htb:80/assets/css/main.css
+|     Line number: 29
+|     Comment: 
+|         /* The textarea itself */
+|     
+|     Path: http://encoding.htb:80/assets/css/main.css
+|     Line number: 14
+|     Comment: 
+|         /* Containing areas */
+|     
+|     Path: http://encoding.htb:80/assets/css/main.css
+|     Line number: 41
+|     Comment: 
+|         /* The status bar */
+|     
+|     Path: http://encoding.htb:80/assets/css/main.css
+|     Line number: 1
+|     Comment: 
+|         /* Import Google Font */
+|     
+|     Path: http://encoding.htb:80/assets/css/main.css
+|     Line number: 63
+|     Comment: 
+|         /* The submit button */
+|     
+|     Path: http://encoding.htb:80/assets/css/main.css
+|     Line number: 4
+|     Comment: 
+|_        /* RESET */
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-errors: Couldn't find any error pages.
+| http-fileupload-exploiter: 
+|   
+|     Couldn't find a file-type field.
+|   
+|_    Couldn't find a file-type field.
+| http-sitemap-generator: 
+|   Directory structure:
+|     /
+|       Other: 1; php: 1
+|     /assets/css/
+|       css: 1
+|     /assets/img/
+|       png: 1
+|     /assets/js/
+|       js: 1
+|   Longest directory structure:
+|     Depth: 2
+|     Dir: /assets/img/
+|   Total files found (by extension):
+|_    Other: 1; css: 1; js: 1; php: 1; png: 1
+|_http-date: Sat, 28 Jan 2023 19:07:18 GMT; -18s from local time.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+| http-traceroute: 
+|   HTML title
+|     Hop #1: 400 Proxy Error
+|     Hop #2: HaxTables
+|     Hop #3: HaxTables
+|   Status Code
+|     Hop #1: 400
+|     Hop #2: 200
+|     Hop #3: 200
+|   content-type
+|     Hop #1: text/html; charset=iso-8859-1
+|     Hop #2: text/html; charset=UTF-8
+|     Hop #3: text/html; charset=UTF-8
+|   content-length
+|     Hop #1: 424
+|     Hop #2
+|_    Hop #3
+|_http-title: HaxTables
+|_http-malware-host: Host appears to be clean
+| http-enum: 
+|_  /includes/: Potentially interesting folder
+| http-php-version: Logo query returned unknown hash 6f7d4fa5b2f90ff61821fd1e824a06fa
+|_Credits query returned unknown hash 6f7d4fa5b2f90ff61821fd1e824a06fa
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+| http-methods: 
+|_  Supported Methods: GET HEAD POST OPTIONS
+|_http-chrono: Request times for /; avg: 172.22ms; min: 158.15ms; max: 186.15ms
+| http-vhosts: 
+|_128 names had status 200
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Jan 28 20:10:06 2023 -- 1 IP address (1 host up) scanned in 160.94 seconds
--- a/HTB/encoding/results/scans/tcp80/tcp_80_http_screenshot.png
+++ b/HTB/encoding/results/scans/tcp80/tcp_80_http_screenshot.png
--- a/HTB/encoding/results/scans/tcp80/tcp_80_http_whatweb.txt
+++ b/HTB/encoding/results/scans/tcp80/tcp_80_http_whatweb.txt
@@ -0,0 +1,71 @@
+WhatWeb report for http://10.129.123.2:80
+Status    : 200 OK
+Title     : HaxTables
+IP        : 10.129.123.2
+Country   : RESERVED, ZZ
+
+Summary   : Apache[2.4.52], Bootstrap[3.4.1], HTML5, HTTPServer[Ubuntu Linux][Apache/2.4.52 (Ubuntu)], JQuery[3.6.0], Script, X-UA-Compatible[IE=edge]
+
+Detected Plugins:
+[ Apache ]
+	The Apache HTTP Server Project is an effort to develop and
+	maintain an open-source HTTP server for modern operating
+	systems including UNIX and Windows NT. The goal of this
+	project is to provide a secure, efficient and extensible
+	server that provides HTTP services in sync with the current
+	HTTP standards.
+
+	Version      : 2.4.52 (from HTTP Server Header)
+	Google Dorks: (3)
+	Website     : http://httpd.apache.org/
+
+[ Bootstrap ]
+	Bootstrap is an open source toolkit for developing with
+	HTML, CSS, and JS.
+
+	Version      : 3.4.1
+	Version      : 3.4.1
+	Website     : https://getbootstrap.com/
+
+[ HTML5 ]
+	HTML version 5, detected by the doctype declaration
+
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Ubuntu Linux
+	String       : Apache/2.4.52 (Ubuntu) (from server string)
+
+[ JQuery ]
+	A fast, concise, JavaScript that simplifies how to traverse
+	HTML documents, handle events, perform animations, and add
+	AJAX.
+
+	Version      : 3.6.0
+	Website     : http://jquery.com/
+
+[ Script ]
+	This plugin detects instances of script HTML elements and
+	returns the script language/type.
+
+
+[ X-UA-Compatible ]
+	This plugin retrieves the X-UA-Compatible value from the
+	HTTP header and meta http-equiv tag. - More Info:
+	http://msdn.microsoft.com/en-us/library/cc817574.aspx
+
+	String       : IE=edge
+
+HTTP Headers:
+	HTTP/1.1 200 OK
+	Date: Sat, 28 Jan 2023 19:07:10 GMT
+	Server: Apache/2.4.52 (Ubuntu)
+	Vary: Accept-Encoding
+	Content-Encoding: gzip
+	Content-Length: 814
+	Connection: close
+	Content-Type: text/html; charset=UTF-8
+
+
--- a/HTB/encoding/results/scans/tcp80/xml/tcp_80_http_nmap.xml
+++ b/HTB/encoding/results/scans/tcp80/xml/tcp_80_http_nmap.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sat Jan 28 20:07:25 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.123.2 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.123.2" start="1674932845" startstr="Sat Jan 28 20:07:25 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="80"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674932846"/>
+<taskend task="NSE" time="1674932846"/>
+<taskbegin task="NSE" time="1674932846"/>
+<taskend task="NSE" time="1674932846"/>
+<taskbegin task="NSE" time="1674932846"/>
+<taskend task="NSE" time="1674932846"/>
+<taskbegin task="SYN Stealth Scan" time="1674932846"/>
+<taskend task="SYN Stealth Scan" time="1674932846" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1674932846"/>
+<taskend task="Service scan" time="1674932852" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1674932852"/>
+<taskprogress task="NSE" time="1674932883" percent="99.02" remaining="1" etc="1674932883"/>
+<taskprogress task="NSE" time="1674932913" percent="99.67" remaining="1" etc="1674932913"/>
+<taskprogress task="NSE" time="1674932943" percent="99.67" remaining="1" etc="1674932943"/>
+<taskprogress task="NSE" time="1674932973" percent="99.67" remaining="1" etc="1674932973"/>
+<taskprogress task="NSE" time="1674933003" percent="99.67" remaining="1" etc="1674933003"/>
+<taskend task="NSE" time="1674933006"/>
+<taskbegin task="NSE" time="1674933006"/>
+<taskend task="NSE" time="1674933006"/>
+<taskbegin task="NSE" time="1674933006"/>
+<taskend task="NSE" time="1674933006"/>
+<host starttime="1674932846" endtime="1674933006"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.123.2" addrtype="ipv4"/>
+<hostnames>
+<hostname name="encoding.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="Apache httpd" version="2.4.52" extrainfo="(Ubuntu)" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.52</cpe></service><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-server-header" output="Apache/2.4.52 (Ubuntu)"><elem>Apache/2.4.52 (Ubuntu)</elem>
+</script><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-vuln-cve2017-1001000" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-referer-checker" output="&#xa;Spidering limited to: maxpagecount=30&#xa;  https://ajax.googleapis.com:443/ajax/libs/jquery/3.6.0/jquery.min.js&#xa;  https://maxcdn.bootstrapcdn.com:443/bootstrap/3.4.1/js/bootstrap.min.js&#xa;"/><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
+</script><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-useragent-tester" output="&#xa;  Status for browser useragent: 200&#xa;  Allowed User Agents: &#xa;    Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa;    libwww&#xa;    lwp-trivial&#xa;    libcurl-agent/1.0&#xa;    PHP/&#xa;    Python-urllib/2.5&#xa;    GT::WWW&#xa;    Snoopy&#xa;    MFC_Tear_Sample&#xa;    HTTP::Lite&#xa;    PHPCrawl&#xa;    URI::Fetch&#xa;    Zend_Http_Client&#xa;    http client&#xa;    PECL::HTTP&#xa;    Wget/1.13.4 (linux-gnu)&#xa;    WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
+<table key="Allowed User Agents">
+<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
+<elem>libwww</elem>
+<elem>lwp-trivial</elem>
+<elem>libcurl-agent/1.0</elem>
+<elem>PHP/</elem>
+<elem>Python-urllib/2.5</elem>
+<elem>GT::WWW</elem>
+<elem>Snoopy</elem>
+<elem>MFC_Tear_Sample</elem>
+<elem>HTTP::Lite</elem>
+<elem>PHPCrawl</elem>
+<elem>URI::Fetch</elem>
+<elem>Zend_Http_Client</elem>
+<elem>http client</elem>
+<elem>PECL::HTTP</elem>
+<elem>Wget/1.13.4 (linux-gnu)</elem>
+<elem>WWW-Mechanize/1.34</elem>
+</table>
+</script><script id="http-headers" output="&#xa;  Date: Sat, 28 Jan 2023 19:07:19 GMT&#xa;  Server: Apache/2.4.52 (Ubuntu)&#xa;  Connection: close&#xa;  Content-Type: text/html; charset=UTF-8&#xa;  &#xa;  (Request type: HEAD)&#xa;"/><script id="http-comments-displayer" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=encoding.htb&#xa;    &#xa;    Path: http://encoding.htb:80/assets/css/main.css&#xa;    Line number: 29&#xa;    Comment: &#xa;        /* The textarea itself */&#xa;    &#xa;    Path: http://encoding.htb:80/assets/css/main.css&#xa;    Line number: 14&#xa;    Comment: &#xa;        /* Containing areas */&#xa;    &#xa;    Path: http://encoding.htb:80/assets/css/main.css&#xa;    Line number: 41&#xa;    Comment: &#xa;        /* The status bar */&#xa;    &#xa;    Path: http://encoding.htb:80/assets/css/main.css&#xa;    Line number: 1&#xa;    Comment: &#xa;        /* Import Google Font */&#xa;    &#xa;    Path: http://encoding.htb:80/assets/css/main.css&#xa;    Line number: 63&#xa;    Comment: &#xa;        /* The submit button */&#xa;    &#xa;    Path: http://encoding.htb:80/assets/css/main.css&#xa;    Line number: 4&#xa;    Comment: &#xa;        /* RESET */&#xa;"/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-fileupload-exploiter" output="&#xa;  &#xa;    Couldn&apos;t find a file-type field.&#xa;  &#xa;    Couldn&apos;t find a file-type field."><table>
+<elem>Couldn&apos;t find a file-type field.</elem>
+</table>
+<table>
+<elem>Couldn&apos;t find a file-type field.</elem>
+</table>
+</script><script id="http-sitemap-generator" output="&#xa;  Directory structure:&#xa;    /&#xa;      Other: 1; php: 1&#xa;    /assets/css/&#xa;      css: 1&#xa;    /assets/img/&#xa;      png: 1&#xa;    /assets/js/&#xa;      js: 1&#xa;  Longest directory structure:&#xa;    Depth: 2&#xa;    Dir: /assets/img/&#xa;  Total files found (by extension):&#xa;    Other: 1; css: 1; js: 1; php: 1; png: 1&#xa;"/><script id="http-date" output="Sat, 28 Jan 2023 19:07:18 GMT; -18s from local time."><elem key="date">2023-01-28T19:07:18+00:00</elem>
+<elem key="delta">-18.0</elem>
+</script><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-traceroute" output="&#xa;  HTML title&#xa;    Hop #1: 400 Proxy Error&#xa;    Hop #2: HaxTables&#xa;    Hop #3: HaxTables&#xa;  Status Code&#xa;    Hop #1: 400&#xa;    Hop #2: 200&#xa;    Hop #3: 200&#xa;  content-type&#xa;    Hop #1: text/html; charset=iso-8859-1&#xa;    Hop #2: text/html; charset=UTF-8&#xa;    Hop #3: text/html; charset=UTF-8&#xa;  content-length&#xa;    Hop #1: 424&#xa;    Hop #2&#xa;    Hop #3&#xa;"/><script id="http-title" output="HaxTables"><elem key="title">HaxTables</elem>
+</script><script id="http-malware-host" output="Host appears to be clean"/><script id="http-security-headers" output=""></script><script id="http-enum" output="&#xa;  /includes/: Potentially interesting folder&#xa;"/><script id="http-php-version" output="Logo query returned unknown hash 6f7d4fa5b2f90ff61821fd1e824a06fa&#xa;Credits query returned unknown hash 6f7d4fa5b2f90ff61821fd1e824a06fa"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+<elem>POST</elem>
+<elem>OPTIONS</elem>
+</table>
+</script><script id="http-chrono" output="Request times for /; avg: 172.22ms; min: 158.15ms; max: 186.15ms"/><script id="http-vhosts" output="&#xa;128 names had status 200"/></port>
+</ports>
+<times srtt="24650" rttvar="24650" to="123250"/>
+</host>
+<taskbegin task="NSE" time="1674933006"/>
+<taskend task="NSE" time="1674933006"/>
+<taskbegin task="NSE" time="1674933006"/>
+<taskend task="NSE" time="1674933006"/>
+<taskbegin task="NSE" time="1674933006"/>
+<taskend task="NSE" time="1674933006"/>
+<runstats><finished time="1674933006" timestr="Sat Jan 28 20:10:06 2023" summary="Nmap done at Sat Jan 28 20:10:06 2023; 1 IP address (1 host up) scanned in 160.94 seconds" elapsed="160.94" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
				`@@ -0,0 +1 @@`
				{"scans":[{"id":"a57702627b854c1c90ad3f96ec543203","url":"http://api.haxtables.htb/","normalized_url":"http://api.haxtables.htb/","scan_type":"Directory","status":"Running","num_requests":30000},{"id":"6809b17a31a54a36b557f8cf36b3e463","url":"http://api.haxtables.htb/v2/","normalized_url":"http://api.haxtables.htb/v2/","scan_type":"Directory","status":"Complete","num_requests":30000},{"id":"e94a0fafa13a47819bc2bf530faad678","url":"http://api.haxtables.htb/v3/","normalized_url":"http://api.haxtables.htb/v3/","scan_type":"Directory","status":"Complete","num_requests":30000},{"id":"2f4dbdcce1364f6099c72ab7ac0b0127","url":"http://api.haxtables.htb/v1/","normalized_url":"http://api.haxtables.htb/v1/","scan_type":"Directory","status":"Complete","num_requests":30000}],"config":{"type":"configuration","wordlist":"/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://api.haxtables.htb","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":50,"timeout":7,"verbosity":0,"silent":false,"quiet":false,"auto_bail":false,"auto_tune":false,"json":false,"output":"","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":false,"extensions":[],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":false,"extract_links":false,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://api.haxtables.htb/","original_url":"http://api.haxtables.htb","path":"/","wildcard":false,"status":200,"method":"GET","content_length":0,"line_count":0,"word_count":0,"headers":{"server":"Apache/2.4.52 (Ubuntu)","content-type":"text/html; charset=UTF-8","content-length":"0","date":"Sat, 28 Jan 2023 19:22:46 GMT"},"extension":""},{"type":"response","url":"http://api.haxtables.htb/v2","original_url":"http://api.haxtables.htb","path":"/v2","wildcard":false,"status":301,"method":"GET","content_length":319,"line_count":9,"word_count":28,"headers":{"server":"Apache/2.4.52 (Ubuntu)","content-type":"text/html; charset=iso-8859-1","location":"http://api.haxtables.htb/v2/","date":"Sat, 28 Jan 2023 19:22:46 GMT","content-length":"319"},"extension":""},{"type":"response","url":"http://api.haxtables.htb/v3","original_url":"http://api.haxtables.htb","path":"/v3","wildcard":false,"status":301,"method":"GET","content_length":319,"line_count":9,"word_count":28,"headers":{"content-length":"319","content-type":"text/html; charset=iso-8859-1","date":"Sat, 28 Jan 2023 19:22:46 GMT","server":"Apache/2.4.52 (Ubuntu)","location":"http://api.haxtables.htb/v3/"},"extension":""},{"type":"response","url":"http://api.haxtables.htb/v1","original_url":"http://api.haxtables.htb","path":"/v1","wildcard":false,"status":301,"method":"GET","content_length":319,"line_count":9,"word_count":28,"headers":{"server":"Apache/2.4.52 (Ubuntu)","content-type":"text/html; charset=iso-8859-1","date":"Sat, 28 Jan 2023 19:22:46 GMT","content-length":"319","location":"http://api.haxtables.htb/v1/"},"extension":""},{"type":"response","url":"http://api.haxtables.htb/server-status","original_url":"http://api.haxtables.htb","path":"/server-status","wildcard":false,"status":403,"method":"GET","content_length":282,"line_count":9,"word_count":28,"headers":{"content-length":"282","date":"Sat, 28 Jan 2023 19:22:48 GMT","server":"Apache/2.4.52 (Ubuntu)","content-type":"text/html; charset=iso-8859-1"},"extension":""}],"statistics":{"type":"statistics","timeouts":0,"requests":7411,"expected_per_scan":30000,"total_expected":120000,"errors":12,"successes":7,"redirects":3,"client_errors":7389,"server_errors":0,"total_scans":4,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":7,"status_301s":3,"status_302s":0,"status_401s":0,"status_403s":1,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":5,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":12,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[]}