init htb

old htb folders

HTB/escape/results/escape.htb/scans/tcp139/enum4linux.txt

@@ -0,0 +1,139 @@
+Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Tue Feb 28 12:05:45 2023
+
+ =========================================( Target Information )=========================================
+
+Target ........... escape.htb
+RID Range ........ 500-550,1000-1050
+Username ......... ''
+Password ......... ''
+Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
+
+
+ =============================( Enumerating Workgroup/Domain on escape.htb )=============================
+
+
+[E] Can't find workgroup/domain
+
+
+
+ =================================( Nbtstat Information for escape.htb )=================================
+
+Looking up status of 10.129.184.130
+No reply from 10.129.184.130
+
+ ====================================( Session Check on escape.htb )====================================
+
+
+[+] Server escape.htb allows sessions using username '', password ''
+
+
+ ============================( Getting information via LDAP for escape.htb )============================
+
+
+[+] escape.htb appears to be a child DC
+
+
+ =================================( Getting domain SID for escape.htb )=================================
+
+Domain Name: sequel
+Domain Sid: S-1-5-21-4078382237-1492182817-2568127209
+
+[+] Host is part of a domain (not a workgroup)
+
+
+ ====================================( OS information on escape.htb )====================================
+
+
+[E] Can't get OS info with smbclient
+
+
+[+] Got OS info for escape.htb from srvinfo:
+do_cmd: Could not initialise srvsvc. Error was NT_STATUS_ACCESS_DENIED
+
+
+ ========================================( Users on escape.htb )========================================
+
+
+[E] Couldn't find users using querydispinfo: NT_STATUS_ACCESS_DENIED
+
+
+
+[E] Couldn't find users using enumdomusers: NT_STATUS_ACCESS_DENIED
+
+
+ =================================( Machine Enumeration on escape.htb )=================================
+
+
+[E] Not implemented in this version of enum4linux.
+
+
+ ==================================( Share Enumeration on escape.htb )==================================
+
+do_connect: Connection to escape.htb failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
+
+	Sharename       Type      Comment
+	---------       ----      -------
+Reconnecting with SMB1 for workgroup listing.
+Unable to connect with SMB1 -- no workgroup available
+
+[+] Attempting to map shares on escape.htb
+
+
+ =============================( Password Policy Information for escape.htb )=============================
+
+
+[E] Unexpected error from polenum:
+
+
+
+[+] Attaching to escape.htb using a NULL share
+
+[+] Trying protocol 139/SMB...
+
+	[!] Protocol failed: Cannot request session (Called Name:ESCAPE.HTB)
+
+[+] Trying protocol 445/SMB...
+
+	[!] Protocol failed: SAMR SessionError: code: 0xc0000022 - STATUS_ACCESS_DENIED - {Access Denied} A process has requested access to an object but has not been granted those access rights.
+
+
+
+[E] Failed to get password policy with rpcclient
+
+
+
+ ========================================( Groups on escape.htb )========================================
+
+
+[+] Getting builtin groups:
+
+
+[+]  Getting builtin group memberships:
+
+
+[+]  Getting local groups:
+
+
+[+]  Getting local group memberships:
+
+
+[+]  Getting domain groups:
+
+
+[+]  Getting domain group memberships:
+
+
+ ===================( Users on escape.htb via RID cycling (RIDS: 500-550,1000-1050) )===================
+
+
+[E] Couldn't get SID: NT_STATUS_ACCESS_DENIED.  RID cycling not possible.
+
+
+ ================================( Getting printer info for escape.htb )================================
+
+do_cmd: Could not initialise spoolss. Error was NT_STATUS_ACCESS_DENIED
+
+
+enum4linux complete on Tue Feb 28 12:06:39 2023
+
+

HTB/escape/results/escape.htb/scans/tcp139/nbtscan.txt

@@ -0,0 +1,3 @@
+Doing NBT name scan for addresses from 10.129.184.130
+
+

HTB/escape/results/escape.htb/scans/tcp139/smbclient.txt

@@ -0,0 +1,13 @@
+do_connect: Connection to escape.htb failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
+
+	Sharename       Type      Comment
+	---------       ----      -------
+	ADMIN$          Disk      Remote Admin
+	C$              Disk      Default share
+	IPC$            IPC       Remote IPC
+	NETLOGON        Disk      Logon server share
+	Public          Disk
+	SYSVOL          Disk      Logon server share
+Reconnecting with SMB1 for workgroup listing.
+Unable to connect with SMB1 -- no workgroup available
+

HTB/escape/results/escape.htb/scans/tcp139/smbmap-execute-command.txt

@@ -0,0 +1 @@
+[\] Working on it...

HTB/escape/results/escape.htb/scans/tcp139/smbmap-list-contents.txt

@@ -0,0 +1,2 @@
+[\] Working on it...
+[+] Guest session   	IP: escape.htb:445	Name: unknown

HTB/escape/results/escape.htb/scans/tcp139/smbmap-share-permissions.txt

@@ -0,0 +1,10 @@
+[\] Working on it...
+[+] Guest session   	IP: escape.htb:445	Name: unknown
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...

HTB/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt

@@ -0,0 +1,22 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 139 "--script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.18s latency).
+Scanned at 2023-02-28 12:05:45 CET for 45s
+
+PORT    STATE SERVICE     REASON          VERSION
+139/tcp open  netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn
+|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+|_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
+|_smb-protocols: No dialects accepted. Something may be blocking the responses
+|_smb2-time: ERROR: Script execution failed (use -d to debug)
+|_smb2-capabilities: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
+|_smb-print-text: false
+|_smb-mbenum: ERROR: Script execution failed (use -d to debug)
+|_smb-vuln-ms10-061: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:30 2023 -- 1 IP address (1 host up) scanned in 49.07 seconds

HTB/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 139 &quot;-&#45;script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 139 &quot;-&#45;script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="139"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="SYN Stealth Scan" time="1677582345"/>
+<taskend task="SYN Stealth Scan" time="1677582345" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582345"/>
+<taskend task="Service scan" time="1677582352" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582352"/>
+<taskprogress task="NSE" time="1677582383" percent="97.14" remaining="1" etc="1677582384"/>
+<taskend task="NSE" time="1677582387"/>
+<taskbegin task="NSE" time="1677582387"/>
+<taskend task="NSE" time="1677582390"/>
+<taskbegin task="NSE" time="1677582390"/>
+<taskend task="NSE" time="1677582390"/>
+<host starttime="1677582345" endtime="1677582390"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="netbios-ssn" product="Microsoft Windows netbios-ssn" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="smb-enum-services" output="ERROR: Script execution failed (use -d to debug)"/></port>
+</ports>
+<hostscript><script id="smb2-security-mode" output="SMB: Couldn&apos;t find a NetBIOS name that works for the server. Sorry!">false</script><script id="smb-protocols" output="No dialects accepted. Something may be blocking the responses"/><script id="smb2-time" output="ERROR: Script execution failed (use -d to debug)"/><script id="smb2-capabilities" output="SMB: Couldn&apos;t find a NetBIOS name that works for the server. Sorry!">false</script><script id="smb-print-text" output="false">false</script><script id="smb-mbenum" output="ERROR: Script execution failed (use -d to debug)"/><script id="smb-vuln-ms10-061" output="SMB: Couldn&apos;t find a NetBIOS name that works for the server. Sorry!">false</script></hostscript><times srtt="183869" rttvar="183869" to="919345"/>
+</host>
+<taskbegin task="NSE" time="1677582390"/>
+<taskend task="NSE" time="1677582390"/>
+<taskbegin task="NSE" time="1677582390"/>
+<taskend task="NSE" time="1677582390"/>
+<taskbegin task="NSE" time="1677582390"/>
+<taskend task="NSE" time="1677582390"/>
+<runstats><finished time="1677582390" timestr="Tue Feb 28 12:06:30 2023" summary="Nmap done at Tue Feb 28 12:06:30 2023; 1 IP address (1 host up) scanned in 49.07 seconds" elapsed="49.07" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>