simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
HTB/forgot/results/forgot.htb/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,82 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Thu Feb 9 22:07:19 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/forgot/results/forgot.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/forgot/results/forgot.htb/scans/tcp80/xml/tcp_80_http_nmap.xml forgot.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/forgot/results/forgot.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/forgot/results/forgot.htb/scans/tcp80/xml/tcp_80_http_nmap.xml forgot.htb" start="1675976839" startstr="Thu Feb 9 22:07:19 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1675976840"/>
<taskend task="NSE" time="1675976840"/>
<taskbegin task="NSE" time="1675976840"/>
<taskend task="NSE" time="1675976840"/>
<taskbegin task="NSE" time="1675976840"/>
<taskend task="NSE" time="1675976840"/>
<taskbegin task="SYN Stealth Scan" time="1675976840"/>
<taskend task="SYN Stealth Scan" time="1675976840" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1675976840"/>
<taskend task="Service scan" time="1675976967" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1675976967"/>
<taskprogress task="NSE" time="1675976998" percent="93.11" remaining="3" etc="1675977000"/>
<taskprogress task="NSE" time="1675977028" percent="99.67" remaining="1" etc="1675977028"/>
<taskprogress task="NSE" time="1675977058" percent="99.67" remaining="1" etc="1675977058"/>
<taskprogress task="NSE" time="1675977088" percent="99.67" remaining="1" etc="1675977088"/>
<taskend task="NSE" time="1675977108"/>
<taskbegin task="NSE" time="1675977108"/>
<taskend task="NSE" time="1675977109"/>
<taskbegin task="NSE" time="1675977109"/>
<taskend task="NSE" time="1675977109"/>
<host starttime="1675976840" endtime="1675977109"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.188" addrtype="ipv4"/>
<hostnames>
<hostname name="forgot.htb" type="user"/>
<hostname name="forgot.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="Werkzeug/2.1.2 Python/3.8.10" servicefp="SF-Port80-TCP:V=7.93%I=7%D=2/9%Time=63E5608D%P=x86_64-pc-linux-gnu%r(GetRequest,1E4,&quot;HTTP/1\.1\x20302\x20FOUND\r\nServer:\x20Werkzeug/2\.1\.2\x20Python/3\.8\.10\r\nDate:\x20Thu,\x2009\x20Feb\x202023\x2021:07:25\x20GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20219\r\nLocation:\x20http://127\.0\.0\.1\r\nX-Varnish:\x201114114\r\nAge:\x200\r\nVia:\x201\.1\x20varnish\x20\(Varnish/6\.2\)\r\nConnection:\x20close\r\n\r\n&lt;!doctype\x20html&gt;\n&lt;html\x20lang=en&gt;\n&lt;title&gt;Redirecting\.\.\.&lt;/title&gt;\n&lt;h1&gt;Redirecting\.\.\.&lt;/h1&gt;\n&lt;p&gt;You\x20should\x20be\x20redirected\x20automatically\x20to\x20the\x20target\x20URL:\x20&lt;a\x20href=\&quot;http://127\.0\.0\.1\&quot;&gt;http://127\.0\.0\.1&lt;/a&gt;\.\x20If\x20not,\x20click\x20the\x20link\.\n&quot;)%r(HTTPOptions,118,&quot;HTTP/1\.1\x20200\x20OK\r\nServer:\x20Werkzeug/2\.1\.2\x20Python/3\.8\.10\r\nDate:\x20Thu,\x2009\x20Feb\x202023\x2021:07:25\x20GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nAllow:\x20GET,\x20HEAD,\x20OPTIONS\r\nContent-Length:\x200\r\nX-Varnish:\x20524300\r\nAge:\x200\r\nVia:\x201\.1\x20varnish\x20\(Varnish/6\.2\)\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\n\r\n&quot;)%r(RTSPRequest,1C,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\n\r\n&quot;)%r(FourOhFourRequest,1BF,&quot;HTTP/1\.1\x20404\x20NOT\x20FOUND\r\nServer:\x20Werkzeug/2\.1\.2\x20Python/3\.8\.10\r\nDate:\x20Thu,\x2009\x20Feb\x202023\x2021:07:30\x20GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20207\r\nX-Varnish:\x20819491\r\nAge:\x200\r\nVia:\x201\.1\x20varnish\x20\(Varnish/6\.2\)\r\nConnection:\x20close\r\n\r\n&lt;!doctype\x20html&gt;\n&lt;html\x20lang=en&gt;\n&lt;title&gt;404\x20Not\x20Found&lt;/title&gt;\n&lt;h1&gt;Not\x20Found&lt;/h1&gt;\n&lt;p&gt;The\x20requested\x20URL\x20was\x20not\x20found\x20on\x20the\x20server\.\x20If\x20you\x20entered\x20the\x20URL\x20manually\x20please\x20check\x20your\x20spelling\x20and\x20try\x20again\.&lt;/p&gt;\n&quot;)%r(SIPOptions,1C,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\n\r\n&quot;);" method="probed" conf="10"/><script id="http-auth-finder" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=forgot.htb&#xa; url method&#xa; http://forgot.htb:80/ FORM&#xa; http://forgot.htb:80/login FORM&#xa;"/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-useragent-tester" output="&#xa; Status for browser useragent: 200&#xa; Allowed User Agents: &#xa; Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa; libwww&#xa; lwp-trivial&#xa; libcurl-agent/1.0&#xa; PHP/&#xa; Python-urllib/2.5&#xa; GT::WWW&#xa; Snoopy&#xa; MFC_Tear_Sample&#xa; HTTP::Lite&#xa; PHPCrawl&#xa; URI::Fetch&#xa; Zend_Http_Client&#xa; http client&#xa; PECL::HTTP&#xa; Wget/1.13.4 (linux-gnu)&#xa; WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
<table key="Allowed User Agents">
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
<elem>libwww</elem>
<elem>lwp-trivial</elem>
<elem>libcurl-agent/1.0</elem>
<elem>PHP/</elem>
<elem>Python-urllib/2.5</elem>
<elem>GT::WWW</elem>
<elem>Snoopy</elem>
<elem>MFC_Tear_Sample</elem>
<elem>HTTP::Lite</elem>
<elem>PHPCrawl</elem>
<elem>URI::Fetch</elem>
<elem>Zend_Http_Client</elem>
<elem>http client</elem>
<elem>PECL::HTTP</elem>
<elem>Wget/1.13.4 (linux-gnu)</elem>
<elem>WWW-Mechanize/1.34</elem>
</table>
</script><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-server-header" output="Werkzeug/2.1.2 Python/3.8.10"><elem>Werkzeug/2.1.2 Python/3.8.10</elem>
</script><script id="http-comments-displayer" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=forgot.htb&#xa; &#xa; Path: http://forgot.htb:80/login&#xa; Line number: 218&#xa; Comment: &#xa; &lt;!-&#45; IonIcons -&#45;&gt;&#xa; &#xa; Path: http://forgot.htb:80/login&#xa; Line number: 169&#xa; Comment: &#xa; &lt;!-&#45; Q1 release fix by -&#45;&gt;&#xa; &#xa; Path: http://forgot.htb:80/login&#xa; Line number: 229&#xa; Comment: &#xa; &#xa; //# sourceURL=pen.js&#xa; &#xa; Path: http://forgot.htb:80/&#xa; Line number: 169&#xa; Comment: &#xa; &lt;!-&#45; Q1 release fix by robert-dev-10025 -&#45;&gt;&#xa;"/><script id="http-chrono" output="Request times for /; avg: 1912.75ms; min: 656.22ms; max: 4371.75ms"/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-csrf" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=forgot.htb&#xa; Found the following possible CSRF vulnerabilities: &#xa; &#xa; Path: http://forgot.htb:80/&#xa; Form id: username&#xa; Form action: /login&#xa; &#xa; Path: http://forgot.htb:80/login&#xa; Form id: username&#xa; Form action: /login&#xa;"/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-errors" output="&#xa;Spidering limited to: maxpagecount=40; withinhost=forgot.htb&#xa; Found the following error pages: &#xa; &#xa; Error Code: 404&#xa; &#x9;http://forgot.htb:80/static/js/cgi.js&#xa; &#xa; Error Code: 404&#xa; &#x9;http://forgot.htb:80/static/js/pay.js&#xa; &#xa; Error Code: 404&#xa; &#x9;http://forgot.htb:80/static/js/status.js&#xa; &#xa; Error Code: 404&#xa; &#x9;http://forgot.htb:80/static/js/download.js&#xa; &#xa; Error Code: 404&#xa; &#x9;http://forgot.htb:80/static/js/api.js&#xa; &#xa; Error Code: 404&#xa; &#x9;http://forgot.htb:80/static/js/457284.js&#xa; &#xa; Error Code: 404&#xa; &#x9;http://forgot.htb:80/static/js/check.js&#xa;"/><script id="http-headers" output="&#xa; Server: Werkzeug/2.1.2 Python/3.8.10&#xa; Date: Thu, 09 Feb 2023 21:09:25 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 5186&#xa; X-Varnish: 11534348 329367&#xa; Age: 23&#xa; Via: 1.1 varnish (Varnish/6.2)&#xa; Accept-Ranges: bytes&#xa; Connection: close&#xa; &#xa; (Request type: HEAD)&#xa;"/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="fingerprint-strings" output="&#xa; FourOhFourRequest: &#xa; HTTP/1.1 404 NOT FOUND&#xa; Server: Werkzeug/2.1.2 Python/3.8.10&#xa; Date: Thu, 09 Feb 2023 21:07:30 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 207&#xa; X-Varnish: 819491&#xa; Age: 0&#xa; Via: 1.1 varnish (Varnish/6.2)&#xa; Connection: close&#xa; &lt;!doctype html&gt;&#xa; &lt;html lang=en&gt;&#xa; &lt;title&gt;404 Not Found&lt;/title&gt;&#xa; &lt;h1&gt;Not Found&lt;/h1&gt;&#xa; &lt;p&gt;The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.&lt;/p&gt;&#xa; GetRequest: &#xa; HTTP/1.1 302 FOUND&#xa; Server: Werkzeug/2.1.2 Python/3.8.10&#xa; Date: Thu, 09 Feb 2023 21:07:25 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 219&#xa; Location: http://127.0.0.1&#xa; X-Varnish: 1114114&#xa; Age: 0&#xa; Via: 1.1 varnish (Varnish/6.2)&#xa; Connection: close&#xa; &lt;!doctype html&gt;&#xa; &lt;html lang=en&gt;&#xa; &lt;title&gt;Redirecting...&lt;/title&gt;&#xa; &lt;h1&gt;Redirecting...&lt;/h1&gt;&#xa; &lt;p&gt;You should be redirected automatically to the target URL: &lt;a href=&quot;http://127.0.0.1&quot;&gt;http://127.0.0.1&lt;/a&gt;. If not, click the link.&#xa; HTTPOptions: &#xa; HTTP/1.1 200 OK&#xa; Server: Werkzeug/2.1.2 Python/3.8.10&#xa; Date: Thu, 09 Feb 2023 21:07:25 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Allow: GET, HEAD, OPTIONS&#xa; Content-Length: 0&#xa; X-Varnish: 524300&#xa; Age: 0&#xa; Via: 1.1 varnish (Varnish/6.2)&#xa; Accept-Ranges: bytes&#xa; Connection: close&#xa; RTSPRequest, SIPOptions: &#xa; HTTP/1.1 400 Bad Request"><elem key="FourOhFourRequest">&#xa; HTTP/1.1 404 NOT FOUND&#xa; Server: Werkzeug/2.1.2 Python/3.8.10&#xa; Date: Thu, 09 Feb 2023 21:07:30 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 207&#xa; X-Varnish: 819491&#xa; Age: 0&#xa; Via: 1.1 varnish (Varnish/6.2)&#xa; Connection: close&#xa; &lt;!doctype html&gt;&#xa; &lt;html lang=en&gt;&#xa; &lt;title&gt;404 Not Found&lt;/title&gt;&#xa; &lt;h1&gt;Not Found&lt;/h1&gt;&#xa; &lt;p&gt;The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.&lt;/p&gt;</elem>
<elem key="GetRequest">&#xa; HTTP/1.1 302 FOUND&#xa; Server: Werkzeug/2.1.2 Python/3.8.10&#xa; Date: Thu, 09 Feb 2023 21:07:25 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Content-Length: 219&#xa; Location: http://127.0.0.1&#xa; X-Varnish: 1114114&#xa; Age: 0&#xa; Via: 1.1 varnish (Varnish/6.2)&#xa; Connection: close&#xa; &lt;!doctype html&gt;&#xa; &lt;html lang=en&gt;&#xa; &lt;title&gt;Redirecting...&lt;/title&gt;&#xa; &lt;h1&gt;Redirecting...&lt;/h1&gt;&#xa; &lt;p&gt;You should be redirected automatically to the target URL: &lt;a href=&quot;http://127.0.0.1&quot;&gt;http://127.0.0.1&lt;/a&gt;. If not, click the link.</elem>
<elem key="HTTPOptions">&#xa; HTTP/1.1 200 OK&#xa; Server: Werkzeug/2.1.2 Python/3.8.10&#xa; Date: Thu, 09 Feb 2023 21:07:25 GMT&#xa; Content-Type: text/html; charset=utf-8&#xa; Allow: GET, HEAD, OPTIONS&#xa; Content-Length: 0&#xa; X-Varnish: 524300&#xa; Age: 0&#xa; Via: 1.1 varnish (Varnish/6.2)&#xa; Accept-Ranges: bytes&#xa; Connection: close</elem>
<elem key="RTSPRequest, SIPOptions">&#xa; HTTP/1.1 400 Bad Request</elem>
</script><script id="http-userdir-enum" output="Potential Users: guest"/><script id="http-methods" output="&#xa; Supported Methods: GET HEAD OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-sitemap-generator" output="&#xa; Directory structure:&#xa; /&#xa; Other: 2&#xa; /static/js/&#xa; js: 1&#xa; Longest directory structure:&#xa; Depth: 2&#xa; Dir: /static/js/&#xa; Total files found (by extension):&#xa; Other: 2; js: 1&#xa;"/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-referer-checker" output="&#xa;Spidering limited to: maxpagecount=30&#xa; https://cpwebassets.codepen.io:443/assets/common/stopExecutionOnTimeout-1b93190375e9ccc259df3a57c1abc0e64599724ae30d7ea4c6877eb615f89387.js&#xa; https://unpkg.com:443/ionicons15.5.2/dist/ionicons/ionicons.esm.js&#xa; https://unpkg.com:443/ionicons15.5.2/dist/ionicons/ionicons.js&#xa;"/><script id="http-internal-ip-disclosure" output="&#xa; Internal IP Leaked: 127.0.0.1"><elem key="Internal IP Leaked">127.0.0.1</elem>
</script><script id="http-date" output="Thu, 09 Feb 2023 21:09:25 GMT; -24s from local time."><elem key="date">2023-02-09T21:09:25+00:00</elem>
<elem key="delta">-24.0</elem>
</script><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-vhosts" output="&#xa;mx1.htb : 503&#xa;127 names had status 302"/><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-security-headers" output=""></script><script id="http-title" output="Login"><elem key="title">Login</elem>
</script><script id="http-php-version" output="Logo query returned unknown hash 981422263a4cb5d87cca48028a07cde0&#xa;Credits query returned unknown hash 44fd73eb3fb0fa9c308b25d9334d0a89"/><script id="http-malware-host" output="Host appears to be clean"/></port>
</ports>
<times srtt="33029" rttvar="33029" to="165145"/>
</host>
<taskbegin task="NSE" time="1675977109"/>
<taskend task="NSE" time="1675977109"/>
<taskbegin task="NSE" time="1675977109"/>
<taskend task="NSE" time="1675977109"/>
<taskbegin task="NSE" time="1675977109"/>
<taskend task="NSE" time="1675977109"/>
<runstats><finished time="1675977109" timestr="Thu Feb 9 22:11:49 2023" summary="Nmap done at Thu Feb 9 22:11:49 2023; 1 IP address (1 host up) scanned in 270.20 seconds" elapsed="270.20" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>