simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
HTB/interface/results/report/report.md/interface.htb/Commands.md Normal file
View File

@@ -0,0 +1,29 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml" interface.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/interface/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml" interface.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml" interface.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" interface.htb
feroxbuster -u http://interface.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://interface.htb:80/.well-known/security.txt
curl -sSikf http://interface.htb:80/robots.txt
curl -sSik http://interface.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml" interface.htb
curl -sk -o /dev/null -H "Host: wrkVpqvNoUJwGPBtPTqT.interface.htb" http://interface.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://interface.htb:80 2>&1
wkhtmltoimage --format png http://interface.htb:80/ /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://interface.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.interface.htb" -fs 6359 -noninteractive -s | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt"
```

35
HTB/interface/results/report/report.md/interface.htb/Manual Commands.md Normal file
View File

@@ -0,0 +1,35 @@
```bash
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://interface.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h interface.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://interface.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://interface.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h interface.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://interface.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h interface.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://interface.htb:80 2>&1 | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://interface.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_wpscan.txt"
```

4
HTB/interface/results/report/report.md/interface.htb/Patterns.md Normal file
View File

@@ -0,0 +1,4 @@
Matched Pattern: Powered-By: Next.js
Identified HTTP Server: nginx/1.14.0 (Ubuntu)

62
HTB/interface/results/report/report.md/interface.htb/Port Scans/PortScan - All TCP Ports.md Normal file
View File

@@ -0,0 +1,62 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/interface/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml" interface.htb
```
[/home/simon/htb/interface/results/scans/_full_tcp_nmap.txt](file:///home/simon/htb/interface/results/scans/_full_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/interface/results/scans/_full_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_full_tcp_nmap.xml interface.htb
Nmap scan report for interface.htb (10.129.146.193)
Host is up, received user-set (0.060s latency).
Scanned at 2023-02-11 20:04:00 CET for 48s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 7289a0957eceaea8596b2d2dbc90b55a (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH
| 256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
| 256 cc62905560a658629e6b80105c799b55 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
80/tcp open http syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
|_http-title: Site Maintenance
|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.14.0 (Ubuntu)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 5.0 (93%), Linux 5.4 (93%), Linux 5.0 - 5.4 (93%), HP P2000 G3 NAS device (91%), Linux 4.15 - 5.6 (91%), Linux 5.3 - 5.4 (90%), Linux 2.6.32 (90%), Infomir MAG-250 set-top box (90%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (90%), Linux 5.0 - 5.3 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/11%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E7E6D0%P=x86_64-pc-linux-gnu)
SEQ(SP=FE%GCD=1%ISR=10D%TI=Z%CI=Z%II=I%TS=A)
OPS(O1=M569ST11NW7%O2=M569ST11NW7%O3=M569NNT11NW7%O4=M569ST11NW7%O5=M569ST11NW7%O6=M569ST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M569NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 18.717 days (since Tue Jan 24 02:52:54 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=254 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 53/tcp)
HOP RTT ADDRESS
1 77.01 ms 10.10.16.1
2 77.09 ms interface.htb (10.129.146.193)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Feb 11 20:04:48 2023 -- 1 IP address (1 host up) scanned in 49.84 seconds
```

54
HTB/interface/results/report/report.md/interface.htb/Port Scans/PortScan - Top 100 UDP Ports.md Normal file
View File

@@ -0,0 +1,54 @@
```bash
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml" interface.htb
```
[/home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt](file:///home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/htb/interface/results/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_top_100_udp_nmap.xml interface.htb
Warning: 10.129.146.193 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.129.146.193 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.129.146.193 from 200 to 400 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.129.146.193 from 400 to 800 due to 11 out of 12 dropped probes since last increase.
adjust_timeouts2: packet supposedly had rtt of -432739 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -432739 microseconds. Ignoring time.
Nmap scan report for interface.htb (10.129.146.193)
Host is up, received user-set (0.035s latency).
Scanned at 2023-02-11 20:04:01 CET for 231s
Not shown: 87 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
17/udp open|filtered qotd no-response
68/udp open|filtered dhcpc no-response
80/udp open|filtered http no-response
177/udp open|filtered xdmcp no-response
593/udp open|filtered http-rpc-epmap no-response
631/udp open|filtered ipp no-response
1029/udp open|filtered solid-mux no-response
1719/udp open|filtered h323gatestat no-response
3703/udp open|filtered adobeserver-3 no-response
4444/udp open|filtered krb524 no-response
32815/udp open|filtered unknown no-response
49154/udp open|filtered unknown no-response
65024/udp open|filtered unknown no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/11%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E7E788%P=x86_64-pc-linux-gnu)
SEQ(CI=Z%II=I)
SEQ(CI=Z)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 49192/udp)
HOP RTT ADDRESS
1 33.86 ms 10.10.16.1
2 33.95 ms interface.htb (10.129.146.193)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Feb 11 20:07:52 2023 -- 1 IP address (1 host up) scanned in 233.62 seconds
```

69
HTB/interface/results/report/report.md/interface.htb/Port Scans/PortScan - Top TCP Ports.md Normal file
View File

@@ -0,0 +1,69 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml" interface.htb
```
[/home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt](file:///home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Feb 11 20:03:59 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/interface/results/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/interface/results/scans/xml/_quick_tcp_nmap.xml interface.htb
adjust_timeouts2: packet supposedly had rtt of -223229 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -223229 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -541797 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -541797 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -189731 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -189731 microseconds. Ignoring time.
Nmap scan report for interface.htb (10.129.146.193)
Host is up, received user-set (0.054s latency).
Scanned at 2023-02-11 20:04:00 CET for 29s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
| 256 cc62905560a658629e6b80105c799b55 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
80/tcp open http syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
|_http-title: Site Maintenance
|_http-server-header: nginx/1.14.0 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD
|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
Device type: general purpose
Running (JUST GUESSING): Linux 5.X|2.6.X|4.X (88%)
OS CPE: cpe:/o:linux:linux_kernel:5.0 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:4
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
Aggressive OS guesses: Linux 5.0 (88%), Linux 5.0 - 5.4 (88%), Linux 2.6.32 (88%), Linux 5.4 (86%), Linux 4.15 - 5.6 (85%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/11%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E7E6BD%P=x86_64-pc-linux-gnu)
SEQ(SP=105%GCD=1%ISR=10C%TI=Z%TS=A)
OPS(O1=M569ST11NW7%O2=M569ST11NW7%O3=M569NNT11NW7%O4=M569ST11NW7%O5=M569ST11NW7%O6=M569ST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=Y%DF=Y%TG=40%W=FAF0%O=M569NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=N)
T7(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 18.716 days (since Tue Jan 24 02:52:54 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 1720/tcp)
HOP RTT ADDRESS
1 58.77 ms 10.10.16.1
2 71.96 ms interface.htb (10.129.146.193)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Feb 11 20:04:29 2023 -- 1 IP address (1 host up) scanned in 31.39 seconds
```

72
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-22-ssh/Nmap SSH.md Normal file
View File

@@ -0,0 +1,72 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" interface.htb
```
[/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml interface.htb
Nmap scan report for interface.htb (10.129.146.193)
Host is up, received user-set (0.020s latency).
Scanned at 2023-02-11 20:04:30 CET for 3s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
| ssh-hostkey:
| 2048 7289a0957eceaea8596b2d2dbc90b55a (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH
| 256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
| 256 cc62905560a658629e6b80105c799b55 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| diffie-hellman-group14-sha1
| server_host_key_algorithms: (5)
| ssh-rsa
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
|_banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Feb 11 20:04:33 2023 -- 1 IP address (1 host up) scanned in 3.25 seconds
```

3
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Curl Robots.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
curl -sSikf http://interface.htb:80/robots.txt
```

22
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Curl.md Normal file
View File

File diff suppressed because one or more lines are too long

189
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Directory Buster.md Normal file
View File

@@ -0,0 +1,189 @@
```bash
feroxbuster -u http://interface.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
```
[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt):
```
200 GET 1l 316w 15444c http://interface.htb/_next/static/chunks/pages/index-c95e13dd48858e5b.js
200 GET 5l 46w 15086c http://interface.htb/favicon.ico
200 GET 1l 111w 6359c http://interface.htb/
200 GET 1l 1559w 86841c http://interface.htb/_next/static/chunks/main-50de763069eba4b2.js
200 GET 1l 1821w 91460c http://interface.htb/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js
200 GET 1l 2w 77c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_ssgManifest.js
308 GET 1l 1w 0c http://interface.htb/application/ => http://interface.htb/application
308 GET 1l 1w 0c http://interface.htb/.git/logs/ => http://interface.htb/.git/logs
308 GET 1l 1w 0c http://interface.htb/.git/_next/static/ => http://interface.htb/.git/_next/static
200 GET 1l 3w 245c http://interface.htb/_next/static/chunks/pages/_error-dfcfa5bb62767c20.js
200 GET 1l 39w 1591c http://interface.htb/_next/static/chunks/webpack-ee7e63bc15b31913.js
308 GET 1l 1w 0c http://interface.htb/.git/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.git/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_next/static/chunks/pages/ => http://interface.htb/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.git/logs/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_next/static/chunks/ => http://interface.htb/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.git/logs/application/ => http://interface.htb/.git/logs/application
308 GET 1l 1w 0c http://interface.htb/_next/static/ => http://interface.htb/_next/static
308 GET 1l 1w 0c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/static/ => http://interface.htb/.git/logs/_next/static
200 GET 1l 5w 279c http://interface.htb/_next/static/chunks/pages/_app-df511a3677d160f6.js
200 GET 1l 1w 282c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_buildManifest.js
308 GET 1l 1w 0c http://interface.htb/.git/application/ => http://interface.htb/.git/application
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/static/chunks/ => http://interface.htb/.git/logs/_next/static/chunks
200 GET 33l 2908w 141045c http://interface.htb/_next/static/chunks/framework-8c5acb0054140387.js
308 GET 1l 1w 0c http://interface.htb/.git/_next/ => http://interface.htb/.git/_next
308 GET 1l 1w 0c http://interface.htb/_next/ => http://interface.htb/_next
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/ => http://interface.htb/.git/logs/_next
308 GET 1l 1w 0c http://interface.htb/.git/_next/static/chunks/pages/ => http://interface.htb/.git/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.git/_next/static/chunks/ => http://interface.htb/.git/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/static/chunks/pages/ => http://interface.htb/.git/logs/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/static/ => http://interface.htb/.well-known/_next/static
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/static/chunks/ => http://interface.htb/.well-known/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.svn/_next/static/ => http://interface.htb/.svn/_next/static
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/static/chunks/pages/ => http://interface.htb/.well-known/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.svn/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.svn/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/ => http://interface.htb/.well-known/_next
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/static/chunks/pages/ => http://interface.htb/.well-known/autoconfig/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.well-known/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/.svn/application/ => http://interface.htb/.svn/application
308 GET 1l 1w 0c http://interface.htb/.svn/_next/static/chunks/ => http://interface.htb/.svn/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.svn/_next/static/chunks/pages/ => http://interface.htb/.svn/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/application/ => http://interface.htb/.well-known/autoconfig/application
308 GET 1l 1w 0c http://interface.htb/.well-known/application/ => http://interface.htb/.well-known/application
308 GET 1l 1w 0c http://interface.htb/.svn/_next/ => http://interface.htb/.svn/_next
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/static/chunks/ => http://interface.htb/.well-known/autoconfig/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/static/ => http://interface.htb/.well-known/autoconfig/_next/static
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.well-known/autoconfig/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/ => http://interface.htb/.well-known/autoconfig/_next
308 GET 1l 1w 0c http://interface.htb/CVS/_next/static/ => http://interface.htb/CVS/_next/static
308 GET 1l 1w 0c http://interface.htb/CVS/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/CVS/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/CVS/_next/static/chunks/pages/ => http://interface.htb/CVS/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/CVS/_next/ => http://interface.htb/CVS/_next
308 GET 1l 1w 0c http://interface.htb/CVS/_next/static/chunks/ => http://interface.htb/CVS/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/CVS/application/ => http://interface.htb/CVS/application
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/static/ => http://interface.htb/_vti_bin/_vti_aut/_next/static
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/static/ => http://interface.htb/_vti_bin/_vti_adm/_next/static
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/application/ => http://interface.htb/_vti_bin/_vti_aut/application
308 GET 1l 1w 0c http://interface.htb/_vti_bin/application/ => http://interface.htb/_vti_bin/application
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/static/chunks/ => http://interface.htb/_vti_bin/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/ => http://interface.htb/_vti_bin/_vti_adm/_next
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/static/ => http://interface.htb/_vti_bin/_next/static
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/application/ => http://interface.htb/_vti_bin/_vti_adm/application
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/ => http://interface.htb/_vti_bin/_next
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/ => http://interface.htb/_vti_bin/_vti_aut/_next
308 GET 1l 1w 0c http://interface.htb/android/_next/static/chunks/ => http://interface.htb/android/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/android/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/android/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/android/application/ => http://interface.htb/android/application
308 GET 1l 1w 0c http://interface.htb/android/_next/static/ => http://interface.htb/android/_next/static
308 GET 1l 1w 0c http://interface.htb/android/_next/ => http://interface.htb/android/_next
308 GET 1l 1w 0c http://interface.htb/android/_next/static/chunks/pages/ => http://interface.htb/android/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/api/application/ => http://interface.htb/api/application
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/api/experiments/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/static/chunks/ => http://interface.htb/api/experiments/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/api/_next/static/chunks/ => http://interface.htb/api/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/static/ => http://interface.htb/api/experiments/_next/static
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/ => http://interface.htb/api/experiments/_next
308 GET 1l 1w 0c http://interface.htb/api/_next/static/ => http://interface.htb/api/_next/static
308 GET 1l 1w 0c http://interface.htb/api/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/api/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/api/_next/ => http://interface.htb/api/_next
308 GET 1l 1w 0c http://interface.htb/api/experiments/application/ => http://interface.htb/api/experiments/application
308 GET 1l 1w 0c http://interface.htb/api/_next/static/chunks/pages/ => http://interface.htb/api/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/static/chunks/pages/ => http://interface.htb/api/experiments/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/cgi-bin/ => http://interface.htb/cgi-bin
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/cgi-bin/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/cgi-bin/application/ => http://interface.htb/cgi-bin/application
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/static/ => http://interface.htb/cgi-bin/_next/static
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/static/chunks/pages/ => http://interface.htb/cgi-bin/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/ => http://interface.htb/cgi-bin/_next
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/static/chunks/ => http://interface.htb/cgi-bin/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/federation/_next/static/chunks/ => http://interface.htb/federation/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/federation/_next/static/chunks/pages/ => http://interface.htb/federation/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/federation/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/federation/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/federation/application/ => http://interface.htb/federation/application
308 GET 1l 1w 0c http://interface.htb/federation/_next/static/ => http://interface.htb/federation/_next/static
308 GET 1l 1w 0c http://interface.htb/federation/_next/ => http://interface.htb/federation/_next
308 GET 1l 1w 0c http://interface.htb/ios/application/ => http://interface.htb/ios/application
308 GET 1l 1w 0c http://interface.htb/ios/_next/static/chunks/pages/ => http://interface.htb/ios/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/ios/_next/ => http://interface.htb/ios/_next
308 GET 1l 1w 0c http://interface.htb/ios/_next/static/chunks/ => http://interface.htb/ios/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/ios/_next/static/ => http://interface.htb/ios/_next/static
308 GET 1l 1w 0c http://interface.htb/ios/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/ios/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/mfa/_next/ => http://interface.htb/mfa/_next
308 GET 1l 1w 0c http://interface.htb/mfa/application/ => http://interface.htb/mfa/application
308 GET 1l 1w 0c http://interface.htb/mfa/_next/static/ => http://interface.htb/mfa/_next/static
308 GET 1l 1w 0c http://interface.htb/mfa/_next/static/chunks/pages/ => http://interface.htb/mfa/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/mfa/_next/static/chunks/ => http://interface.htb/mfa/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/mfa/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/mfa/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oauth/application/ => http://interface.htb/oauth/application
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/static/chunks/ => http://interface.htb/oauth/device/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/oauth/device/application/ => http://interface.htb/oauth/device/application
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/device/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/token/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oauth/_next/static/chunks/pages/ => http://interface.htb/oauth/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/static/chunks/pages/ => http://interface.htb/oauth/device/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/ => http://interface.htb/oauth/token/_next
308 GET 1l 1w 0c http://interface.htb/oauth/_next/static/ => http://interface.htb/oauth/_next/static
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/ => http://interface.htb/oauth/device/_next
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/static/chunks/pages/ => http://interface.htb/oauth/token/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/oauth/_next/ => http://interface.htb/oauth/_next
308 GET 1l 1w 0c http://interface.htb/oauth/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/static/ => http://interface.htb/oauth/token/_next/static
308 GET 1l 1w 0c http://interface.htb/oauth/_next/static/chunks/ => http://interface.htb/oauth/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/oauth/token/application/ => http://interface.htb/oauth/token/application
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/static/ => http://interface.htb/oauth/device/_next/static
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/static/chunks/ => http://interface.htb/oauth/token/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/oidc/_next/static/chunks/pages/ => http://interface.htb/oidc/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/oidc/_next/static/chunks/ => http://interface.htb/oidc/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/oidc/_next/static/ => http://interface.htb/oidc/_next/static
308 GET 1l 1w 0c http://interface.htb/oidc/application/ => http://interface.htb/oidc/application
308 GET 1l 1w 0c http://interface.htb/oidc/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oidc/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oidc/_next/ => http://interface.htb/oidc/_next
308 GET 1l 1w 0c http://interface.htb/servlet/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/servlet/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/servlet/application/ => http://interface.htb/servlet/application
308 GET 1l 1w 0c http://interface.htb/servlet/_next/static/chunks/pages/ => http://interface.htb/servlet/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/servlet/_next/static/ => http://interface.htb/servlet/_next/static
308 GET 1l 1w 0c http://interface.htb/servlet/_next/ => http://interface.htb/servlet/_next
308 GET 1l 1w 0c http://interface.htb/servlet/_next/static/chunks/ => http://interface.htb/servlet/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/token/_next/static/chunks/ => http://interface.htb/token/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/token/_next/ => http://interface.htb/token/_next
308 GET 1l 1w 0c http://interface.htb/token/_next/static/ => http://interface.htb/token/_next/static
308 GET 1l 1w 0c http://interface.htb/token/_next/static/chunks/pages/ => http://interface.htb/token/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/token/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/token/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/token/application/ => http://interface.htb/token/application
308 GET 1l 1w 0c http://interface.htb/v1/application/ => http://interface.htb/v1/application
308 GET 1l 1w 0c http://interface.htb/v1/_next/ => http://interface.htb/v1/_next
308 GET 1l 1w 0c http://interface.htb/v1/_next/static/chunks/ => http://interface.htb/v1/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/v1/_next/static/chunks/pages/ => http://interface.htb/v1/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/v1/_next/static/ => http://interface.htb/v1/_next/static
308 GET 1l 1w 0c http://interface.htb/v2/_next/static/chunks/ => http://interface.htb/v2/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/v1/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/v1/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/v2/application/ => http://interface.htb/v2/application
308 GET 1l 1w 0c http://interface.htb/v2/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/v2/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/v2/_next/static/chunks/pages/ => http://interface.htb/v2/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/v2/_next/static/ => http://interface.htb/v2/_next/static
308 GET 1l 1w 0c http://interface.htb/v2/_next/ => http://interface.htb/v2/_next
200 GET 1l 2w 77c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_ssgManifest.js
308 GET 1l 1w 0c http://interface.htb/_next/static/chunks/pages/ => http://interface.htb/_next/static/chunks/pages
200 GET 5l 46w 15086c http://interface.htb/favicon.ico
308 GET 1l 1w 0c http://interface.htb/application/ => http://interface.htb/application
200 GET 1l 316w 15444c http://interface.htb/_next/static/chunks/pages/index-c95e13dd48858e5b.js
200 GET 1l 111w 6359c http://interface.htb/
308 GET 1l 1w 0c http://interface.htb/_next/static/chunks/ => http://interface.htb/_next/static/chunks
200 GET 1l 39w 1591c http://interface.htb/_next/static/chunks/webpack-ee7e63bc15b31913.js
200 GET 1l 1w 282c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_buildManifest.js
308 GET 1l 1w 0c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN
200 GET 1l 5w 279c http://interface.htb/_next/static/chunks/pages/_app-df511a3677d160f6.js
200 GET 1l 1559w 86841c http://interface.htb/_next/static/chunks/main-50de763069eba4b2.js
200 GET 1l 3w 245c http://interface.htb/_next/static/chunks/pages/_error-dfcfa5bb62767c20.js
308 GET 1l 1w 0c http://interface.htb/_next/static/ => http://interface.htb/_next/static
308 GET 1l 1w 0c http://interface.htb/_next/ => http://interface.htb/_next
200 GET 33l 2908w 141045c http://interface.htb/_next/static/chunks/framework-8c5acb0054140387.js
200 GET 1l 1821w 91460c http://interface.htb/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js
```

3
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Known Security.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
curl -sSikf http://interface.htb:80/.well-known/security.txt
```

305
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Nmap HTTP.md Normal file
View File

@@ -0,0 +1,305 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml" interface.htb
```
[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml interface.htb
Nmap scan report for interface.htb (10.129.146.193)
Host is up, received user-set (0.019s latency).
Scanned at 2023-02-11 20:04:33 CET for 110s
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
|_http-malware-host: Host appears to be clean
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-methods:
|_ Supported Methods: GET HEAD
|_http-date: Sat, 11 Feb 2023 19:04:43 GMT; +1s from local time.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-mobileversion-checker: No mobile version detected.
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_ Other: 1
| http-grep:
| (1) http://interface.htb:80/:
| (1) email:
|_ + contact@interface.htb
| http-php-version: Logo query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df
|_Credits query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-errors: Couldn't find any error pages.
| http-vhosts:
|_128 names had status 200
|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-server-header: nginx/1.14.0 (Ubuntu)
|_http-chrono: Request times for /; avg: 270.73ms; min: 153.90ms; max: 523.51ms
| http-wordpress-enum:
| Search limited to top 100 themes/plugins
| plugins
| akismet
| contact-form-7
| wordpress-seo
| jetpack
| all-in-one-seo-pack
| wordfence
| woocommerce
| google-sitemap-generator
| wordpress-importer
| nextgen-gallery
| google-analytics-for-wordpress
| wp-super-cache
| tinymce-advanced
| wptouch
| better-wp-security
| siteorigin-panels
| updraftplus
| w3-total-cache
| google-analytics-dashboard-for-wp
| wp-pagenavi
| si-contact-form
| advanced-custom-fields
| mailchimp-for-wp
| the-events-calendar
| add-to-any
| duplicator
| wysija-newsletters
| ninja-forms
| wp-smushit
| buddypress
| ewww-image-optimizer
| so-widgets-bundle
| really-simple-captcha
| ml-slider
| black-studio-tinymce-widget
| photo-gallery
| broken-link-checker
| regenerate-thumbnails
| google-analyticator
| redirection
| captcha
| duplicate-post
| breadcrumb-navxt
| backwpup
| user-role-editor
| yet-another-related-posts-plugin
| contact-form-plugin
| newsletter
| bbpress
| all-in-one-wp-security-and-firewall
| disable-comments
| social-networks-auto-poster-facebook-twitter-g
| wp-optimize
| addthis
| wp-statistics
| wp-e-commerce
| all-in-one-wp-migration
| backupwordpress
| si-captcha-for-wordpress
| wp-slimstat
| wp-google-maps
| wp-spamshield
| wp-maintenance-mode
| googleanalytics
| worker
| yith-woocommerce-wishlist
| wp-multibyte-patch
| wp-to-twitter
| image-widget
| wp-db-backup
| shortcodes-ultimate
| ultimate-tinymce
| share-this
| disqus-comment-system
| gallery-bank
| types
| wp-polls
| custom-post-type-ui
| shareaholic
| polylang
| post-types-order
| gtranslate
| bulletproof-security
| wp-fastest-cache
| facebook
| sociable
| iwp-client
| nextgen-facebook
| seo-ultimate
| wp-postviews
| formidable
| squirrly-seo
| wp-mail-smtp
| tablepress
| redux-framework
| page-links-to
| youtube-embed-plus
| contact-bank
| maintenance
| wp-retina-2x
| themes
| twentyeleven
| twentytwelve
| twentyten
| twentythirteen
| twentyfourteen
| twentyfifteen
| responsive
| customizr
| zerif-lite
| virtue
| storefront
| atahualpa
| twentysixteen
| vantage
| hueman
| spacious
| evolve
| colorway
| graphene
| sydney
| ifeature
| mh-magazine-lite
| generatepress
| mantra
| omega
| onetone
| coraline
| pinboard
| thematic
| sparkling
| catch-box
| make
| colormag
| enigma
| custom-community
| mystique
| alexandria
| delicate
| lightword
| attitude
| inove
| magazine-basic
| raindrops
| minamaze
| zbench
| point
| eclipse
| portfolio-press
| twentyseventeen
| travelify
| swift-basic
| iconic-one
| arcade-basic
| bouquet
| pixel
| sliding-door
| pilcrow
| simple-catch
| tempera
| destro
| p2
| sunspot
| sundance
| dusk-to-dawn
| onepress
| moesia
| dynamic-news-lite
| parabola
| parament
| dazzling
| accesspress-lite
| optimizer
| one-page
| chaostheory
| business-lite
| duster
| constructor
| nirvana
| sixteen
| esquire
| beach
| next-saturday
| flat
| hatch
| minimatica
| radiate
| accelerate
| oxygen
| accesspress-parallax
| swift
| spun
| wp-creativix
| suevafree
| hemingway
| pink-touch-2
| motion
| fruitful
| steira
| news
|_ llorix-one-lite
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-security-headers:
| Content_Security_Policy:
| Header: Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
| Description: Define which scripts the protected resource can execute.
| Description: Define which styles (CSS) the user applies to the protected resource.
| Description: Define from where the protected resource can load images.
| Description: Define from where the protected resource can embed frames.
|_ Description: Define which URIs the protected resource can load using script interfaces.
| http-headers:
| Server: nginx/1.14.0 (Ubuntu)
| Date: Sat, 11 Feb 2023 19:04:44 GMT
| Content-Type: text/html; charset=utf-8
| Content-Length: 6359
| Connection: close
| Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
| X-Powered-By: Next.js
| ETag: "i8ubiadkff4wf"
| Vary: Accept-Encoding
|
|_ (Request type: HEAD)
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-feed: Couldn't find any feeds.
|_http-comments-displayer: Couldn't find any comments.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-title: Site Maintenance
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Feb 11 20:06:23 2023 -- 1 IP address (1 host up) scanned in 113.44 seconds
```

11
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Virtual Host Enumeration.md Normal file
View File

@@ -0,0 +1,11 @@
```bash
curl -sk -o /dev/null -H "Host: wrkVpqvNoUJwGPBtPTqT.interface.htb" http://interface.htb:80/ -w "%{size_download}"
``````bash
ffuf -u http://interface.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.interface.htb" -fs 6359 -noninteractive -s | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt"
```
[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt):
```
```

84
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/whatweb.md Normal file
View File

@@ -0,0 +1,84 @@
```bash
whatweb --color=never --no-errors -a 3 -v http://interface.htb:80 2>&1
```
[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_whatweb.txt):
```
WhatWeb report for http://interface.htb:80
Status : 200 OK
Title : <None>
IP : 10.129.146.193
Country : RESERVED, ZZ
Summary : Email[contact@interface.htb], HTML5, HTTPServer[Ubuntu Linux][nginx/1.14.0 (Ubuntu)], nginx[1.14.0], Script[application/json], UncommonHeaders[content-security-policy], X-Powered-By[Next.js]
Detected Plugins:
[ Email ]
Extract email addresses. Find valid email address and
syntactically invalid email addresses from mailto: link
tags. We match syntactically invalid links containing
mailto: to catch anti-spam email addresses, eg. bob at
gmail.com. This uses the simplified email regular
expression from
http://www.regular-expressions.info/email.html for valid
email address matching.
String : contact@interface.htb
String : contact@interface.htb
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : nginx/1.14.0 (Ubuntu) (from server string)
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
String : application/json
[ UncommonHeaders ]
Uncommon HTTP server headers. The blacklist includes all
the standard headers and many non standard but common ones.
Interesting but fairly common headers should have their own
plugins, eg. x-powered-by, server and x-aspnet-version.
Info about headers can be found at www.http-stats.com
String : content-security-policy (from headers)
[ X-Powered-By ]
X-Powered-By HTTP header
String : Next.js (from x-powered-by string)
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.14.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 11 Feb 2023 19:04:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
X-Powered-By: Next.js
ETag: "i8ubiadkff4wf"
Vary: Accept-Encoding
Content-Encoding: gzip
```

3
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/wkhtmltoimage.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
wkhtmltoimage --format png http://interface.htb:80/ /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_screenshot.png
```