simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-22-ssh/Nmap SSH.md Normal file
View File

@@ -0,0 +1,72 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" interface.htb
```
[/home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/interface/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml interface.htb
Nmap scan report for interface.htb (10.129.146.193)
Host is up, received user-set (0.020s latency).
Scanned at 2023-02-11 20:04:30 CET for 3s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
| ssh-hostkey:
| 2048 7289a0957eceaea8596b2d2dbc90b55a (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsUhYQQaT6D7Isd510Mjs3HcpUf64NWRgfkCDtCcPC3KjgNKdOByzhdgpqKftmogBoGPHDlfDboK5hTEm/6mqhbNQDhOiX1Y++AXwcgLAOpjfSExhKQSyKZVveZCl/JjB/th0YA12XJXECXl5GbNFtxDW6DnueLP5l0gWzFxJdtj7C57yai6MpHieKm564NOhsAqYqcxX8O54E9xUBW4u9n2vSM6ZnMutQiNSkfanyV0Pdo+yRWBY9TpfYHvt5A3qfcNbF3tMdQ6wddCPi98g+mEBdIbn1wQOvL0POpZ4DVg0asibwRAGo1NiUX3+dJDJbThkO7TeLyROvX/kostPH
| 256 01848c66d34ec4b1611f2d4d389c42c3 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrQxMOFdtvAa9AGgwirSYniXm7NpzZbgIKhzgCOM1qwqK8QFkN6tZuQsCsRSzZ59+3l+Ycx5lTn11fbqLFqoqM=
| 256 cc62905560a658629e6b80105c799b55 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtZ4bP4/4TJNGMNMmXWqt2dLijhttMoaeiJYJRJ4Kqy
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| diffie-hellman-group14-sha1
| server_host_key_algorithms: (5)
| ssh-rsa
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
|_banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Feb 11 20:04:33 2023 -- 1 IP address (1 host up) scanned in 3.25 seconds
```

3
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Curl Robots.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
curl -sSikf http://interface.htb:80/robots.txt
```

22
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Curl.md Normal file
View File

File diff suppressed because one or more lines are too long

189
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Directory Buster.md Normal file
View File

@@ -0,0 +1,189 @@
```bash
feroxbuster -u http://interface.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
```
[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt):
```
200 GET 1l 316w 15444c http://interface.htb/_next/static/chunks/pages/index-c95e13dd48858e5b.js
200 GET 5l 46w 15086c http://interface.htb/favicon.ico
200 GET 1l 111w 6359c http://interface.htb/
200 GET 1l 1559w 86841c http://interface.htb/_next/static/chunks/main-50de763069eba4b2.js
200 GET 1l 1821w 91460c http://interface.htb/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js
200 GET 1l 2w 77c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_ssgManifest.js
308 GET 1l 1w 0c http://interface.htb/application/ => http://interface.htb/application
308 GET 1l 1w 0c http://interface.htb/.git/logs/ => http://interface.htb/.git/logs
308 GET 1l 1w 0c http://interface.htb/.git/_next/static/ => http://interface.htb/.git/_next/static
200 GET 1l 3w 245c http://interface.htb/_next/static/chunks/pages/_error-dfcfa5bb62767c20.js
200 GET 1l 39w 1591c http://interface.htb/_next/static/chunks/webpack-ee7e63bc15b31913.js
308 GET 1l 1w 0c http://interface.htb/.git/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.git/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_next/static/chunks/pages/ => http://interface.htb/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.git/logs/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_next/static/chunks/ => http://interface.htb/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.git/logs/application/ => http://interface.htb/.git/logs/application
308 GET 1l 1w 0c http://interface.htb/_next/static/ => http://interface.htb/_next/static
308 GET 1l 1w 0c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/static/ => http://interface.htb/.git/logs/_next/static
200 GET 1l 5w 279c http://interface.htb/_next/static/chunks/pages/_app-df511a3677d160f6.js
200 GET 1l 1w 282c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_buildManifest.js
308 GET 1l 1w 0c http://interface.htb/.git/application/ => http://interface.htb/.git/application
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/static/chunks/ => http://interface.htb/.git/logs/_next/static/chunks
200 GET 33l 2908w 141045c http://interface.htb/_next/static/chunks/framework-8c5acb0054140387.js
308 GET 1l 1w 0c http://interface.htb/.git/_next/ => http://interface.htb/.git/_next
308 GET 1l 1w 0c http://interface.htb/_next/ => http://interface.htb/_next
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/ => http://interface.htb/.git/logs/_next
308 GET 1l 1w 0c http://interface.htb/.git/_next/static/chunks/pages/ => http://interface.htb/.git/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.git/_next/static/chunks/ => http://interface.htb/.git/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.git/logs/_next/static/chunks/pages/ => http://interface.htb/.git/logs/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/static/ => http://interface.htb/.well-known/_next/static
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/static/chunks/ => http://interface.htb/.well-known/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.svn/_next/static/ => http://interface.htb/.svn/_next/static
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/static/chunks/pages/ => http://interface.htb/.well-known/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.svn/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.svn/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/ => http://interface.htb/.well-known/_next
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/static/chunks/pages/ => http://interface.htb/.well-known/autoconfig/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.well-known/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.well-known/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/.svn/application/ => http://interface.htb/.svn/application
308 GET 1l 1w 0c http://interface.htb/.svn/_next/static/chunks/ => http://interface.htb/.svn/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.svn/_next/static/chunks/pages/ => http://interface.htb/.svn/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/application/ => http://interface.htb/.well-known/autoconfig/application
308 GET 1l 1w 0c http://interface.htb/.well-known/application/ => http://interface.htb/.well-known/application
308 GET 1l 1w 0c http://interface.htb/.svn/_next/ => http://interface.htb/.svn/_next
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/static/chunks/ => http://interface.htb/.well-known/autoconfig/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/static/ => http://interface.htb/.well-known/autoconfig/_next/static
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/.well-known/autoconfig/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/.well-known/autoconfig/_next/ => http://interface.htb/.well-known/autoconfig/_next
308 GET 1l 1w 0c http://interface.htb/CVS/_next/static/ => http://interface.htb/CVS/_next/static
308 GET 1l 1w 0c http://interface.htb/CVS/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/CVS/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/CVS/_next/static/chunks/pages/ => http://interface.htb/CVS/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/CVS/_next/ => http://interface.htb/CVS/_next
308 GET 1l 1w 0c http://interface.htb/CVS/_next/static/chunks/ => http://interface.htb/CVS/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/CVS/application/ => http://interface.htb/CVS/application
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/static/ => http://interface.htb/_vti_bin/_vti_aut/_next/static
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/static/ => http://interface.htb/_vti_bin/_vti_adm/_next/static
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/application/ => http://interface.htb/_vti_bin/_vti_aut/application
308 GET 1l 1w 0c http://interface.htb/_vti_bin/application/ => http://interface.htb/_vti_bin/application
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/static/chunks/ => http://interface.htb/_vti_bin/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/ => http://interface.htb/_vti_bin/_vti_adm/_next
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/static/ => http://interface.htb/_vti_bin/_next/static
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/application/ => http://interface.htb/_vti_bin/_vti_adm/application
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/ => http://interface.htb/_vti_bin/_next
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks/ => http://interface.htb/_vti_bin/_vti_adm/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_vti_bin/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/pages/ => http://interface.htb/_vti_bin/_vti_aut/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/_vti_bin/_vti_aut/_next/ => http://interface.htb/_vti_bin/_vti_aut/_next
308 GET 1l 1w 0c http://interface.htb/android/_next/static/chunks/ => http://interface.htb/android/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/android/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/android/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/android/application/ => http://interface.htb/android/application
308 GET 1l 1w 0c http://interface.htb/android/_next/static/ => http://interface.htb/android/_next/static
308 GET 1l 1w 0c http://interface.htb/android/_next/ => http://interface.htb/android/_next
308 GET 1l 1w 0c http://interface.htb/android/_next/static/chunks/pages/ => http://interface.htb/android/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/api/application/ => http://interface.htb/api/application
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/api/experiments/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/static/chunks/ => http://interface.htb/api/experiments/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/api/_next/static/chunks/ => http://interface.htb/api/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/static/ => http://interface.htb/api/experiments/_next/static
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/ => http://interface.htb/api/experiments/_next
308 GET 1l 1w 0c http://interface.htb/api/_next/static/ => http://interface.htb/api/_next/static
308 GET 1l 1w 0c http://interface.htb/api/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/api/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/api/_next/ => http://interface.htb/api/_next
308 GET 1l 1w 0c http://interface.htb/api/experiments/application/ => http://interface.htb/api/experiments/application
308 GET 1l 1w 0c http://interface.htb/api/_next/static/chunks/pages/ => http://interface.htb/api/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/api/experiments/_next/static/chunks/pages/ => http://interface.htb/api/experiments/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/cgi-bin/ => http://interface.htb/cgi-bin
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/cgi-bin/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/cgi-bin/application/ => http://interface.htb/cgi-bin/application
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/static/ => http://interface.htb/cgi-bin/_next/static
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/static/chunks/pages/ => http://interface.htb/cgi-bin/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/ => http://interface.htb/cgi-bin/_next
308 GET 1l 1w 0c http://interface.htb/cgi-bin/_next/static/chunks/ => http://interface.htb/cgi-bin/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/federation/_next/static/chunks/ => http://interface.htb/federation/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/federation/_next/static/chunks/pages/ => http://interface.htb/federation/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/federation/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/federation/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/federation/application/ => http://interface.htb/federation/application
308 GET 1l 1w 0c http://interface.htb/federation/_next/static/ => http://interface.htb/federation/_next/static
308 GET 1l 1w 0c http://interface.htb/federation/_next/ => http://interface.htb/federation/_next
308 GET 1l 1w 0c http://interface.htb/ios/application/ => http://interface.htb/ios/application
308 GET 1l 1w 0c http://interface.htb/ios/_next/static/chunks/pages/ => http://interface.htb/ios/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/ios/_next/ => http://interface.htb/ios/_next
308 GET 1l 1w 0c http://interface.htb/ios/_next/static/chunks/ => http://interface.htb/ios/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/ios/_next/static/ => http://interface.htb/ios/_next/static
308 GET 1l 1w 0c http://interface.htb/ios/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/ios/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/mfa/_next/ => http://interface.htb/mfa/_next
308 GET 1l 1w 0c http://interface.htb/mfa/application/ => http://interface.htb/mfa/application
308 GET 1l 1w 0c http://interface.htb/mfa/_next/static/ => http://interface.htb/mfa/_next/static
308 GET 1l 1w 0c http://interface.htb/mfa/_next/static/chunks/pages/ => http://interface.htb/mfa/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/mfa/_next/static/chunks/ => http://interface.htb/mfa/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/mfa/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/mfa/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oauth/application/ => http://interface.htb/oauth/application
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/static/chunks/ => http://interface.htb/oauth/device/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/oauth/device/application/ => http://interface.htb/oauth/device/application
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/device/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/token/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oauth/_next/static/chunks/pages/ => http://interface.htb/oauth/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/static/chunks/pages/ => http://interface.htb/oauth/device/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/ => http://interface.htb/oauth/token/_next
308 GET 1l 1w 0c http://interface.htb/oauth/_next/static/ => http://interface.htb/oauth/_next/static
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/ => http://interface.htb/oauth/device/_next
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/static/chunks/pages/ => http://interface.htb/oauth/token/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/oauth/_next/ => http://interface.htb/oauth/_next
308 GET 1l 1w 0c http://interface.htb/oauth/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oauth/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/static/ => http://interface.htb/oauth/token/_next/static
308 GET 1l 1w 0c http://interface.htb/oauth/_next/static/chunks/ => http://interface.htb/oauth/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/oauth/token/application/ => http://interface.htb/oauth/token/application
308 GET 1l 1w 0c http://interface.htb/oauth/device/_next/static/ => http://interface.htb/oauth/device/_next/static
308 GET 1l 1w 0c http://interface.htb/oauth/token/_next/static/chunks/ => http://interface.htb/oauth/token/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/oidc/_next/static/chunks/pages/ => http://interface.htb/oidc/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/oidc/_next/static/chunks/ => http://interface.htb/oidc/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/oidc/_next/static/ => http://interface.htb/oidc/_next/static
308 GET 1l 1w 0c http://interface.htb/oidc/application/ => http://interface.htb/oidc/application
308 GET 1l 1w 0c http://interface.htb/oidc/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/oidc/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/oidc/_next/ => http://interface.htb/oidc/_next
308 GET 1l 1w 0c http://interface.htb/servlet/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/servlet/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/servlet/application/ => http://interface.htb/servlet/application
308 GET 1l 1w 0c http://interface.htb/servlet/_next/static/chunks/pages/ => http://interface.htb/servlet/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/servlet/_next/static/ => http://interface.htb/servlet/_next/static
308 GET 1l 1w 0c http://interface.htb/servlet/_next/ => http://interface.htb/servlet/_next
308 GET 1l 1w 0c http://interface.htb/servlet/_next/static/chunks/ => http://interface.htb/servlet/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/token/_next/static/chunks/ => http://interface.htb/token/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/token/_next/ => http://interface.htb/token/_next
308 GET 1l 1w 0c http://interface.htb/token/_next/static/ => http://interface.htb/token/_next/static
308 GET 1l 1w 0c http://interface.htb/token/_next/static/chunks/pages/ => http://interface.htb/token/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/token/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/token/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/token/application/ => http://interface.htb/token/application
308 GET 1l 1w 0c http://interface.htb/v1/application/ => http://interface.htb/v1/application
308 GET 1l 1w 0c http://interface.htb/v1/_next/ => http://interface.htb/v1/_next
308 GET 1l 1w 0c http://interface.htb/v1/_next/static/chunks/ => http://interface.htb/v1/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/v1/_next/static/chunks/pages/ => http://interface.htb/v1/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/v1/_next/static/ => http://interface.htb/v1/_next/static
308 GET 1l 1w 0c http://interface.htb/v2/_next/static/chunks/ => http://interface.htb/v2/_next/static/chunks
308 GET 1l 1w 0c http://interface.htb/v1/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/v1/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/v2/application/ => http://interface.htb/v2/application
308 GET 1l 1w 0c http://interface.htb/v2/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/v2/_next/static/Z79wh4kSTt439cxBUytQN
308 GET 1l 1w 0c http://interface.htb/v2/_next/static/chunks/pages/ => http://interface.htb/v2/_next/static/chunks/pages
308 GET 1l 1w 0c http://interface.htb/v2/_next/static/ => http://interface.htb/v2/_next/static
308 GET 1l 1w 0c http://interface.htb/v2/_next/ => http://interface.htb/v2/_next
200 GET 1l 2w 77c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_ssgManifest.js
308 GET 1l 1w 0c http://interface.htb/_next/static/chunks/pages/ => http://interface.htb/_next/static/chunks/pages
200 GET 5l 46w 15086c http://interface.htb/favicon.ico
308 GET 1l 1w 0c http://interface.htb/application/ => http://interface.htb/application
200 GET 1l 316w 15444c http://interface.htb/_next/static/chunks/pages/index-c95e13dd48858e5b.js
200 GET 1l 111w 6359c http://interface.htb/
308 GET 1l 1w 0c http://interface.htb/_next/static/chunks/ => http://interface.htb/_next/static/chunks
200 GET 1l 39w 1591c http://interface.htb/_next/static/chunks/webpack-ee7e63bc15b31913.js
200 GET 1l 1w 282c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/_buildManifest.js
308 GET 1l 1w 0c http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN/ => http://interface.htb/_next/static/Z79wh4kSTt439cxBUytQN
200 GET 1l 5w 279c http://interface.htb/_next/static/chunks/pages/_app-df511a3677d160f6.js
200 GET 1l 1559w 86841c http://interface.htb/_next/static/chunks/main-50de763069eba4b2.js
200 GET 1l 3w 245c http://interface.htb/_next/static/chunks/pages/_error-dfcfa5bb62767c20.js
308 GET 1l 1w 0c http://interface.htb/_next/static/ => http://interface.htb/_next/static
308 GET 1l 1w 0c http://interface.htb/_next/ => http://interface.htb/_next
200 GET 33l 2908w 141045c http://interface.htb/_next/static/chunks/framework-8c5acb0054140387.js
200 GET 1l 1821w 91460c http://interface.htb/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js
```

3
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Known Security.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
curl -sSikf http://interface.htb:80/.well-known/security.txt
```

305
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Nmap HTTP.md Normal file
View File

@@ -0,0 +1,305 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml" interface.htb
```
[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt):
```
# Nmap 7.93 scan initiated Sat Feb 11 20:04:30 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/interface/results/scans/tcp80/xml/tcp_80_http_nmap.xml interface.htb
Nmap scan report for interface.htb (10.129.146.193)
Host is up, received user-set (0.019s latency).
Scanned at 2023-02-11 20:04:33 CET for 110s
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 nginx 1.14.0 (Ubuntu)
|_http-malware-host: Host appears to be clean
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-methods:
|_ Supported Methods: GET HEAD
|_http-date: Sat, 11 Feb 2023 19:04:43 GMT; +1s from local time.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-mobileversion-checker: No mobile version detected.
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_ Other: 1
| http-grep:
| (1) http://interface.htb:80/:
| (1) email:
|_ + contact@interface.htb
| http-php-version: Logo query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df
|_Credits query returned unknown hash 40fb3eaf773f86d5719fcbfb2dd978df
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-errors: Couldn't find any error pages.
| http-vhosts:
|_128 names had status 200
|_http-favicon: Unknown favicon MD5: 21B739D43FCB9BBB83D8541FE4FE88FA
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-server-header: nginx/1.14.0 (Ubuntu)
|_http-chrono: Request times for /; avg: 270.73ms; min: 153.90ms; max: 523.51ms
| http-wordpress-enum:
| Search limited to top 100 themes/plugins
| plugins
| akismet
| contact-form-7
| wordpress-seo
| jetpack
| all-in-one-seo-pack
| wordfence
| woocommerce
| google-sitemap-generator
| wordpress-importer
| nextgen-gallery
| google-analytics-for-wordpress
| wp-super-cache
| tinymce-advanced
| wptouch
| better-wp-security
| siteorigin-panels
| updraftplus
| w3-total-cache
| google-analytics-dashboard-for-wp
| wp-pagenavi
| si-contact-form
| advanced-custom-fields
| mailchimp-for-wp
| the-events-calendar
| add-to-any
| duplicator
| wysija-newsletters
| ninja-forms
| wp-smushit
| buddypress
| ewww-image-optimizer
| so-widgets-bundle
| really-simple-captcha
| ml-slider
| black-studio-tinymce-widget
| photo-gallery
| broken-link-checker
| regenerate-thumbnails
| google-analyticator
| redirection
| captcha
| duplicate-post
| breadcrumb-navxt
| backwpup
| user-role-editor
| yet-another-related-posts-plugin
| contact-form-plugin
| newsletter
| bbpress
| all-in-one-wp-security-and-firewall
| disable-comments
| social-networks-auto-poster-facebook-twitter-g
| wp-optimize
| addthis
| wp-statistics
| wp-e-commerce
| all-in-one-wp-migration
| backupwordpress
| si-captcha-for-wordpress
| wp-slimstat
| wp-google-maps
| wp-spamshield
| wp-maintenance-mode
| googleanalytics
| worker
| yith-woocommerce-wishlist
| wp-multibyte-patch
| wp-to-twitter
| image-widget
| wp-db-backup
| shortcodes-ultimate
| ultimate-tinymce
| share-this
| disqus-comment-system
| gallery-bank
| types
| wp-polls
| custom-post-type-ui
| shareaholic
| polylang
| post-types-order
| gtranslate
| bulletproof-security
| wp-fastest-cache
| facebook
| sociable
| iwp-client
| nextgen-facebook
| seo-ultimate
| wp-postviews
| formidable
| squirrly-seo
| wp-mail-smtp
| tablepress
| redux-framework
| page-links-to
| youtube-embed-plus
| contact-bank
| maintenance
| wp-retina-2x
| themes
| twentyeleven
| twentytwelve
| twentyten
| twentythirteen
| twentyfourteen
| twentyfifteen
| responsive
| customizr
| zerif-lite
| virtue
| storefront
| atahualpa
| twentysixteen
| vantage
| hueman
| spacious
| evolve
| colorway
| graphene
| sydney
| ifeature
| mh-magazine-lite
| generatepress
| mantra
| omega
| onetone
| coraline
| pinboard
| thematic
| sparkling
| catch-box
| make
| colormag
| enigma
| custom-community
| mystique
| alexandria
| delicate
| lightword
| attitude
| inove
| magazine-basic
| raindrops
| minamaze
| zbench
| point
| eclipse
| portfolio-press
| twentyseventeen
| travelify
| swift-basic
| iconic-one
| arcade-basic
| bouquet
| pixel
| sliding-door
| pilcrow
| simple-catch
| tempera
| destro
| p2
| sunspot
| sundance
| dusk-to-dawn
| onepress
| moesia
| dynamic-news-lite
| parabola
| parament
| dazzling
| accesspress-lite
| optimizer
| one-page
| chaostheory
| business-lite
| duster
| constructor
| nirvana
| sixteen
| esquire
| beach
| next-saturday
| flat
| hatch
| minimatica
| radiate
| accelerate
| oxygen
| accesspress-parallax
| swift
| spun
| wp-creativix
| suevafree
| hemingway
| pink-touch-2
| motion
| fruitful
| steira
| news
|_ llorix-one-lite
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-security-headers:
| Content_Security_Policy:
| Header: Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
| Description: Define which scripts the protected resource can execute.
| Description: Define which styles (CSS) the user applies to the protected resource.
| Description: Define from where the protected resource can load images.
| Description: Define from where the protected resource can embed frames.
|_ Description: Define which URIs the protected resource can load using script interfaces.
| http-headers:
| Server: nginx/1.14.0 (Ubuntu)
| Date: Sat, 11 Feb 2023 19:04:44 GMT
| Content-Type: text/html; charset=utf-8
| Content-Length: 6359
| Connection: close
| Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
| X-Powered-By: Next.js
| ETag: "i8ubiadkff4wf"
| Vary: Accept-Encoding
|
|_ (Request type: HEAD)
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-feed: Couldn't find any feeds.
|_http-comments-displayer: Couldn't find any comments.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-title: Site Maintenance
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Feb 11 20:06:23 2023 -- 1 IP address (1 host up) scanned in 113.44 seconds
```

11
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/Virtual Host Enumeration.md Normal file
View File

@@ -0,0 +1,11 @@
```bash
curl -sk -o /dev/null -H "Host: wrkVpqvNoUJwGPBtPTqT.interface.htb" http://interface.htb:80/ -w "%{size_download}"
``````bash
ffuf -u http://interface.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.interface.htb" -fs 6359 -noninteractive -s | tee "/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt"
```
[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_interface.htb_vhosts_subdomains-top1million-110000.txt):
```
```

84
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/whatweb.md Normal file
View File

@@ -0,0 +1,84 @@
```bash
whatweb --color=never --no-errors -a 3 -v http://interface.htb:80 2>&1
```
[/home/simon/htb/interface/results/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/simon/htb/interface/results/scans/tcp80/tcp_80_http_whatweb.txt):
```
WhatWeb report for http://interface.htb:80
Status : 200 OK
Title : <None>
IP : 10.129.146.193
Country : RESERVED, ZZ
Summary : Email[contact@interface.htb], HTML5, HTTPServer[Ubuntu Linux][nginx/1.14.0 (Ubuntu)], nginx[1.14.0], Script[application/json], UncommonHeaders[content-security-policy], X-Powered-By[Next.js]
Detected Plugins:
[ Email ]
Extract email addresses. Find valid email address and
syntactically invalid email addresses from mailto: link
tags. We match syntactically invalid links containing
mailto: to catch anti-spam email addresses, eg. bob at
gmail.com. This uses the simplified email regular
expression from
http://www.regular-expressions.info/email.html for valid
email address matching.
String : contact@interface.htb
String : contact@interface.htb
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : nginx/1.14.0 (Ubuntu) (from server string)
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
String : application/json
[ UncommonHeaders ]
Uncommon HTTP server headers. The blacklist includes all
the standard headers and many non standard but common ones.
Interesting but fairly common headers should have their own
plugins, eg. x-powered-by, server and x-aspnet-version.
Info about headers can be found at www.http-stats.com
String : content-security-policy (from headers)
[ X-Powered-By ]
X-Powered-By HTTP header
String : Next.js (from x-powered-by string)
[ nginx ]
Nginx (Engine-X) is a free, open-source, high-performance
HTTP server and reverse proxy, as well as an IMAP/POP3
proxy server.
Version : 1.14.0
Website : http://nginx.net/
HTTP Headers:
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 11 Feb 2023 19:04:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com/feedback/ https://ajax.googleapis.com; connect-src 'self' http://prd.m.rendering-api.interface.htb; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; img-src https: data:; child-src data:;
X-Powered-By: Next.js
ETag: "i8ubiadkff4wf"
Vary: Accept-Encoding
Content-Encoding: gzip
```

3
HTB/interface/results/report/report.md/interface.htb/Services/Service - tcp-80-http/wkhtmltoimage.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
wkhtmltoimage --format png http://interface.htb:80/ /home/simon/htb/interface/results/scans/tcp80/tcp_80_http_screenshot.png
```