simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
HTB/investigation/evtx-logs.zip Normal file
View File

Binary file not shown.

13
HTB/investigation/part1 Normal file
View File

@@ -0,0 +1,13 @@
{\rtf1\ansi\ansicpg1252\fromtext \fbidis \deff0{\fonttbl
{\f0\fswiss Arial;}
{\f1\fmodern Courier New;}
{\f2\fnil\fcharset2 Symbol;}
{\f3\fmodern\fcharset0 Courier New;}}
{\colortbl\red0\green0\blue0;\red0\green0\blue255;}
\uc1\pard\plain\deftab360 \f0\fs20 Hi Steve,\par

8
HTB/investigation/part1.desc Normal file
View File

@@ -0,0 +1,8 @@
Hi Steve,
Can you look through these logs to see if our analysts have been logging on to the inspection terminal. I'm concerned that they are moving data on to production without following our data transfer procedures.
Regards.
Tom

0
HTB/investigation/results/report/local.txt Normal file
View File

8
HTB/investigation/results/report/notes.txt Normal file
View File

@@ -0,0 +1,8 @@
[*] ssh found on tcp/22.
[*] http found on tcp/80.

0
HTB/investigation/results/report/proof.txt Normal file
View File

24
HTB/investigation/results/scans/_commands.log Normal file
View File

@@ -0,0 +1,24 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/investigation/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/investigation/results/scans/xml/_quick_tcp_nmap.xml" 10.129.138.192
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/investigation/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/investigation/results/scans/xml/_full_tcp_nmap.xml" 10.129.138.192
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.129.138.192
feroxbuster -u http://10.129.138.192:80/ -t 10 -w /home/kali/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://10.129.138.192:80/.well-known/security.txt
curl -sSikf http://10.129.138.192:80/robots.txt
curl -sSik http://10.129.138.192:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.138.192
curl -sk -o /dev/null -H "Host: dRiuOofNKwDBuLCUALwW.eforenzics.htb" http://eforenzics.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://10.129.138.192:80 2>&1
wkhtmltoimage --format png http://10.129.138.192:80/ /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://eforenzics.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.eforenzics.htb" -fs 331 -noninteractive -s | tee "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_eforenzics.htb_vhosts_subdomains-top1million-110000.txt"

24
HTB/investigation/results/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,24 @@
# Nmap 7.93 scan initiated Mon Jan 23 02:12:45 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/investigation/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_full_tcp_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.061s latency).
Scanned at 2023-01-23 02:12:45 EST for 27s
Not shown: 65533 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=
| 256 274520add2faa73a8373d97c79abf30b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=
| 256 4245eb916e21020617b2748bc5834fe0 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S
80/tcp open http syn-ack Apache httpd 2.4.41
|_http-title: eForenzics - Premier Digital Forensics
| http-methods:
|_ Supported Methods: GET HEAD POST
|_http-server-header: Apache/2.4.41 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:13:12 2023 -- 1 IP address (1 host up) scanned in 27.57 seconds

32
HTB/investigation/results/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,32 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.129.138.192
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.129.138.192
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://10.129.138.192:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.129.138.192/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.129.138.192 -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.129.138.192/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.129.138.192 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://10.129.138.192:80 2>&1 | tee "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://10.129.138.192:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_wpscan.txt"

2
HTB/investigation/results/scans/_patterns.log Normal file
View File

@@ -0,0 +1,2 @@
Identified HTTP Server: Apache/2.4.41 (Ubuntu)

24
HTB/investigation/results/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,24 @@
# Nmap 7.93 scan initiated Mon Jan 23 02:12:45 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/investigation/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_quick_tcp_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.031s latency).
Scanned at 2023-01-23 02:12:45 EST for 9s
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=
| 256 274520add2faa73a8373d97c79abf30b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=
| 256 4245eb916e21020617b2748bc5834fe0 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S
80/tcp open http syn-ack Apache httpd 2.4.41
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: eForenzics - Premier Digital Forensics
| http-methods:
|_ Supported Methods: GET HEAD POST
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:12:54 2023 -- 1 IP address (1 host up) scanned in 9.62 seconds

62
HTB/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,62 @@
# Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.027s latency).
Scanned at 2023-01-23 02:12:55 EST for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=
| 256 274520add2faa73a8373d97c79abf30b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=
| 256 4245eb916e21020617b2748bc5834fe0 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S
| ssh2-enum-algos:
| kex_algorithms: (9)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
|_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:12:57 2023 -- 1 IP address (1 host up) scanned in 2.89 seconds

100
HTB/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,100 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.138.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/investigation/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.129.138.192" start="1674457975" startstr="Mon Jan 23 02:12:55 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="Connect Scan" time="1674457975"/>
<taskend task="Connect Scan" time="1674457975" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674457976"/>
<taskend task="Service scan" time="1674457976" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674457976"/>
<taskend task="NSE" time="1674457977"/>
<taskbegin task="NSE" time="1674457977"/>
<taskend task="NSE" time="1674457977"/>
<host starttime="1674457975" endtime="1674457977"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.138.192" addrtype="ipv4"/>
<hostnames>
<hostname name="eforenzics.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=&#xa; 256 274520add2faa73a8373d97c79abf30b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=&#xa; 256 4245eb916e21020617b2748bc5834fe0 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S"><table>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=</elem>
<elem key="type">ssh-rsa</elem>
<elem key="bits">3072</elem>
<elem key="fingerprint">2f1e6306aa6ebbcc0d19d4152674c6d9</elem>
</table>
<table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">274520add2faa73a8373d97c79abf30b</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
<elem key="fingerprint">4245eb916e21020617b2748bc5834fe0</elem>
</table>
</script><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (9)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (5)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ssh-rsa&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ssh-rsa</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script><script id="banner" output="SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5"/><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script></port>
</ports>
<times srtt="26852" rttvar="26852" to="134260"/>
</host>
<taskbegin task="NSE" time="1674457977"/>
<taskend task="NSE" time="1674457977"/>
<taskbegin task="NSE" time="1674457977"/>
<taskend task="NSE" time="1674457977"/>
<runstats><finished time="1674457977" timestr="Mon Jan 23 02:12:57 2023" summary="Nmap done at Mon Jan 23 02:12:57 2023; 1 IP address (1 host up) scanned in 2.89 seconds" elapsed="2.89" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

16
HTB/investigation/results/scans/tcp80/tcp_80_http_curl-robots.txt Normal file
View File

@@ -0,0 +1,16 @@
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Jan 2023 07:12:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: http://eforenzics.htb/robots.txt
Content-Length: 320
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://eforenzics.htb/robots.txt">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at 10.129.138.192 Port 80</address>
</body></html>

17
HTB/investigation/results/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,17 @@
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Jan 2023 07:12:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: http://eforenzics.htb/
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://eforenzics.htb/">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at 10.129.138.192 Port 80</address>
</body></html>

113006
HTB/investigation/results/scans/tcp80/tcp_80_http_eforenzics.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

File diff suppressed because it is too large Load Diff

129048
HTB/investigation/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt Normal file
View File

File diff suppressed because it is too large Load Diff

16
HTB/investigation/results/scans/tcp80/tcp_80_http_known-security.txt Normal file
View File

@@ -0,0 +1,16 @@
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Jan 2023 07:12:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: http://eforenzics.htb/.well-known/security.txt
Content-Length: 334
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://eforenzics.htb/.well-known/security.txt">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at 10.129.138.192 Port 80</address>
</body></html>

215
HTB/investigation/results/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,215 @@
# Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.138.192
Nmap scan report for eforenzics.htb (10.129.138.192)
Host is up, received user-set (0.026s latency).
Scanned at 2023-01-23 02:12:55 EST for 173s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack Apache httpd 2.4.41
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb
| Found the following possible CSRF vulnerabilities:
|
| Path: http://eforenzics.htb:80/service.html
| Form id:
|_ Form action: upload.php
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-chrono: Request times for /; avg: 160.74ms; min: 150.93ms; max: 169.60ms
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-errors: Couldn't find any error pages.
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_ Other: 1
|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
| http-fileupload-exploiter:
|
| Couldn't find a file-type field.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
| Failed to upload and execute a payload.
|
|_ Failed to upload and execute a payload.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-vhosts:
| squid.htb
|_127 names had status 301
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-title: eForenzics - Premier Digital Forensics
| http-comments-displayer:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11390
| Comment:
| /* Page Navbar*/
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11356
| Comment:
| /* forms */
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11294
| Comment:
| /* Testemonial */
|
| Path: http://eforenzics.htb:80/assets/js/efore.js
| Line number: 15
| Comment:
|
| // smooth scroll
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 14
| Comment:
| // ======================
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11015
| Comment:
| /* bg-img */
|
| Path: http://eforenzics.htb:80/assets/js/efore.js
| Line number: 1
| Comment:
| /*!
| =========================================================
| * Rubic Landing page
| =========================================================
|
| * Copyright: 2019 DevCRUD (https://devcrud.com)
| * Licensed: (https://devcrud.com/licenses)
| * Coded by www.devcrud.com
|
| =========================================================
|
| * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
| */
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11106
| Comment:
| /* social wrapper*/
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 116
| Comment:
| // AFFIX PLUGIN DEFINITION
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 136
| Comment:
| // AFFIX NO CONFLICT
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 137
| Comment:
| // =================
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 13
| Comment:
| // AFFIX CLASS DEFINITION
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 145
| Comment:
| // AFFIX DATA-API
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 146
| Comment:
| // ==============
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11213
| Comment:
| /* Pricing cards */
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 117
| Comment:
| // =======================
|
| Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js
| Line number: 1
| Comment:
| /* ========================================================================
| * Bootstrap: affix.js v3.3.6
| * http://getbootstrap.com/javascript/#affix
| * ========================================================================
| * Copyright 2011-2015 Twitter, Inc.
| * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
| * ======================================================================== */
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11592
| Comment:
| /*Tabs nav section*/
|
| Path: http://eforenzics.htb:80/assets/css/efore.css
| Line number: 11361
| Comment:
|_ /*utilities*/
|_http-feed: Couldn't find any feeds.
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-mobileversion-checker: No mobile version detected.
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
| http-php-version: Logo query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c
|_Credits query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c
| http-headers:
| Date: Mon, 23 Jan 2023 07:13:02 GMT
| Server: Apache/2.4.41 (Ubuntu)
| Upgrade: h2
| Connection: Upgrade, close
| Last-Modified: Sat, 01 Oct 2022 00:31:36 GMT
| ETag: "2acd-5e9ee3baeb4fd"
| Accept-Ranges: bytes
| Content-Length: 10957
| Vary: Accept-Encoding
| Content-Type: text/html
|
|_ (Request type: HEAD)
| http-methods:
|_ Supported Methods: GET HEAD POST
|_http-malware-host: Host appears to be clean
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-date: Mon, 23 Jan 2023 07:13:04 GMT; 0s from local time.
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Jan 23 02:15:48 2023 -- 1 IP address (1 host up) scanned in 173.32 seconds

BIN
HTB/investigation/results/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 MiB

126
HTB/investigation/results/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,126 @@
WhatWeb report for http://10.129.138.192:80
Status : 301 Moved Permanently
Title : 301 Moved Permanently
IP : 10.129.138.192
Country : RESERVED, ZZ
Summary : Apache[2.4.41], HTTPServer[Ubuntu Linux][Apache/2.4.41 (Ubuntu)], RedirectLocation[http://eforenzics.htb/]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.41 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : Apache/2.4.41 (Ubuntu) (from server string)
[ RedirectLocation ]
HTTP Server string location. used with http-status 301 and
302
String : http://eforenzics.htb/ (from location)
HTTP Headers:
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Jan 2023 07:12:59 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: http://eforenzics.htb/
Content-Length: 310
Connection: close
Content-Type: text/html; charset=iso-8859-1
WhatWeb report for http://eforenzics.htb/
Status : 200 OK
Title : eForenzics - Premier Digital Forensics
IP : 10.129.138.192
Country : RESERVED, ZZ
Summary : Apache[2.4.41], Bootstrap, HTML5, HTTPServer[Ubuntu Linux][Apache/2.4.41 (Ubuntu)], JQuery[3.4.1], Meta-Author[eForenzics], Script, UncommonHeaders[upgrade]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.41 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Website : https://getbootstrap.com/
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : Apache/2.4.41 (Ubuntu) (from server string)
[ JQuery ]
A fast, concise, JavaScript that simplifies how to traverse
HTML documents, handle events, perform animations, and add
AJAX.
Version : 3.4.1
Website : http://jquery.com/
[ Meta-Author ]
This plugin retrieves the author name from the meta name
tag - info:
http://www.webmarketingnow.com/tips/meta-tags-uncovered.html
#author
String : eForenzics
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ UncommonHeaders ]
Uncommon HTTP server headers. The blacklist includes all
the standard headers and many non standard but common ones.
Interesting but fairly common headers should have their own
plugins, eg. x-powered-by, server and x-aspnet-version.
Info about headers can be found at www.http-stats.com
String : upgrade (from headers)
HTTP Headers:
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 07:13:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Sat, 01 Oct 2022 00:31:36 GMT
ETag: "2acd-5e9ee3baeb4fd-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2457
Content-Type: text/html

92
HTB/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

@@ -0,0 +1,92 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Mon Jan 23 02:12:55 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.138.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/investigation/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/investigation/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.138.192" start="1674457975" startstr="Mon Jan 23 02:12:55 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="80"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="NSE" time="1674457975"/>
<taskend task="NSE" time="1674457975"/>
<taskbegin task="Connect Scan" time="1674457975"/>
<taskend task="Connect Scan" time="1674457975" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1674457975"/>
<taskend task="Service scan" time="1674457982" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1674457982"/>
<taskprogress task="NSE" time="1674458013" percent="99.02" remaining="1" etc="1674458013"/>
<taskprogress task="NSE" time="1674458043" percent="99.67" remaining="1" etc="1674458043"/>
<taskprogress task="NSE" time="1674458073" percent="99.67" remaining="1" etc="1674458073"/>
<taskprogress task="NSE" time="1674458103" percent="99.67" remaining="1" etc="1674458103"/>
<taskprogress task="NSE" time="1674458133" percent="99.67" remaining="1" etc="1674458133"/>
<taskend task="NSE" time="1674458148"/>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<host starttime="1674457975" endtime="1674458148"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.138.192" addrtype="ipv4"/>
<hostnames>
<hostname name="eforenzics.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="Apache httpd" version="2.4.41" hostname="eforenzics.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.41</cpe></service><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-csrf" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb&#xa; Found the following possible CSRF vulnerabilities: &#xa; &#xa; Path: http://eforenzics.htb:80/service.html&#xa; Form id: &#xa; Form action: upload.php&#xa;"/><script id="http-useragent-tester" output="&#xa; Status for browser useragent: 200&#xa; Allowed User Agents: &#xa; Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa; libwww&#xa; lwp-trivial&#xa; libcurl-agent/1.0&#xa; PHP/&#xa; Python-urllib/2.5&#xa; GT::WWW&#xa; Snoopy&#xa; MFC_Tear_Sample&#xa; HTTP::Lite&#xa; PHPCrawl&#xa; URI::Fetch&#xa; Zend_Http_Client&#xa; http client&#xa; PECL::HTTP&#xa; Wget/1.13.4 (linux-gnu)&#xa; WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
<table key="Allowed User Agents">
<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
<elem>libwww</elem>
<elem>lwp-trivial</elem>
<elem>libcurl-agent/1.0</elem>
<elem>PHP/</elem>
<elem>Python-urllib/2.5</elem>
<elem>GT::WWW</elem>
<elem>Snoopy</elem>
<elem>MFC_Tear_Sample</elem>
<elem>HTTP::Lite</elem>
<elem>PHPCrawl</elem>
<elem>URI::Fetch</elem>
<elem>Zend_Http_Client</elem>
<elem>http client</elem>
<elem>PECL::HTTP</elem>
<elem>Wget/1.13.4 (linux-gnu)</elem>
<elem>WWW-Mechanize/1.34</elem>
</table>
</script><script id="http-chrono" output="Request times for /; avg: 160.74ms; min: 150.93ms; max: 169.60ms"/><script id="http-security-headers" output=""></script><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-sitemap-generator" output="&#xa; Directory structure:&#xa; /&#xa; Other: 1&#xa; Longest directory structure:&#xa; Depth: 0&#xa; Dir: /&#xa; Total files found (by extension):&#xa; Other: 1&#xa;"/><script id="http-exif-spider" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-fileupload-exploiter" output="&#xa; &#xa; Couldn&apos;t find a file-type field.&#xa; &#xa; Failed to upload and execute a payload.&#xa; &#xa; Failed to upload and execute a payload.&#xa; &#xa; Failed to upload and execute a payload.&#xa; &#xa; Failed to upload and execute a payload."><table>
<elem>Couldn&apos;t find a file-type field.</elem>
</table>
<table>
<elem>Failed to upload and execute a payload.</elem>
</table>
<table>
<elem>Failed to upload and execute a payload.</elem>
</table>
<table>
<elem>Failed to upload and execute a payload.</elem>
</table>
<table>
<elem>Failed to upload and execute a payload.</elem>
</table>
</script><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-vhosts" output="&#xa;squid.htb&#xa;127 names had status 301"/><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
</script><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-title" output="eForenzics - Premier Digital Forensics"><elem key="title">eForenzics - Premier Digital Forensics</elem>
</script><script id="http-comments-displayer" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=eforenzics.htb&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11390&#xa; Comment: &#xa; /* Page Navbar*/&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11356&#xa; Comment: &#xa; /* forms */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11294&#xa; Comment: &#xa; /* Testemonial */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/js/efore.js&#xa; Line number: 15&#xa; Comment: &#xa; &#xa; // smooth scroll&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 14&#xa; Comment: &#xa; // ======================&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11015&#xa; Comment: &#xa; /* bg-img */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/js/efore.js&#xa; Line number: 1&#xa; Comment: &#xa; /*!&#xa; =========================================================&#xa; * Rubic Landing page&#xa; =========================================================&#xa; &#xa; * Copyright: 2019 DevCRUD (https://devcrud.com)&#xa; * Licensed: (https://devcrud.com/licenses)&#xa; * Coded by www.devcrud.com&#xa; &#xa; =========================================================&#xa; &#xa; * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.&#xa; */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11106&#xa; Comment: &#xa; /* social wrapper*/&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 116&#xa; Comment: &#xa; // AFFIX PLUGIN DEFINITION&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 136&#xa; Comment: &#xa; // AFFIX NO CONFLICT&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 137&#xa; Comment: &#xa; // =================&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 13&#xa; Comment: &#xa; // AFFIX CLASS DEFINITION&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 145&#xa; Comment: &#xa; // AFFIX DATA-API&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 146&#xa; Comment: &#xa; // ==============&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11213&#xa; Comment: &#xa; /* Pricing cards */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 117&#xa; Comment: &#xa; // =======================&#xa; &#xa; Path: http://eforenzics.htb:80/assets/vendors/bootstrap/bootstrap.affix.js&#xa; Line number: 1&#xa; Comment: &#xa; /* ========================================================================&#xa; * Bootstrap: affix.js v3.3.6&#xa; * http://getbootstrap.com/javascript/#affix&#xa; * ========================================================================&#xa; * Copyright 2011-2015 Twitter, Inc.&#xa; * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)&#xa; * ======================================================================== */&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11592&#xa; Comment: &#xa; /*Tabs nav section*/&#xa; &#xa; Path: http://eforenzics.htb:80/assets/css/efore.css&#xa; Line number: 11361&#xa; Comment: &#xa; /*utilities*/&#xa;"/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-server-header" output="Apache/2.4.41 (Ubuntu)"><elem>Apache/2.4.41 (Ubuntu)</elem>
</script><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-php-version" output="Logo query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c&#xa;Credits query returned unknown hash 5ff22d31895aaf40b681ff9fe332249c"/><script id="http-headers" output="&#xa; Date: Mon, 23 Jan 2023 07:13:02 GMT&#xa; Server: Apache/2.4.41 (Ubuntu)&#xa; Upgrade: h2&#xa; Connection: Upgrade, close&#xa; Last-Modified: Sat, 01 Oct 2022 00:31:36 GMT&#xa; ETag: &quot;2acd-5e9ee3baeb4fd&quot;&#xa; Accept-Ranges: bytes&#xa; Content-Length: 10957&#xa; Vary: Accept-Encoding&#xa; Content-Type: text/html&#xa; &#xa; (Request type: HEAD)&#xa;"/><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
</table>
</script><script id="http-malware-host" output="Host appears to be clean"/><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-date" output="Mon, 23 Jan 2023 07:13:04 GMT; 0s from local time."><elem key="date">2023-01-23T07:13:04+00:00</elem>
<elem key="delta">0.0</elem>
</script></port>
</ports>
<times srtt="26149" rttvar="26149" to="130745"/>
</host>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<taskbegin task="NSE" time="1674458148"/>
<taskend task="NSE" time="1674458148"/>
<runstats><finished time="1674458148" timestr="Mon Jan 23 02:15:48 2023" summary="Nmap done at Mon Jan 23 02:15:48 2023; 1 IP address (1 host up) scanned in 173.32 seconds" elapsed="173.32" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

71
HTB/investigation/results/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Mon Jan 23 02:12:45 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/investigation/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_full_tcp_nmap.xml 10.129.138.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/investigation/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_full_tcp_nmap.xml 10.129.138.192" start="1674457965" startstr="Mon Jan 23 02:12:45 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="Connect Scan" time="1674457965"/>
<taskend task="Connect Scan" time="1674457985" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1674457985"/>
<taskend task="Service scan" time="1674457991" extrainfo="2 services on 1 host"/>
<taskbegin task="NSE" time="1674457991"/>
<taskend task="NSE" time="1674457992"/>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<host starttime="1674457965" endtime="1674457992"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.138.192" addrtype="ipv4"/>
<hostnames>
<hostname name="eforenzics.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65533">
<extrareasons reason="conn-refused" count="65533" proto="tcp" ports="1-21,23-79,81-65535"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=&#xa; 256 274520add2faa73a8373d97c79abf30b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=&#xa; 256 4245eb916e21020617b2748bc5834fe0 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S"><table>
<elem key="fingerprint">2f1e6306aa6ebbcc0d19d4152674c6d9</elem>
<elem key="type">ssh-rsa</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=</elem>
<elem key="bits">3072</elem>
</table>
<table>
<elem key="fingerprint">274520add2faa73a8373d97c79abf30b</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="fingerprint">4245eb916e21020617b2748bc5834fe0</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S</elem>
<elem key="bits">256</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="Apache httpd" version="2.4.41" hostname="eforenzics.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.41</cpe></service><script id="http-title" output="eForenzics - Premier Digital Forensics"><elem key="title">eForenzics - Premier Digital Forensics</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
</table>
</script><script id="http-server-header" output="Apache/2.4.41 (Ubuntu)"><elem>Apache/2.4.41 (Ubuntu)</elem>
</script></port>
</ports>
<times srtt="60795" rttvar="1468" to="100000"/>
</host>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<taskbegin task="NSE" time="1674457992"/>
<taskend task="NSE" time="1674457992"/>
<runstats><finished time="1674457992" timestr="Mon Jan 23 02:13:12 2023" summary="Nmap done at Mon Jan 23 02:13:12 2023; 1 IP address (1 host up) scanned in 27.57 seconds" elapsed="27.57" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

71
HTB/investigation/results/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Mon Jan 23 02:12:45 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/investigation/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_quick_tcp_nmap.xml 10.129.138.192 -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/investigation/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/investigation/results/scans/xml/_quick_tcp_nmap.xml 10.129.138.192" start="1674457965" startstr="Mon Jan 23 02:12:45 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="NSE" time="1674457965"/>
<taskend task="NSE" time="1674457965"/>
<taskbegin task="Connect Scan" time="1674457965"/>
<taskend task="Connect Scan" time="1674457966" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1674457966"/>
<taskend task="Service scan" time="1674457972" extrainfo="2 services on 1 host"/>
<taskbegin task="NSE" time="1674457972"/>
<taskend task="NSE" time="1674457974"/>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<host starttime="1674457965" endtime="1674457974"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.129.138.192" addrtype="ipv4"/>
<hostnames>
<hostname name="eforenzics.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="998">
<extrareasons reason="conn-refused" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 2f1e6306aa6ebbcc0d19d4152674c6d9 (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=&#xa; 256 274520add2faa73a8373d97c79abf30b (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=&#xa; 256 4245eb916e21020617b2748bc5834fe0 (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S"><table>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQC8CUW+gkrjaTI+EeIVcW/8kCM0oaKxGk63NkzFaKj8cgPfImUg8NbMX7xSoQR2DJP88LCJWpm/7KgYyHgaI4w29TRZTGFrv1MKoALQKO/6GDUxLtoHaSA1KrXph74L9eNp/Q/xAzmjfNqLL3qCAotSUZndEWV7C7EQYj73e88Rvw+bV8mQ0O+habEygGVEFuEgOJpN0e3YM3EJoxo1N5CVJMBUJ4Jb7FoYYckIAYTZTV3fuembGRoG0Lvw6YbIOYA8URxLqcBxsMSOkznhf219fl2KXiT9Y7505L/HAeWG4NW4LAuDereMuaUDe4vWEMHYx0KH7m3UuJ7zxcPqHU7K94KW8cZVNlWjoNPDKrPTEgPDfDRlUNpVRyE87DcBgOzNGNFJHYhj2K46RKtv+TO9MjYKvC+nXFSNgPkdFaCQcfpqd61FtaVsin5Ho/v1XfhqDG0d7N7uDM28zCmNVfnl9+MI0jpBmiFaH8V0ZjR7EZlkk+7Xb3bI2Kq3KVaif7s=</elem>
<elem key="fingerprint">2f1e6306aa6ebbcc0d19d4152674c6d9</elem>
<elem key="bits">3072</elem>
<elem key="type">ssh-rsa</elem>
</table>
<table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG5ZpYGYsM/eNsAOYy3iQ9O7/OdK6q63GKK1bd2ZA5qhePdO+KJOOvgwxKxBXoJApVfBKV0oVn3ztPubO2mdp5g=</elem>
<elem key="fingerprint">274520add2faa73a8373d97c79abf30b</elem>
<elem key="bits">256</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJ4m4ta/VBtbCv+5FEPfydbXySZHyzU7ELt9lBsbjl5S</elem>
<elem key="fingerprint">4245eb916e21020617b2748bc5834fe0</elem>
<elem key="bits">256</elem>
<elem key="type">ssh-ed25519</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="Apache httpd" version="2.4.41" hostname="eforenzics.htb" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.41</cpe></service><script id="http-server-header" output="Apache/2.4.41 (Ubuntu)"><elem>Apache/2.4.41 (Ubuntu)</elem>
</script><script id="http-title" output="eForenzics - Premier Digital Forensics"><elem key="title">eForenzics - Premier Digital Forensics</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
</table>
</script></port>
</ports>
<times srtt="30724" rttvar="4034" to="100000"/>
</host>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<taskbegin task="NSE" time="1674457974"/>
<taskend task="NSE" time="1674457974"/>
<runstats><finished time="1674457974" timestr="Mon Jan 23 02:12:54 2023" summary="Nmap done at Mon Jan 23 02:12:54 2023; 1 IP address (1 host up) scanned in 9.62 seconds" elapsed="9.62" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

BIN
HTB/investigation/security.evtx Normal file
View File

Binary file not shown.

622408
HTB/investigation/security.xml Normal file
View File

File diff suppressed because it is too large Load Diff

22453
HTB/investigation/winlogs.eml Normal file
View File

File diff suppressed because it is too large Load Diff