init htb

old htb folders

HTB/metatwo/results/scans/tcp80/tcp_80_http_curl-robots.txt

@@ -0,0 +1,15 @@
+HTTP/1.1 302 Moved Temporarily
+Server: nginx/1.18.0
+Date: Wed, 25 Jan 2023 16:18:41 GMT
+Content-Type: text/html
+Content-Length: 145
+Connection: keep-alive
+Location: http://metapress.htb/
+
+<html>
+<head><title>302 Found</title></head>
+<body>
+<center><h1>302 Found</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>

HTB/metatwo/results/scans/tcp80/tcp_80_http_curl.html

@@ -0,0 +1,16 @@
+HTTP/1.1 302 Moved Temporarily
+Server: nginx/1.18.0
+Date: Wed, 25 Jan 2023 16:18:41 GMT
+Content-Type: text/html
+Content-Length: 145
+Connection: keep-alive
+Location: http://metapress.htb/
+
+<html>
+<head><title>302 Found</title></head>
+<body>
+<center><h1>302 Found</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>
+

HTB/metatwo/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt

@@ -0,0 +1,4 @@
+WLD      GET        7l        9w      145c Got 302 for http://10.10.11.186/e578455e6e054d249578bf7e6c0cd509 (url length: 32)
+WLD         -         -         - http://10.10.11.186/e578455e6e054d249578bf7e6c0cd509 => http://metapress.htb/
+WLD      GET        7l        9w      145c Got 302 for http://10.10.11.186/fd84f08f2434479395436880d4806dcb22b8a6a25bd84c0ab30854d5a635138e9e033de8f46a4034a7119bf91a8e07fb (url length: 96)
+WLD         -         -         - http://10.10.11.186/fd84f08f2434479395436880d4806dcb22b8a6a25bd84c0ab30854d5a635138e9e033de8f46a4034a7119bf91a8e07fb => http://metapress.htb/

HTB/metatwo/results/scans/tcp80/tcp_80_http_known-security.txt

@@ -0,0 +1,15 @@
+HTTP/1.1 302 Moved Temporarily
+Server: nginx/1.18.0
+Date: Wed, 25 Jan 2023 16:18:41 GMT
+Content-Type: text/html
+Content-Length: 145
+Connection: keep-alive
+Location: http://metapress.htb/
+
+<html>
+<head><title>302 Found</title></head>
+<body>
+<center><h1>302 Found</h1></center>
+<hr><center>nginx/1.18.0</center>
+</body>
+</html>

HTB/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt

@@ -0,0 +1,79 @@
+# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186
+Nmap scan report for metatwo.htb (10.10.11.186)
+Host is up, received user-set (0.028s latency).
+Scanned at 2023-01-25 11:18:40 EST for 81s
+
+PORT   STATE SERVICE REASON  VERSION
+80/tcp open  http    syn-ack nginx 1.18.0
+| http-vhosts: 
+|_128 names had status 302
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+| http-sitemap-generator: 
+|   Directory structure:
+|   Longest directory structure:
+|     Depth: 0
+|     Dir: /
+|   Total files found (by extension):
+|_    
+|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-fetch: Please enter the complete path of the directory to save data in.
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-chrono: Request times for /; avg: 215.68ms; min: 203.92ms; max: 255.33ms
+|_http-server-header: nginx/1.18.0
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-mobileversion-checker: No mobile version detected.
+| http-methods: 
+|_  Supported Methods: GET HEAD POST OPTIONS
+|_http-title: Did not follow redirect to http://metapress.htb/
+|_http-errors: Couldn't find any error pages.
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+|_http-comments-displayer: Couldn't find any comments.
+|_http-feed: Couldn't find any feeds.
+| http-headers: 
+|   Server: nginx/1.18.0
+|   Date: Wed, 25 Jan 2023 16:18:51 GMT
+|   Content-Type: text/html
+|   Content-Length: 145
+|   Connection: close
+|   Location: http://metapress.htb/
+|   
+|_  (Request type: GET)
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+|_http-referer-checker: Couldn't find any cross-domain scripts.
+|_http-date: Wed, 25 Jan 2023 16:18:48 GMT; +2s from local time.
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+| http-useragent-tester: 
+|   Status for browser useragent: 200
+|   Redirected To: http://metapress.htb/
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+| http-security-headers: 
+|   Cache_Control: 
+|     Header: Cache-Control: no-store, no-cache, must-revalidate
+|   Pragma: 
+|     Header: Pragma: no-cache
+|   Expires: 
+|_    Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Wed Jan 25 11:20:01 2023 -- 1 IP address (1 host up) scanned in 81.17 seconds

HTB/metatwo/results/scans/tcp80/tcp_80_http_whatweb.txt

@@ -0,0 +1,138 @@
+WhatWeb report for http://10.10.11.186:80
+Status    : 302 Found
+Title     : 302 Found
+IP        : 10.10.11.186
+Country   : RESERVED, ZZ
+
+Summary   : HTTPServer[nginx/1.18.0], nginx[1.18.0], RedirectLocation[http://metapress.htb/]
+
+Detected Plugins:
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	String       : nginx/1.18.0 (from server string)
+
+[ RedirectLocation ]
+	HTTP Server string location. used with http-status 301 and
+	302
+
+	String       : http://metapress.htb/ (from location)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 302 Moved Temporarily
+	Server: nginx/1.18.0
+	Date: Wed, 25 Jan 2023 16:18:42 GMT
+	Content-Type: text/html
+	Content-Length: 145
+	Connection: close
+	Location: http://metapress.htb/
+
+WhatWeb report for http://metapress.htb/
+Status    : 200 OK
+Title     : MetaPress – Official company site
+IP        : 10.10.11.186
+Country   : RESERVED, ZZ
+
+Summary   : Cookies[PHPSESSID], HTML5, HTTPServer[nginx/1.18.0], MetaGenerator[WordPress 5.6.2], nginx[1.18.0], PHP[8.0.24], PoweredBy[--], Script, UncommonHeaders[link], WordPress[5.6.2], X-Powered-By[PHP/8.0.24]
+
+Detected Plugins:
+[ Cookies ]
+	Display the names of cookies in the HTTP headers. The
+	values are not returned to save on space.
+
+	String       : PHPSESSID
+
+[ HTML5 ]
+	HTML version 5, detected by the doctype declaration
+
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	String       : nginx/1.18.0 (from server string)
+
+[ MetaGenerator ]
+	This plugin identifies meta generator tags and extracts its
+	value.
+
+	String       : WordPress 5.6.2
+
+[ PHP ]
+	PHP is a widely-used general-purpose scripting language
+	that is especially suited for Web development and can be
+	embedded into HTML. This plugin identifies PHP errors,
+	modules and versions and extracts the local file path and
+	username if present.
+
+	Version      : 8.0.24
+	Google Dorks: (2)
+	Website     : http://www.php.net/
+
+[ PoweredBy ]
+	This plugin identifies instances of 'Powered by x' text and
+	attempts to extract the value for x.
+
+	String       : --
+
+[ Script ]
+	This plugin detects instances of script HTML elements and
+	returns the script language/type.
+
+
+[ UncommonHeaders ]
+	Uncommon HTTP server headers. The blacklist includes all
+	the standard headers and many non standard but common ones.
+	Interesting but fairly common headers should have their own
+	plugins, eg. x-powered-by, server and x-aspnet-version.
+	Info about headers can be found at www.http-stats.com
+
+	String       : link (from headers)
+
+[ WordPress ]
+	WordPress is an opensource blogging system commonly used as
+	a CMS.
+
+	Version      : 5.6.2
+	Aggressive function available (check plugin file or details).
+	Google Dorks: (1)
+	Website     : http://www.wordpress.org/
+
+[ X-Powered-By ]
+	X-Powered-By HTTP header
+
+	String       : PHP/8.0.24 (from x-powered-by string)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 200 OK
+	Server: nginx/1.18.0
+	Date: Wed, 25 Jan 2023 16:18:42 GMT
+	Content-Type: text/html; charset=UTF-8
+	Transfer-Encoding: chunked
+	Connection: close
+	X-Powered-By: PHP/8.0.24
+	Set-Cookie: PHPSESSID=2ov58ptej4gtfom05meggtjkus; path=/
+	Expires: Thu, 19 Nov 1981 08:52:00 GMT
+	Cache-Control: no-store, no-cache, must-revalidate
+	Pragma: no-cache
+	Link: <http://metapress.htb/wp-json/>; rel="https://api.w.org/"
+	Content-Encoding: gzip
+
+

HTB/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186" start="1674663519" startstr="Wed Jan 25 11:18:39 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1" services="80"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="NSE" time="1674663520"/>
+<taskend task="NSE" time="1674663520"/>
+<taskbegin task="Connect Scan" time="1674663520"/>
+<taskend task="Connect Scan" time="1674663520" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1674663520"/>
+<taskend task="Service scan" time="1674663526" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1674663526"/>
+<taskprogress task="NSE" time="1674663557" percent="99.67" remaining="1" etc="1674663557"/>
+<taskprogress task="NSE" time="1674663587" percent="99.67" remaining="1" etc="1674663587"/>
+<taskend task="NSE" time="1674663600"/>
+<taskbegin task="NSE" time="1674663600"/>
+<taskend task="NSE" time="1674663601"/>
+<taskbegin task="NSE" time="1674663601"/>
+<taskend task="NSE" time="1674663601"/>
+<host starttime="1674663520" endtime="1674663601"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.186" addrtype="ipv4"/>
+<hostnames>
+<hostname name="metatwo.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe></service><script id="http-vhosts" output="&#xa;128 names had status 302"/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-sitemap-generator" output="&#xa;  Directory structure:&#xa;  Longest directory structure:&#xa;    Depth: 0&#xa;    Dir: /&#xa;  Total files found (by extension):&#xa;    &#xa;"/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
+</script><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-chrono" output="Request times for /; avg: 215.68ms; min: 203.92ms; max: 255.33ms"/><script id="http-server-header" output="nginx/1.18.0"><elem>nginx/1.18.0</elem>
+</script><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+<elem>POST</elem>
+<elem>OPTIONS</elem>
+</table>
+</script><script id="http-title" output="Did not follow redirect to http://metapress.htb/"><elem key="redirect_url">http://metapress.htb/</elem>
+</script><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-comments-displayer" output="Couldn&apos;t find any comments."/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-headers" output="&#xa;  Server: nginx/1.18.0&#xa;  Date: Wed, 25 Jan 2023 16:18:51 GMT&#xa;  Content-Type: text/html&#xa;  Content-Length: 145&#xa;  Connection: close&#xa;  Location: http://metapress.htb/&#xa;  &#xa;  (Request type: GET)&#xa;"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-date" output="Wed, 25 Jan 2023 16:18:48 GMT; +2s from local time."><elem key="date">2023-01-25T16:18:48+00:00</elem>
+<elem key="delta">2.0</elem>
+</script><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-useragent-tester" output="&#xa;  Status for browser useragent: 200&#xa;  Redirected To: http://metapress.htb/&#xa;  Allowed User Agents: &#xa;    Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa;    libwww&#xa;    lwp-trivial&#xa;    libcurl-agent/1.0&#xa;    PHP/&#xa;    Python-urllib/2.5&#xa;    GT::WWW&#xa;    Snoopy&#xa;    MFC_Tear_Sample&#xa;    HTTP::Lite&#xa;    PHPCrawl&#xa;    URI::Fetch&#xa;    Zend_Http_Client&#xa;    http client&#xa;    PECL::HTTP&#xa;    Wget/1.13.4 (linux-gnu)&#xa;    WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
+<elem key="Redirected To">http://metapress.htb/</elem>
+<table key="Allowed User Agents">
+<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
+<elem>libwww</elem>
+<elem>lwp-trivial</elem>
+<elem>libcurl-agent/1.0</elem>
+<elem>PHP/</elem>
+<elem>Python-urllib/2.5</elem>
+<elem>GT::WWW</elem>
+<elem>Snoopy</elem>
+<elem>MFC_Tear_Sample</elem>
+<elem>HTTP::Lite</elem>
+<elem>PHPCrawl</elem>
+<elem>URI::Fetch</elem>
+<elem>Zend_Http_Client</elem>
+<elem>http client</elem>
+<elem>PECL::HTTP</elem>
+<elem>Wget/1.13.4 (linux-gnu)</elem>
+<elem>WWW-Mechanize/1.34</elem>
+</table>
+</script><script id="http-security-headers" output="&#xa;  Cache_Control: &#xa;    Header: Cache-Control: no-store, no-cache, must-revalidate&#xa;  Pragma: &#xa;    Header: Pragma: no-cache&#xa;  Expires: &#xa;    Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT"><table key="Cache_Control">
+<elem>Header: Cache-Control: no-store, no-cache, must-revalidate</elem>
+</table>
+<table key="Pragma">
+<elem>Header: Pragma: no-cache</elem>
+</table>
+<table key="Expires">
+<elem>Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT</elem>
+</table>
+</script><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/></port>
+</ports>
+<times srtt="28483" rttvar="28483" to="142415"/>
+</host>
+<taskbegin task="NSE" time="1674663601"/>
+<taskend task="NSE" time="1674663601"/>
+<taskbegin task="NSE" time="1674663601"/>
+<taskend task="NSE" time="1674663601"/>
+<taskbegin task="NSE" time="1674663601"/>
+<taskend task="NSE" time="1674663601"/>
+<runstats><finished time="1674663601" timestr="Wed Jan 25 11:20:01 2023" summary="Nmap done at Wed Jan 25 11:20:01 2023; 1 IP address (1 host up) scanned in 81.17 seconds" elapsed="81.17" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>