init htb

old htb folders
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
--- a/HTB/stocker/results/10.10.11.196/scans/tcp80/xml/tcp_80_http_nmap.xml
+++ b/HTB/stocker/results/10.10.11.196/scans/tcp80/xml/tcp_80_http_nmap.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Jan 24 10:10:21 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/stocker/results/10.10.11.196/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/stocker/results/10.10.11.196/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.196 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 80 &quot;-&#45;script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)&quot; -oN /home/kali/htb/stocker/results/10.10.11.196/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/stocker/results/10.10.11.196/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.196" start="1674573021" startstr="Tue Jan 24 10:10:21 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="connect" protocol="tcp" numservices="1" services="80"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1674573021"/>
+<taskend task="NSE" time="1674573021"/>
+<taskbegin task="NSE" time="1674573021"/>
+<taskend task="NSE" time="1674573021"/>
+<taskbegin task="NSE" time="1674573021"/>
+<taskend task="NSE" time="1674573021"/>
+<taskbegin task="Connect Scan" time="1674573021"/>
+<taskend task="Connect Scan" time="1674573021" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1674573022"/>
+<taskend task="Service scan" time="1674573028" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1674573028"/>
+<taskprogress task="NSE" time="1674573059" percent="99.67" remaining="1" etc="1674573059"/>
+<taskprogress task="NSE" time="1674573089" percent="99.67" remaining="1" etc="1674573089"/>
+<taskprogress task="NSE" time="1674573119" percent="99.67" remaining="1" etc="1674573119"/>
+<taskend task="NSE" time="1674573137"/>
+<taskbegin task="NSE" time="1674573137"/>
+<taskend task="NSE" time="1674573137"/>
+<taskbegin task="NSE" time="1674573137"/>
+<taskend task="NSE" time="1674573137"/>
+<host starttime="1674573021" endtime="1674573137"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.10.11.196" addrtype="ipv4"/>
+<hostnames>
+<hostname name="stocker.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" product="nginx" version="1.18.0" extrainfo="Ubuntu" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.18.0</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="http-vhosts" output="&#xa;128 names had status 301"/><script id="http-comments-displayer" output="&#xa;Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=stocker.htb&#xa;    &#xa;    Path: http://stocker.htb:80/js/bootstrap.bundle.min.js&#xa;    Line number: 1&#xa;    Comment: &#xa;        /*!&#xa;          * Bootstrap v5.2.0-beta1 (https://getbootstrap.com/)&#xa;          * Copyright 2011-2022 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)&#xa;          * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)&#xa;          */&#xa;    &#xa;    Path: http://stocker.htb:80/css/theme.min.css&#xa;    Line number: 1&#xa;    Comment: &#xa;        /*!&#xa;         * Bootstrap v5.2.0-beta1 (https://getbootstrap.com/)&#xa;         * Copyright 2011-2022 The Bootstrap Authors&#xa;         * Copyright 2011-2022 Twitter, Inc.&#xa;         * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)&#xa;         */&#xa;    &#xa;    Path: http://stocker.htb:80/&#xa;    Line number: 26&#xa;    Comment: &#xa;        /* Chrome 26+, Opera 23+, Firefox 39+ */&#xa;    &#xa;    Path: http://stocker.htb:80/&#xa;    Line number: 26&#xa;    Comment: &#xa;        /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */&#xa;    &#xa;    Path: http://stocker.htb:80/&#xa;    Line number: 296&#xa;    Comment: &#xa;         // values from 0 to 3000, with step 50ms&#xa;    &#xa;    Path: http://stocker.htb:80/&#xa;    Line number: 17&#xa;    Comment: &#xa;        &lt;!-&#45; https://onepagelove.com/stride -&#45;&gt;&#xa;    &#xa;    Path: http://stocker.htb:80/&#xa;    Line number: 19&#xa;    Comment: &#xa;        /* inter-300 - latin */&#xa;"/><script id="http-csrf" output="Couldn&apos;t find any CSRF vulnerabilities."/><script id="http-generator" output="Eleventy v2.0.0"/><script id="http-headers" output="&#xa;  Server: nginx/1.18.0 (Ubuntu)&#xa;  Date: Tue, 24 Jan 2023 15:10:32 GMT&#xa;  Content-Type: text/html&#xa;  Content-Length: 15463&#xa;  Last-Modified: Wed, 21 Dec 2022 18:31:13 GMT&#xa;  Connection: close&#xa;  ETag: &quot;63a350f1-3c67&quot;&#xa;  Accept-Ranges: bytes&#xa;  &#xa;  (Request type: HEAD)&#xa;"/><script id="http-devframework" output="Couldn&apos;t determine the underlying framework or CMS. Try increasing &apos;httpspider.maxpagecount&apos; value to spider more pages."/><script id="http-sitemap-generator" output="&#xa;  Directory structure:&#xa;    /&#xa;      Other: 1&#xa;    /css/&#xa;      css: 1&#xa;    /img/&#xa;      png: 4&#xa;    /img/webp/&#xa;      webp: 5&#xa;    /js/&#xa;      js: 2&#xa;  Longest directory structure:&#xa;    Depth: 2&#xa;    Dir: /img/webp/&#xa;  Total files found (by extension):&#xa;    Other: 1; css: 1; js: 2; png: 4; webp: 5&#xa;"/><script id="http-php-version" output="Logo query returned unknown hash 7ba217d3a2cde23c0377fb7815791eae&#xa;Credits query returned unknown hash 7ba217d3a2cde23c0377fb7815791eae"/><script id="http-date" output="Tue, 24 Jan 2023 15:10:28 GMT; 0s from local time."><elem key="date">2023-01-24T15:10:28+00:00</elem>
+<elem key="delta">0.0</elem>
+</script><script id="http-fetch" output="Please enter the complete path of the directory to save data in."><elem key="ERROR">Please enter the complete path of the directory to save data in.</elem>
+</script><script id="http-chrono" output="Request times for /; avg: 274.24ms; min: 207.28ms; max: 338.16ms"/><script id="http-stored-xss" output="Couldn&apos;t find any stored XSS vulnerabilities."/><script id="http-litespeed-sourcecode-download" output="Request with null byte did not work. This web server might not be vulnerable"/><script id="http-useragent-tester" output="&#xa;  Status for browser useragent: 200&#xa;  Allowed User Agents: &#xa;    Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)&#xa;    libwww&#xa;    lwp-trivial&#xa;    libcurl-agent/1.0&#xa;    PHP/&#xa;    Python-urllib/2.5&#xa;    GT::WWW&#xa;    Snoopy&#xa;    MFC_Tear_Sample&#xa;    HTTP::Lite&#xa;    PHPCrawl&#xa;    URI::Fetch&#xa;    Zend_Http_Client&#xa;    http client&#xa;    PECL::HTTP&#xa;    Wget/1.13.4 (linux-gnu)&#xa;    WWW-Mechanize/1.34"><elem key="Status for browser useragent">200</elem>
+<table key="Allowed User Agents">
+<elem>Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)</elem>
+<elem>libwww</elem>
+<elem>lwp-trivial</elem>
+<elem>libcurl-agent/1.0</elem>
+<elem>PHP/</elem>
+<elem>Python-urllib/2.5</elem>
+<elem>GT::WWW</elem>
+<elem>Snoopy</elem>
+<elem>MFC_Tear_Sample</elem>
+<elem>HTTP::Lite</elem>
+<elem>PHPCrawl</elem>
+<elem>URI::Fetch</elem>
+<elem>Zend_Http_Client</elem>
+<elem>http client</elem>
+<elem>PECL::HTTP</elem>
+<elem>Wget/1.13.4 (linux-gnu)</elem>
+<elem>WWW-Mechanize/1.34</elem>
+</table>
+</script><script id="http-referer-checker" output="Couldn&apos;t find any cross-domain scripts."/><script id="http-jsonp-detection" output="Couldn&apos;t find any JSONP endpoints."/><script id="http-server-header" output="nginx/1.18.0 (Ubuntu)"><elem>nginx/1.18.0 (Ubuntu)</elem>
+</script><script id="http-malware-host" output="Host appears to be clean"/><script id="http-wordpress-users" output="[Error] Wordpress installation was not found. We couldn&apos;t find wp-login.php"/><script id="http-drupal-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args number=&lt;number|all&gt; for deeper analysis)"/><script id="http-dombased-xss" output="Couldn&apos;t find any DOM based XSS."/><script id="http-title" output="Stock - Coming Soon!"><elem key="title">Stock - Coming Soon!</elem>
+</script><script id="http-errors" output="Couldn&apos;t find any error pages."/><script id="http-vuln-cve2011-3192" output="&#xa;  VULNERABLE:&#xa;  Apache byterange filter DoS&#xa;    State: VULNERABLE&#xa;    IDs:  CVE:CVE-2011-3192  BID:49303&#xa;      The Apache web server is vulnerable to a denial of service attack when numerous&#xa;      overlapping byte ranges are requested.&#xa;    Disclosure date: 2011-08-19&#xa;    References:&#xa;      https://www.tenable.com/plugins/nessus/55976&#xa;      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192&#xa;      https://seclists.org/fulldisclosure/2011/Aug/175&#xa;      https://www.securityfocus.com/bid/49303&#xa;"><table key="CVE-2011-3192">
+<elem key="title">Apache byterange filter DoS</elem>
+<elem key="state">VULNERABLE</elem>
+<table key="ids">
+<elem>CVE:CVE-2011-3192</elem>
+<elem>BID:49303</elem>
+</table>
+<table key="description">
+<elem>The Apache web server is vulnerable to a denial of service attack when numerous&#xa;overlapping byte ranges are requested.</elem>
+</table>
+<table key="dates">
+<table key="disclosure">
+<elem key="year">2011</elem>
+<elem key="day">19</elem>
+<elem key="month">08</elem>
+</table>
+</table>
+<elem key="disclosure">2011-08-19</elem>
+<table key="refs">
+<elem>https://www.tenable.com/plugins/nessus/55976</elem>
+<elem>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192</elem>
+<elem>https://seclists.org/fulldisclosure/2011/Aug/175</elem>
+<elem>https://www.securityfocus.com/bid/49303</elem>
+</table>
+</table>
+</script><script id="http-wordpress-enum" output="Nothing found amongst the top 100 resources,use -&#45;script-args search-limit=&lt;number|all&gt; for deeper analysis)"/><script id="http-mobileversion-checker" output="No mobile version detected."/><script id="http-methods" output="&#xa;  Supported Methods: GET HEAD"><table key="Supported Methods">
+<elem>GET</elem>
+<elem>HEAD</elem>
+</table>
+</script><script id="http-favicon" output="Unknown favicon MD5: 4EB67963EC58BC699F15F80BBE1D91CC"/><script id="http-config-backup" output="ERROR: Script execution failed (use -d to debug)"/><script id="http-security-headers" output=""></script><script id="http-feed" output="Couldn&apos;t find any feeds."/></port>
+</ports>
+<times srtt="68043" rttvar="68043" to="340215"/>
+</host>
+<taskbegin task="NSE" time="1674573137"/>
+<taskend task="NSE" time="1674573137"/>
+<taskbegin task="NSE" time="1674573137"/>
+<taskend task="NSE" time="1674573137"/>
+<taskbegin task="NSE" time="1674573137"/>
+<taskend task="NSE" time="1674573137"/>
+<runstats><finished time="1674573137" timestr="Tue Jan 24 10:12:17 2023" summary="Nmap done at Tue Jan 24 10:12:17 2023; 1 IP address (1 host up) scanned in 116.95 seconds" elapsed="116.95" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>