simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init htb

Browse Source 
old htb folders
This commit is contained in:
Simon
2023-08-29 21:53:22 +02:00
parent 62ab804867
commit 82b0759f1e
21891 changed files with 6277643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
HTB/vessel/results/vessel.htb/report/local.txt Normal file
View File

8
HTB/vessel/results/vessel.htb/report/notes.txt Normal file
View File

@@ -0,0 +1,8 @@
[*] ssh found on tcp/22.
[*] http found on tcp/80.

0
HTB/vessel/results/vessel.htb/report/proof.txt Normal file
View File

35
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Commands.md Normal file
View File

@@ -0,0 +1,35 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" vessel.htb
feroxbuster -u http://vessel.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://vessel.htb:80/.well-known/security.txt
curl -sSikf http://vessel.htb:80/robots.txt
curl -sSik http://vessel.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" vessel.htb
curl -sk -o /dev/null -H "Host: kDywtcGVDsujHqGJpfZX.vessel.htb" http://vessel.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://vessel.htb:80 2>&1
wkhtmltoimage --format png http://vessel.htb:80/ /home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://vessel.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.vessel.htb" -fs 15030 -noninteractive -s | tee "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_vessel.htb_vhosts_subdomains-top1million-110000.txt"
```

35
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Manual Commands.md Normal file
View File

@@ -0,0 +1,35 @@
```bash
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://vessel.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h vessel.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://vessel.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://vessel.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h vessel.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://vessel.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h vessel.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://vessel.htb:80 2>&1 | tee "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://vessel.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_wpscan.txt"
```

4
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Patterns.md Normal file
View File

@@ -0,0 +1,4 @@
Matched Pattern: Powered-By: Express
Identified HTTP Server: Apache/2.4.41 (Ubuntu)

79
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Port Scans/PortScan - All TCP Ports.md Normal file
View File

@@ -0,0 +1,79 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml" vessel.htb
```
[/home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Sun Feb 12 18:14:45 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml vessel.htb
adjust_timeouts2: packet supposedly had rtt of -646965 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -646965 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -637564 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -637564 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -640767 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -640767 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -647981 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -647981 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -165444 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -165444 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -581090 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -581090 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -293226 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -293226 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -554224 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -554224 microseconds. Ignoring time.
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.039s latency).
Scanned at 2023-02-12 18:14:46 CET for 58s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 38c297327b9ec565b44b4ea330a59aa5 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=
| 256 33b355f4a17ff84e48dac5296313833d (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=
| 256 a1f1881c3a397274e6301f28b680254e (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Vessel
|_http-trane-info: Problem with XML parsing of /evox/about
|_http-favicon: Unknown favicon MD5: 9A251AF46E55C650807793D0DB9C38B8
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.41 (Ubuntu)
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.3 (95%), Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 5.0 - 5.4 (93%)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=2/12%OT=22%CT=1%CU=42592%PV=Y%DS=2%DC=T%G=Y%TM=63E91EC
OS:0%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10E%TI=Z%CI=Z%II=I%TS=A)SEQ
OS:(SP=102%GCD=1%ISR=10E%TI=Z%CI=Z%TS=A)SEQ(TS=9)OPS(O1=M54EST11NW7%O2=M54E
OS:ST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)WIN(W1
OS:=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%TG=40%W=FAF0%
OS:O=M54ENNSNW7%CC=Y%Q=)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M54ENNSNW7%CC=Y%Q=)T1(R=
OS:Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q
OS:=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T4(R=Y%DF=Y
OS:%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F
OS:=AR%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T5(R=N)T6(R
OS:=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=
OS:R%O=%RD=0%Q=)T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T7(R=Y%DF=Y%
OS:T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T7(R=N)U1(R=N)U1(R=Y%DF=N%T=40%IPL=164
OS:%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%TG=40%CD=S)IE(R=Y%D
OS:FI=N%T=40%CD=S)
Uptime guess: 48.037 days (since Mon Dec 26 17:23:10 2022)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 587/tcp)
HOP RTT ADDRESS
1 35.37 ms 10.10.16.1
2 35.59 ms vessel.htb (10.10.11.178)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:15:44 2023 -- 1 IP address (1 host up) scanned in 59.61 seconds
```

49
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Port Scans/PortScan - Top 100 UDP Ports.md Normal file
View File

@@ -0,0 +1,49 @@
```bash
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml" vessel.htb
```
[/home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt):
```
# Nmap 7.93 scan initiated Sun Feb 12 18:14:45 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml vessel.htb
Increasing send delay for 10.10.11.178 from 0 to 50 due to 11 out of 16 dropped probes since last increase.
Warning: 10.10.11.178 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.178 from 200 to 400 due to 11 out of 12 dropped probes since last increase.
Increasing send delay for 10.10.11.178 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
adjust_timeouts2: packet supposedly had rtt of -424053 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -429077 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -429077 microseconds. Ignoring time.
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.041s latency).
Scanned at 2023-02-12 18:14:46 CET for 240s
Not shown: 93 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
68/udp open|filtered dhcpc no-response
135/udp open|filtered msrpc no-response
1646/udp open|filtered radacct no-response
4500/udp open|filtered nat-t-ike no-response
31337/udp open|filtered BackOrifice no-response
32815/udp open|filtered unknown no-response
49186/udp open|filtered unknown no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/12%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E91F76%P=x86_64-pc-linux-gnu)
SEQ(CI=Z)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 996/udp)
HOP RTT ADDRESS
1 44.80 ms 10.10.16.1
2 62.53 ms vessel.htb (10.10.11.178)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:18:46 2023 -- 1 IP address (1 host up) scanned in 241.44 seconds
```

62
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Port Scans/PortScan - Top TCP Ports.md Normal file
View File

@@ -0,0 +1,62 @@
```bash
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml" vessel.htb
```
[/home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt):
```
# Nmap 7.93 scan initiated Sun Feb 12 18:14:45 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml vessel.htb
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.042s latency).
Scanned at 2023-02-12 18:14:45 CET for 29s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 38c297327b9ec565b44b4ea330a59aa5 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=
| 256 33b355f4a17ff84e48dac5296313833d (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=
| 256 a1f1881c3a397274e6301f28b680254e (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu))
|_http-trane-info: Problem with XML parsing of /evox/about
|_http-favicon: Unknown favicon MD5: 9A251AF46E55C650807793D0DB9C38B8
|_http-title: Vessel
|_http-server-header: Apache/2.4.41 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
No OS matches for host
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/12%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E91EA2%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10E%TI=Z%TS=A)
OPS(O1=M54EST11NW7%O2=M54EST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=N)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T5(R=N)
T6(R=N)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 48.036 days (since Mon Dec 26 17:23:10 2022)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 8888/tcp)
HOP RTT ADDRESS
1 33.64 ms 10.10.16.1
2 34.24 ms vessel.htb (10.10.11.178)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:15:14 2023 -- 1 IP address (1 host up) scanned in 29.91 seconds
```

71
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Services/Service - tcp-22-ssh/Nmap SSH.md Normal file
View File

@@ -0,0 +1,71 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" vessel.htb
```
[/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt):
```
# Nmap 7.93 scan initiated Sun Feb 12 18:15:15 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml vessel.htb
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.073s latency).
Scanned at 2023-02-12 18:15:15 CET for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
|_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
| ssh-hostkey:
| 3072 38c297327b9ec565b44b4ea330a59aa5 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=
| 256 33b355f4a17ff84e48dac5296313833d (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=
| 256 a1f1881c3a397274e6301f28b680254e (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq
| ssh2-enum-algos:
| kex_algorithms: (9)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:15:17 2023 -- 1 IP address (1 host up) scanned in 3.03 seconds
```

18
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Services/Service - tcp-80-http/Curl Robots.md Normal file
View File

@@ -0,0 +1,18 @@
```bash
curl -sSikf http://vessel.htb:80/robots.txt
```
[/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_curl-robots.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_curl-robots.txt):
```
HTTP/1.1 302 Found
Date: Sun, 12 Feb 2023 17:15:15 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: Express
Location: /404
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 26
Found. Redirecting to /404
```

262
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Services/Service - tcp-80-http/Curl.md Normal file
View File

@@ -0,0 +1,262 @@
```bash
curl -sSik http://vessel.htb:80/
```
[/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_curl.html](file:///home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_curl.html):
```
HTTP/1.1 200 OK
Date: Sun, 12 Feb 2023 17:15:15 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 15030
ETag: W/"3ab6-fxJsnDvEyrs1BpGR1cM7Ovl8AME"
Vary: Accept-Encoding
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>Vessel</title>
<!-- Favicon-->
<link rel="icon" type="image/x-icon" href="favicon.ico" />
<!-- Bootstrap Icons-->
<link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css" rel="stylesheet" />
<!-- Google fonts-->
<link href="https://fonts.googleapis.com/css?family=Merriweather+Sans:400,700" rel="stylesheet" />
<link href="https://fonts.googleapis.com/css?family=Merriweather:400,300,300italic,400italic,700,700italic" rel="stylesheet" type="text/css" />
<!-- SimpleLightbox plugin CSS-->
<link href="https://cdnjs.cloudflare.com/ajax/libs/SimpleLightbox/2.1.0/simpleLightbox.min.css" rel="stylesheet" />
<!-- Core theme CSS (includes Bootstrap)-->
<link href="/css/styles.css" rel="stylesheet" />
</head>
<body id="page-top">
<!-- Navigation-->
<nav class="navbar navbar-expand-lg navbar-light fixed-top py-3" id="mainNav">
<div class="container px-4 px-lg-5">
<a class="navbar-brand" href="#page-top">Vessel</a>
<button class="navbar-toggler navbar-toggler-right" type="button" data-bs-toggle="collapse" data-bs-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation"><span class="navbar-toggler-icon"></span></button>
<div class="collapse navbar-collapse" id="navbarResponsive">
<ul class="navbar-nav ms-auto my-2 my-lg-0">
<li class="nav-item"><a class="nav-link" href="#about">About</a></li>
<li class="nav-item"><a class="nav-link" href="#services">Services</a></li>
<li class="nav-item"><a class="nav-link" href="#portfolio">Portfolio</a></li>
<li class="nav-item"><a class="nav-link" href="#contact">Contact</a></li>
<li class="nav-item"><a class="nav-link" href="/login">Login</a></li>
</ul>
</div>
</div>
</nav>
<!-- Masthead-->
<header class="masthead">
<div class="container px-4 px-lg-5 h-100">
<div class="row gx-4 gx-lg-5 h-100 align-items-center justify-content-center text-center">
<div class="col-lg-8 align-self-end">
<h1 class="text-white font-weight-bold">Vessel</h1>
<hr class="divider" />
</div>
<div class="col-lg-8 align-self-baseline">
<p class="text-white-75 mb-5">We at Vessel making and selling projects for big and small companies! </p>
<a class="btn btn-primary btn-xl" href="#about">Find Out More</a>
</div>
</div>
</div>
</header>
<!-- About-->
<section class="page-section bg-primary" id="about">
<div class="container px-4 px-lg-5">
<div class="row gx-4 gx-lg-5 justify-content-center">
<div class="col-lg-8 text-center">
<h2 class="text-white mt-0">We've got what you need!</h2>
<hr class="divider divider-light" />
<p class="text-white-75 mb-4">We do many different projects on different subjects. We make robots, sites and a lot more!</p>
<a class="btn btn-light btn-xl" href="#services">Get Started!</a>
</div>
</div>
</div>
</section>
<!-- Services-->
<section class="page-section" id="services">
<div class="container px-4 px-lg-5">
<h2 class="text-center mt-0">At Your Service</h2>
<hr class="divider" />
<div class="row gx-4 gx-lg-5">
<div class="col-lg-3 col-md-6 text-center">
<div class="mt-5">
<div class="mb-2"><i class="bi-gem fs-1 text-primary"></i></div>
<h3 class="h4 mb-2">Quality</h3>
<p class="text-muted mb-0">We have a big specialized team. Our products is also from the best quality!</p>
</div>
</div>
<div class="col-lg-3 col-md-6 text-center">
<div class="mt-5">
<div class="mb-2"><i class="bi-laptop fs-1 text-primary"></i></div>
<h3 class="h4 mb-2">Up to Date</h3>
<p class="text-muted mb-0">We work with the newest software and hardware!</p>
</div>
</div>
<div class="col-lg-3 col-md-6 text-center">
<div class="mt-5">
<div class="mb-2"><i class="bi-globe fs-1 text-primary"></i></div>
<h3 class="h4 mb-2">Worldwide</h3>
<p class="text-muted mb-0">We have clients from all over the world.</p>
</div>
</div>
<div class="col-lg-3 col-md-6 text-center">
<div class="mt-5">
<div class="mb-2"><i class="bi-heart fs-1 text-primary"></i></div>
<h3 class="h4 mb-2">Made with Love</h3>
<p class="text-muted mb-0">We make our projects with love.</p>
</div>
</div>
</div>
</div>
</section>
<!-- Portfolio-->
<div id="portfolio">
<div class="container-fluid p-0">
<div class="row g-0">
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/1.jpg" title="Robots">
<img class="img-fluid" src="img/portfolio/thumbnails/1.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Robots</div>
<div class="project-name">We make different kind of robots, small and big ones.</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/2.jpg" title="Software">
<img class="img-fluid" src="img/portfolio/thumbnails/2.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Software</div>
<div class="project-name">We use the newest software.</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/3.jpg" title="Hardware">
<img class="img-fluid" src="img/portfolio/thumbnails/3.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Hardware</div>
<div class="project-name">We also use the newest hardware.</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/4.jpg" title="Mechanical work">
<img class="img-fluid" src="img/portfolio/thumbnails/4.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Mechanical work</div>
<div class="project-name">We have our own mechanics for installing our products.</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/5.jpg" title="Service">
<img class="img-fluid" src="img/portfolio/thumbnails/5.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Service</div>
<div class="project-name">We have our own customer service, 24/7 available!</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/6.jpg" title="something">
<img class="img-fluid" src="img/portfolio/thumbnails/6.jpg" alt="..." />
<div class="portfolio-box-caption p-3">
<div class="project-category text-white-50"></div>
<div class="project-name"></div>
</div>
</a>
</div>
</div>
</div>
</div>
</section>
<!-- Contact-->
<section class="page-section" id="contact">
<div class="container px-4 px-lg-5">
<div class="row gx-4 gx-lg-5 justify-content-center">
<div class="col-lg-8 col-xl-6 text-center">
<h2 class="mt-0">Let's Get In Touch!</h2>
<hr class="divider" />
<p class="text-muted mb-5">Ready to start your next project with us? Send us a messages and we will get back to you as soon as possible!</p>
</div>
</div>
<div class="row gx-4 gx-lg-5 justify-content-center mb-5">
<div class="col-lg-6">
<form id="contactForm" data-sb-form-api-token="API_TOKEN">
<!-- Name input-->
<div class="form-floating mb-3">
<input class="form-control" id="name" type="text" placeholder="Enter your name..." data-sb-validations="required" />
<label for="name">Full name</label>
<div class="invalid-feedback" data-sb-feedback="name:required">A name is required.</div>
</div>
<!-- Email address input-->
<div class="form-floating mb-3">
<input class="form-control" id="email" type="email" placeholder="name@example.com" data-sb-validations="required,email" />
<label for="email">Email address</label>
<div class="invalid-feedback" data-sb-feedback="email:required">An email is required.</div>
<div class="invalid-feedback" data-sb-feedback="email:email">Email is not valid.</div>
</div>
<!-- Phone number input-->
<div class="form-floating mb-3">
<input class="form-control" id="phone" type="tel" placeholder="(123) 456-7890" data-sb-validations="required" />
<label for="phone">Phone number</label>
<div class="invalid-feedback" data-sb-feedback="phone:required">A phone number is required.</div>
</div>
<!-- Message input-->
<div class="form-floating mb-3">
<textarea class="form-control" id="message" type="text" placeholder="Enter your message here..." style="height: 10rem" data-sb-validations="required"></textarea>
<label for="message">Message</label>
<div class="invalid-feedback" data-sb-feedback="message:required">A message is required.</div>
</div>
<!-- Submit success message-->
<!---->
<!-- This is what your users will see when the form-->
<!-- has successfully submitted-->
<div class="d-none" id="submitSuccessMessage">
<div class="text-center mb-3">
<div class="fw-bolder">Form submission successful!</div>
<br />
</div>
</div>
<!-- Submit error message-->
<!---->
<!-- This is what your users will see when there is-->
<!-- an error submitting the form-->
<div class="d-none" id="submitErrorMessage"><div class="text-center text-danger mb-3">Error sending message!</div></div>
<!-- Submit Button-->
<div class="d-grid"><button class="btn btn-primary btn-xl disabled" id="submitButton" type="submit">Submit</button></div>
</form>
</div>
</div>
<div class="row gx-4 gx-lg-5 justify-content-center">
<div class="col-lg-4 text-center mb-5 mb-lg-0">
<i class="bi-phone fs-2 mb-3 text-muted"></i>
<div>+1 (555) 123-4567</div>
</div>
</div>
</div>
</section>
<!-- Footer-->
<footer class="bg-light py-5">
<div class="container px-4 px-lg-5"><div class="small text-center text-muted">Copyright &copy; 2022 - Vessel.htb</div></div>
</footer>
<!-- Bootstrap core JS-->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<!-- SimpleLightbox plugin JS-->
<script src="https://cdnjs.cloudflare.com/ajax/libs/SimpleLightbox/2.1.0/simpleLightbox.min.js"></script>
<!-- Core theme JS-->
<script src="/js/scripts.js"></script>
<script src="https://cdn.startbootstrap.com/sb-forms-latest.js"></script>
</body>
</html>
```

51
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Services/Service - tcp-80-http/Directory Buster.md Normal file
View File

@@ -0,0 +1,51 @@
```bash
feroxbuster -u http://vessel.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
```
[/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt):
```
WLD GET 1l 4w 26c Got 302 for http://vessel.htb/3dcb5642413842869d527ae1075c4f95 (url length: 32)
WLD - - - http://vessel.htb/3dcb5642413842869d527ae1075c4f95 => http://vessel.htb/404
WLD GET 1l 4w 26c Got 302 for http://vessel.htb/5b8de1358fc7463d9a1850338eee4b9be98b54c30b664243a7a24e4211cbe7f30463b1e3702349b39c6ff83af3cd3324 (url length: 96)
WLD - - - http://vessel.htb/5b8de1358fc7463d9a1850338eee4b9be98b54c30b664243a7a24e4211cbe7f30463b1e3702349b39c6ff83af3cd3324 => http://vessel.htb/404
200 GET 587l 4806w 250242c http://vessel.htb/img/portfolio/thumbnails/3.jpg
200 GET 919l 5377w 240234c http://vessel.htb/img/portfolio/thumbnails/2.jpg
200 GET 948l 5414w 244212c http://vessel.htb/img/portfolio/thumbnails/5.jpg
200 GET 59l 147w 1781c http://vessel.htb/js/scripts.js
200 GET 70l 182w 4213c http://vessel.htb/login
200 GET 1494l 8228w 362958c http://vessel.htb/img/portfolio/thumbnails/6.jpg
200 GET 11458l 22050w 213528c http://vessel.htb/css/styles.css
200 GET 1277l 6344w 274424c http://vessel.htb/img/portfolio/thumbnails/4.jpg
200 GET 3452l 18206w 846003c http://vessel.htb/img/portfolio/thumbnails/1.jpg
200 GET 243l 871w 15030c http://vessel.htb/
200 GET 1l 176w 6119c http://vessel.htb/img/error-404-monochrome.svg
200 GET 51l 125w 2393c http://vessel.htb/404
200 GET 51l 117w 2335c http://vessel.htb/500
200 GET 11766l 22753w 223365c http://vessel.htb/css/style.css
200 GET 26l 70w 976c http://vessel.htb/js/script.js
200 GET 52l 120w 2400c http://vessel.htb/401
302 GET 1l 4w 28c http://vessel.htb/ADMIN => http://vessel.htb/login
302 GET 1l 4w 28c http://vessel.htb/Admin => http://vessel.htb/login
200 GET 89l 234w 5830c http://vessel.htb/register
200 GET 63l 177w 3637c http://vessel.htb/reset
200 GET 70l 182w 4213c http://vessel.htb/Login
302 GET 1l 4w 28c http://vessel.htb/admin => http://vessel.htb/login
301 GET 10l 16w 173c http://vessel.htb/css => http://vessel.htb/css/
301 GET 10l 16w 173c http://vessel.htb/dev => http://vessel.htb/dev/
301 GET 10l 16w 173c http://vessel.htb/img => http://vessel.htb/img/
301 GET 10l 16w 171c http://vessel.htb/js => http://vessel.htb/js/
302 GET 1l 4w 28c http://vessel.htb/logout => http://vessel.htb/login
403 GET 9l 28w 275c http://vessel.htb/server-status
200 GET 89l 234w 5830c http://vessel.htb/Register
302 GET 1l 4w 28c http://vessel.htb/Logout => http://vessel.htb/login
302 GET 1l 4w 28c http://vessel.htb/LogOut => http://vessel.htb/login
200 GET 70l 182w 4213c http://vessel.htb/LogIn
200 GET 70l 182w 4213c http://vessel.htb/LOGIN
200 GET 63l 177w 3637c http://vessel.htb/Reset
302 GET 1l 4w 28c http://vessel.htb/logOut => http://vessel.htb/login
302 GET 1l 4w 28c http://vessel.htb/AdMin => http://vessel.htb/login
302 GET 1l 4w 28c http://vessel.htb/admiN => http://vessel.htb/login
200 GET 70l 182w 4213c http://vessel.htb/logIn
```

18
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Services/Service - tcp-80-http/Known Security.md Normal file
View File

@@ -0,0 +1,18 @@
```bash
curl -sSikf http://vessel.htb:80/.well-known/security.txt
```
[/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_known-security.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_known-security.txt):
```
HTTP/1.1 302 Found
Date: Sun, 12 Feb 2023 17:15:15 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: Express
Location: /404
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 26
Found. Redirecting to /404
```

462
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Services/Service - tcp-80-http/Nmap HTTP.md Normal file
View File

@@ -0,0 +1,462 @@
```bash
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" vessel.htb
```
[/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nmap.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nmap.txt):
```
# Nmap 7.93 scan initiated Sun Feb 12 18:15:15 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/tcp80/xml/tcp_80_http_nmap.xml vessel.htb
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.14s latency).
Scanned at 2023-02-12 18:15:17 CET for 34s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu))
| http-sitemap-generator:
| Directory structure:
| /
| Other: 5
| /css/
| css: 2
| /img/portfolio/thumbnails/
| jpg: 6
| /js/
| js: 2
| Longest directory structure:
| Depth: 3
| Dir: /img/portfolio/thumbnails/
| Total files found (by extension):
|_ Other: 5; css: 2; jpg: 6; js: 2
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-errors: Couldn't find any error pages.
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-favicon: Unknown favicon MD5: 9A251AF46E55C650807793D0DB9C38B8
|_http-chrono: Request times for /; avg: 449.98ms; min: 194.04ms; max: 605.84ms
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
| http-grep:
| (1) http://vessel.htb:80/:
| (1) email:
| + name@example.com
| (1) http://vessel.htb:80/register:
| (1) email:
|_ + name@vessel.htb
|_http-date: Sun, 12 Feb 2023 17:15:29 GMT; -1s from local time.
|_http-trane-info: Problem with XML parsing of /evox/about
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-devframework: Express detected. Found Express in X-Powered-By Header
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-mobileversion-checker: No mobile version detected.
| http-vuln-cve2010-0738:
|_ /jmx-console/: Authentication was not required
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-referer-checker:
| Spidering limited to: maxpagecount=30
| https://cdn.jsdelivr.net:443/npm/bootstrap15.1.3/dist/js/bootstrap.bundle.min.js
| https://cdnjs.cloudflare.com:443/ajax/libs/font-awesome/5.15.3/js/all.min.js
| https://cdnjs.cloudflare.com:443/ajax/libs/SimpleLightbox/2.1.0/simpleLightbox.min.js
|_ https://cdn.startbootstrap.com:443/sb-forms-0.4.1.js
| http-fileupload-exploiter:
|
|_ Couldn't find a file-type field.
| http-vhosts:
|_128 names had status 200
|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
|_http-feed: Couldn't find any feeds.
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=vessel.htb
| Found the following possible CSRF vulnerabilities:
|
| Path: http://vessel.htb:80/login
| Form id: username
| Form action: /api/login
|
| Path: http://vessel.htb:80/register
| Form id: inputfirstname
| Form action: /api/register
|
| Path: http://vessel.htb:80/reset
| Form id: inputemail
|_ Form action: /api/reset
| http-comments-displayer:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=vessel.htb
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 41
| Comment:
| // Collapse responsive navbar when toggler is visible
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 18
| Comment:
| // }
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 1
| Comment:
| /*!
| * Start Bootstrap - SB Admin v7.0.4 (https://startbootstrap.com/template/sb-admin)
| * Copyright 2013-2021 Start Bootstrap
| * Licensed under MIT (https://github.com/StartBootstrap/startbootstrap-sb-admin/blob/master/LICENSE)
| */
|
| Path: http://vessel.htb:80/
| Line number: 204
| Comment:
| <!---->
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 12
| Comment:
| // Navbar shrink function
|
| Path: http://vessel.htb:80/
| Line number: 11
| Comment:
| <!-- Bootstrap Icons-->
|
| Path: http://vessel.htb:80/
| Line number: 53
| Comment:
| <!-- About-->
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 6
| Comment:
| //
|
| Path: http://vessel.htb:80/
| Line number: 13
| Comment:
| <!-- Google fonts-->
|
| Path: http://vessel.htb:80/
| Line number: 215
| Comment:
| <!-- This is what your users will see when there is-->
|
| Path: http://vessel.htb:80/
| Line number: 165
| Comment:
| <!-- Contact-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 440
| Comment:
| /* rtl:raw:
| [type="tel"],
| [type="url"],
| [type="email"],
| [type="number"] {
| direction: ltr;
| }
| */
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 8
| Comment:
|
| //
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 11616
| Comment:
| /* TABLE */
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 32
| Comment:
| // Activate Bootstrap scrollspy on the main nav element
|
| Path: http://vessel.htb:80/
| Line number: 178
| Comment:
| <!-- Name input-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 7732
| Comment:
| /* rtl:end:remove */
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 2
| Comment:
| /*!
| * Start Bootstrap - SB Admin v7.0.4 (https://startbootstrap.com/template/sb-admin)
| * Copyright 2013-2021 Start Bootstrap
| * Licensed under MIT (https://github.com/StartBootstrap/startbootstrap-sb-admin/blob/master/LICENSE)
| */
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 17
| Comment:
| // document.body.classList.toggle('sb-sidenav-toggled');
|
| Path: http://vessel.htb:80/
| Line number: 184
| Comment:
| <!-- Email address input-->
|
| Path: http://vessel.htb:80/
| Line number: 103
| Comment:
| <!-- Portfolio-->
|
| Path: http://vessel.htb:80/
| Line number: 218
| Comment:
| <!-- Submit Button-->
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 15
| Comment:
| // Uncomment Below to persist sidebar toggle between refreshes
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 7726
| Comment:
| /* rtl:begin:remove */
|
| Path: http://vessel.htb:80/
| Line number: 9
| Comment:
| <!-- Favicon-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 6133
| Comment:
| /* rtl:options: {
| "autoRename": true,
| "stringMap":[ {
| "name" : "prev-next",
| "search" : "prev",
| "replace" : "next"
| } ]
| } */
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 11587
| Comment:
| /* PAGER */
|
| Path: http://vessel.htb:80/css/styles.css
| Line number: 2
| Comment:
| /*!
| * Start Bootstrap - Creative v7.0.5 (https://startbootstrap.com/theme/creative)
| * Copyright 2013-2021 Start Bootstrap
| * Licensed under MIT (https://github.com/StartBootstrap/startbootstrap-creative/blob/master/LICENSE)
| */
|
| Path: http://vessel.htb:80/
| Line number: 206
| Comment:
| <!-- has successfully submitted-->
|
| Path: http://vessel.htb:80/
| Line number: 38
| Comment:
| <!-- Masthead-->
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 12
| Comment:
| // Toggle the side navigation
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 6057
| Comment:
| /* rtl:end:ignore */
|
| Path: http://vessel.htb:80/
| Line number: 191
| Comment:
| <!-- Phone number input-->
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 26
| Comment:
| // Shrink the navbar
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 4807
| Comment:
| /* rtl: var(--bs-breadcrumb-divider, "/") */
|
| Path: http://vessel.htb:80/
| Line number: 197
| Comment:
| <!-- Message input-->
|
| Path: http://vessel.htb:80/
| Line number: 22
| Comment:
| <!-- Navigation-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 256
| Comment:
| /* rtl:ignore */
|
| Path: http://vessel.htb:80/
| Line number: 237
| Comment:
| <!-- SimpleLightbox plugin JS-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 7
| Comment:
| /*!
| * Bootstrap v5.1.3 (https://getbootstrap.com/)
| * Copyright 2011-2021 The Bootstrap Authors
| * Copyright 2011-2021 Twitter, Inc.
| * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
| */
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 6046
| Comment:
| /* rtl:begin:ignore */
|
| Path: http://vessel.htb:80/
| Line number: 66
| Comment:
| <!-- Services-->
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 29
| Comment:
| // Shrink the navbar when page is scrolled
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 54
| Comment:
| // Activate SimpleLightbox plugin for portfolio items
|
| Path: http://vessel.htb:80/
| Line number: 16
| Comment:
| <!-- SimpleLightbox plugin CSS-->
|
| Path: http://vessel.htb:80/
| Line number: 239
| Comment:
| <!-- Core theme JS-->
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 6
| Comment:
|
| //
|
| Path: http://vessel.htb:80/
| Line number: 216
| Comment:
| <!-- an error submitting the form-->
|
| Path: http://vessel.htb:80/
| Line number: 231
| Comment:
| <!-- Footer-->
|
| Path: http://vessel.htb:80/
| Line number: 205
| Comment:
| <!-- This is what your users will see when the form-->
|
| Path: http://vessel.htb:80/
| Line number: 18
| Comment:
| <!-- Core theme CSS (includes Bootstrap)-->
|
| Path: http://vessel.htb:80/
| Line number: 235
| Comment:
| <!-- Bootstrap core JS-->
|
| Path: http://vessel.htb:80/
| Line number: 213
| Comment:
| <!-- Submit error message-->
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 16
| Comment:
| // if (localStorage.getItem('sb|sidebar-toggle') === 'true') {
|
| Path: http://vessel.htb:80/
| Line number: 203
| Comment:
|_ <!-- Submit success message-->
| http-headers:
| Date: Sun, 12 Feb 2023 17:15:27 GMT
| Server: Apache/2.4.41 (Ubuntu)
| X-Powered-By: Express
| Content-Type: text/html; charset=utf-8
| Content-Length: 15030
| ETag: W/"3ab6-fxJsnDvEyrs1BpGR1cM7Ovl8AME"
| Connection: close
|
|_ (Request type: HEAD)
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-title: Vessel
| http-php-version: Logo query returned unknown hash 9f5c9e0bd2e7384e02cb99aed63cf7ca
|_Credits query returned unknown hash 9f5c9e0bd2e7384e02cb99aed63cf7ca
| http-traceroute:
| HTML title
| Hop #1: 400 Proxy Error
| Hop #2: Vessel
| Hop #3: Vessel
| Status Code
| Hop #1: 400
| Hop #2: 200
| Hop #3: 200
| content-type
| Hop #1: text/html; charset=iso-8859-1
| Hop #2: text/html; charset=utf-8
| Hop #3: text/html; charset=utf-8
| content-length
| Hop #1: 422
| Hop #2: 15030
|_ Hop #3: 15030
| http-enum:
| /login/: Login page
| /js/: Potentially interesting folder
|_ /register/: Potentially interesting folder
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-auth-finder:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=vessel.htb
| url method
| http://vessel.htb:80/login FORM
|_ http://vessel.htb:80/register FORM
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:15:51 2023 -- 1 IP address (1 host up) scanned in 37.07 seconds
```

11
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Services/Service - tcp-80-http/Virtual Host Enumeration.md Normal file
View File

@@ -0,0 +1,11 @@
```bash
curl -sk -o /dev/null -H "Host: kDywtcGVDsujHqGJpfZX.vessel.htb" http://vessel.htb:80/ -w "%{size_download}"
``````bash
ffuf -u http://vessel.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.vessel.htb" -fs 15030 -noninteractive -s | tee "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_vessel.htb_vhosts_subdomains-top1million-110000.txt"
```
[/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_vessel.htb_vhosts_subdomains-top1million-110000.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_vessel.htb_vhosts_subdomains-top1million-110000.txt):
```
```

82
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Services/Service - tcp-80-http/whatweb.md Normal file
View File

@@ -0,0 +1,82 @@
```bash
whatweb --color=never --no-errors -a 3 -v http://vessel.htb:80 2>&1
```
[/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_whatweb.txt):
```
WhatWeb report for http://vessel.htb:80
Status : 200 OK
Title : Vessel
IP : 10.10.11.178
Country : RESERVED, ZZ
Summary : Apache[2.4.41], Bootstrap, Email[name@example.com], HTML5, HTTPServer[Ubuntu Linux][Apache/2.4.41 (Ubuntu)], Script, X-Powered-By[Express]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.41 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Website : https://getbootstrap.com/
[ Email ]
Extract email addresses. Find valid email address and
syntactically invalid email addresses from mailto: link
tags. We match syntactically invalid links containing
mailto: to catch anti-spam email addresses, eg. bob at
gmail.com. This uses the simplified email regular
expression from
http://www.regular-expressions.info/email.html for valid
email address matching.
String : name@example.com
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : Apache/2.4.41 (Ubuntu) (from server string)
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ X-Powered-By ]
X-Powered-By HTTP header
String : Express (from x-powered-by string)
HTTP Headers:
HTTP/1.1 200 OK
Date: Sun, 12 Feb 2023 17:15:29 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"3ab6-fxJsnDvEyrs1BpGR1cM7Ovl8AME-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2814
Connection: close
```

3
HTB/vessel/results/vessel.htb/report/report.md/vessel.htb/Services/Service - tcp-80-http/wkhtmltoimage.md Normal file
View File

@@ -0,0 +1,3 @@
```bash
wkhtmltoimage --format png http://vessel.htb:80/ /home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_screenshot.png
```

32
HTB/vessel/results/vessel.htb/scans/_commands.log Normal file
View File

@@ -0,0 +1,32 @@
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml" vessel.htb
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml" vessel.htb
feroxbuster -u http://vessel.htb:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt"
curl -sSikf http://vessel.htb:80/.well-known/security.txt
curl -sSikf http://vessel.htb:80/robots.txt
curl -sSik http://vessel.htb:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/xml/tcp_80_http_nmap.xml" vessel.htb
curl -sk -o /dev/null -H "Host: kDywtcGVDsujHqGJpfZX.vessel.htb" http://vessel.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://vessel.htb:80 2>&1
wkhtmltoimage --format png http://vessel.htb:80/ /home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_screenshot.png
ffuf -u http://vessel.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.vessel.htb" -fs 15030 -noninteractive -s | tee "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_vessel.htb_vhosts_subdomains-top1million-110000.txt"

70
HTB/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,70 @@
# Nmap 7.93 scan initiated Sun Feb 12 18:14:45 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml vessel.htb
adjust_timeouts2: packet supposedly had rtt of -646965 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -646965 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -637564 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -637564 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -640767 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -640767 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -647981 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -647981 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -165444 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -165444 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -581090 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -581090 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -293226 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -293226 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -554224 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -554224 microseconds. Ignoring time.
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.039s latency).
Scanned at 2023-02-12 18:14:46 CET for 58s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 38c297327b9ec565b44b4ea330a59aa5 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=
| 256 33b355f4a17ff84e48dac5296313833d (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=
| 256 a1f1881c3a397274e6301f28b680254e (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Vessel
|_http-trane-info: Problem with XML parsing of /evox/about
|_http-favicon: Unknown favicon MD5: 9A251AF46E55C650807793D0DB9C38B8
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.41 (Ubuntu)
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.3 (95%), Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 5.0 - 5.4 (93%)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=2/12%OT=22%CT=1%CU=42592%PV=Y%DS=2%DC=T%G=Y%TM=63E91EC
OS:0%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10E%TI=Z%CI=Z%II=I%TS=A)SEQ
OS:(SP=102%GCD=1%ISR=10E%TI=Z%CI=Z%TS=A)SEQ(TS=9)OPS(O1=M54EST11NW7%O2=M54E
OS:ST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)WIN(W1
OS:=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%TG=40%W=FAF0%
OS:O=M54ENNSNW7%CC=Y%Q=)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M54ENNSNW7%CC=Y%Q=)T1(R=
OS:Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q
OS:=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T4(R=Y%DF=Y
OS:%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F
OS:=AR%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T5(R=N)T6(R
OS:=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=
OS:R%O=%RD=0%Q=)T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T7(R=Y%DF=Y%
OS:T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T7(R=N)U1(R=N)U1(R=Y%DF=N%T=40%IPL=164
OS:%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%TG=40%CD=S)IE(R=Y%D
OS:FI=N%T=40%CD=S)
Uptime guess: 48.037 days (since Mon Dec 26 17:23:10 2022)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 587/tcp)
HOP RTT ADDRESS
1 35.37 ms 10.10.16.1
2 35.59 ms vessel.htb (10.10.11.178)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:15:44 2023 -- 1 IP address (1 host up) scanned in 59.61 seconds

32
HTB/vessel/results/vessel.htb/scans/_manual_commands.txt Normal file
View File

@@ -0,0 +1,32 @@
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://vessel.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h vessel.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://vessel.htb:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://vessel.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h vessel.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://vessel.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h vessel.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://vessel.htb:80 2>&1 | tee "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://vessel.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_wpscan.txt"

4
HTB/vessel/results/vessel.htb/scans/_patterns.log Normal file
View File

@@ -0,0 +1,4 @@
Matched Pattern: Powered-By: Express
Identified HTTP Server: Apache/2.4.41 (Ubuntu)

53
HTB/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt Normal file
View File

@@ -0,0 +1,53 @@
# Nmap 7.93 scan initiated Sun Feb 12 18:14:45 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml vessel.htb
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.042s latency).
Scanned at 2023-02-12 18:14:45 CET for 29s
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 38c297327b9ec565b44b4ea330a59aa5 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=
| 256 33b355f4a17ff84e48dac5296313833d (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=
| 256 a1f1881c3a397274e6301f28b680254e (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu))
|_http-trane-info: Problem with XML parsing of /evox/about
|_http-favicon: Unknown favicon MD5: 9A251AF46E55C650807793D0DB9C38B8
|_http-title: Vessel
|_http-server-header: Apache/2.4.41 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
No OS matches for host
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/12%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E91EA2%P=x86_64-pc-linux-gnu)
SEQ(SP=107%GCD=1%ISR=10E%TI=Z%TS=A)
OPS(O1=M54EST11NW7%O2=M54EST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)
WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
ECN(R=N)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T5(R=N)
T6(R=N)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 48.036 days (since Mon Dec 26 17:23:10 2022)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 8888/tcp)
HOP RTT ADDRESS
1 33.64 ms 10.10.16.1
2 34.24 ms vessel.htb (10.10.11.178)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:15:14 2023 -- 1 IP address (1 host up) scanned in 29.91 seconds

40
HTB/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt Normal file
View File

@@ -0,0 +1,40 @@
# Nmap 7.93 scan initiated Sun Feb 12 18:14:45 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml vessel.htb
Increasing send delay for 10.10.11.178 from 0 to 50 due to 11 out of 16 dropped probes since last increase.
Warning: 10.10.11.178 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.178 from 200 to 400 due to 11 out of 12 dropped probes since last increase.
Increasing send delay for 10.10.11.178 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
adjust_timeouts2: packet supposedly had rtt of -424053 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -429077 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -429077 microseconds. Ignoring time.
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.041s latency).
Scanned at 2023-02-12 18:14:46 CET for 240s
Not shown: 93 closed udp ports (port-unreach)
PORT STATE SERVICE REASON VERSION
68/udp open|filtered dhcpc no-response
135/udp open|filtered msrpc no-response
1646/udp open|filtered radacct no-response
4500/udp open|filtered nat-t-ike no-response
31337/udp open|filtered BackOrifice no-response
32815/udp open|filtered unknown no-response
49186/udp open|filtered unknown no-response
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.93%E=4%D=2/12%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E91F76%P=x86_64-pc-linux-gnu)
SEQ(CI=Z)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 996/udp)
HOP RTT ADDRESS
1 44.80 ms 10.10.16.1
2 62.53 ms vessel.htb (10.10.11.178)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:18:46 2023 -- 1 IP address (1 host up) scanned in 241.44 seconds

62
HTB/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt Normal file
View File

@@ -0,0 +1,62 @@
# Nmap 7.93 scan initiated Sun Feb 12 18:15:15 2023 as: nmap -vv --reason -Pn -T4 -sV -p 22 --script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml vessel.htb
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.073s latency).
Scanned at 2023-02-12 18:15:15 CET for 2s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
|_banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
| ssh-hostkey:
| 3072 38c297327b9ec565b44b4ea330a59aa5 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=
| 256 33b355f4a17ff84e48dac5296313833d (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=
| 256 a1f1881c3a397274e6301f28b680254e (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq
| ssh2-enum-algos:
| kex_algorithms: (9)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:15:17 2023 -- 1 IP address (1 host up) scanned in 3.03 seconds

101
HTB/vessel/results/vessel.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml Normal file
View File

@@ -0,0 +1,101 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Feb 12 18:15:15 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml vessel.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 22 -&#45;script=banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN /home/simon/htb/vessel/results/vessel.htb/scans/tcp22/tcp_22_ssh_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/tcp22/xml/tcp_22_ssh_nmap.xml vessel.htb" start="1676222115" startstr="Sun Feb 12 18:15:15 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="22"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1676222115"/>
<taskend task="NSE" time="1676222115"/>
<taskbegin task="NSE" time="1676222115"/>
<taskend task="NSE" time="1676222115"/>
<taskbegin task="SYN Stealth Scan" time="1676222115"/>
<taskend task="SYN Stealth Scan" time="1676222115" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1676222115"/>
<taskend task="Service scan" time="1676222115" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1676222115"/>
<taskend task="NSE" time="1676222117"/>
<taskbegin task="NSE" time="1676222117"/>
<taskend task="NSE" time="1676222117"/>
<host starttime="1676222115" endtime="1676222117"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.178" addrtype="ipv4"/>
<hostnames>
<hostname name="vessel.htb" type="user"/>
<hostname name="vessel.htb" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="banner" output="SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5"/><script id="ssh-hostkey" output="&#xa; 3072 38c297327b9ec565b44b4ea330a59aa5 (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=&#xa; 256 33b355f4a17ff84e48dac5296313833d (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=&#xa; 256 a1f1881c3a397274e6301f28b680254e (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq"><table>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=</elem>
<elem key="fingerprint">38c297327b9ec565b44b4ea330a59aa5</elem>
<elem key="type">ssh-rsa</elem>
<elem key="bits">3072</elem>
</table>
<table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=</elem>
<elem key="fingerprint">33b355f4a17ff84e48dac5296313833d</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq</elem>
<elem key="fingerprint">a1f1881c3a397274e6301f28b680254e</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
</table>
</script><script id="ssh2-enum-algos" output="&#xa; kex_algorithms: (9)&#xa; curve25519-sha256&#xa; curve25519-sha256@libssh.org&#xa; ecdh-sha2-nistp256&#xa; ecdh-sha2-nistp384&#xa; ecdh-sha2-nistp521&#xa; diffie-hellman-group-exchange-sha256&#xa; diffie-hellman-group16-sha512&#xa; diffie-hellman-group18-sha512&#xa; diffie-hellman-group14-sha256&#xa; server_host_key_algorithms: (5)&#xa; rsa-sha2-512&#xa; rsa-sha2-256&#xa; ssh-rsa&#xa; ecdsa-sha2-nistp256&#xa; ssh-ed25519&#xa; encryption_algorithms: (6)&#xa; chacha20-poly1305@openssh.com&#xa; aes128-ctr&#xa; aes192-ctr&#xa; aes256-ctr&#xa; aes128-gcm@openssh.com&#xa; aes256-gcm@openssh.com&#xa; mac_algorithms: (10)&#xa; umac-64-etm@openssh.com&#xa; umac-128-etm@openssh.com&#xa; hmac-sha2-256-etm@openssh.com&#xa; hmac-sha2-512-etm@openssh.com&#xa; hmac-sha1-etm@openssh.com&#xa; umac-64@openssh.com&#xa; umac-128@openssh.com&#xa; hmac-sha2-256&#xa; hmac-sha2-512&#xa; hmac-sha1&#xa; compression_algorithms: (2)&#xa; none&#xa; zlib@openssh.com"><table key="kex_algorithms">
<elem>curve25519-sha256</elem>
<elem>curve25519-sha256@libssh.org</elem>
<elem>ecdh-sha2-nistp256</elem>
<elem>ecdh-sha2-nistp384</elem>
<elem>ecdh-sha2-nistp521</elem>
<elem>diffie-hellman-group-exchange-sha256</elem>
<elem>diffie-hellman-group16-sha512</elem>
<elem>diffie-hellman-group18-sha512</elem>
<elem>diffie-hellman-group14-sha256</elem>
</table>
<table key="server_host_key_algorithms">
<elem>rsa-sha2-512</elem>
<elem>rsa-sha2-256</elem>
<elem>ssh-rsa</elem>
<elem>ecdsa-sha2-nistp256</elem>
<elem>ssh-ed25519</elem>
</table>
<table key="encryption_algorithms">
<elem>chacha20-poly1305@openssh.com</elem>
<elem>aes128-ctr</elem>
<elem>aes192-ctr</elem>
<elem>aes256-ctr</elem>
<elem>aes128-gcm@openssh.com</elem>
<elem>aes256-gcm@openssh.com</elem>
</table>
<table key="mac_algorithms">
<elem>umac-64-etm@openssh.com</elem>
<elem>umac-128-etm@openssh.com</elem>
<elem>hmac-sha2-256-etm@openssh.com</elem>
<elem>hmac-sha2-512-etm@openssh.com</elem>
<elem>hmac-sha1-etm@openssh.com</elem>
<elem>umac-64@openssh.com</elem>
<elem>umac-128@openssh.com</elem>
<elem>hmac-sha2-256</elem>
<elem>hmac-sha2-512</elem>
<elem>hmac-sha1</elem>
</table>
<table key="compression_algorithms">
<elem>none</elem>
<elem>zlib@openssh.com</elem>
</table>
</script><script id="ssh-auth-methods" output="&#xa; Supported authentication methods: &#xa; publickey&#xa; password"><table key="Supported authentication methods">
<elem>publickey</elem>
<elem>password</elem>
</table>
</script></port>
</ports>
<times srtt="73009" rttvar="73009" to="365045"/>
</host>
<taskbegin task="NSE" time="1676222117"/>
<taskend task="NSE" time="1676222117"/>
<taskbegin task="NSE" time="1676222117"/>
<taskend task="NSE" time="1676222117"/>
<runstats><finished time="1676222117" timestr="Sun Feb 12 18:15:17 2023" summary="Nmap done at Sun Feb 12 18:15:17 2023; 1 IP address (1 host up) scanned in 3.03 seconds" elapsed="3.03" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

10
HTB/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_curl-robots.txt Normal file
View File

@@ -0,0 +1,10 @@
HTTP/1.1 302 Found
Date: Sun, 12 Feb 2023 17:15:15 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: Express
Location: /404
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 26
Found. Redirecting to /404

253
HTB/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_curl.html Normal file
View File

@@ -0,0 +1,253 @@
HTTP/1.1 200 OK
Date: Sun, 12 Feb 2023 17:15:15 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 15030
ETag: W/"3ab6-fxJsnDvEyrs1BpGR1cM7Ovl8AME"
Vary: Accept-Encoding
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>Vessel</title>
<!-- Favicon-->
<link rel="icon" type="image/x-icon" href="favicon.ico" />
<!-- Bootstrap Icons-->
<link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css" rel="stylesheet" />
<!-- Google fonts-->
<link href="https://fonts.googleapis.com/css?family=Merriweather+Sans:400,700" rel="stylesheet" />
<link href="https://fonts.googleapis.com/css?family=Merriweather:400,300,300italic,400italic,700,700italic" rel="stylesheet" type="text/css" />
<!-- SimpleLightbox plugin CSS-->
<link href="https://cdnjs.cloudflare.com/ajax/libs/SimpleLightbox/2.1.0/simpleLightbox.min.css" rel="stylesheet" />
<!-- Core theme CSS (includes Bootstrap)-->
<link href="/css/styles.css" rel="stylesheet" />
</head>
<body id="page-top">
<!-- Navigation-->
<nav class="navbar navbar-expand-lg navbar-light fixed-top py-3" id="mainNav">
<div class="container px-4 px-lg-5">
<a class="navbar-brand" href="#page-top">Vessel</a>
<button class="navbar-toggler navbar-toggler-right" type="button" data-bs-toggle="collapse" data-bs-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation"><span class="navbar-toggler-icon"></span></button>
<div class="collapse navbar-collapse" id="navbarResponsive">
<ul class="navbar-nav ms-auto my-2 my-lg-0">
<li class="nav-item"><a class="nav-link" href="#about">About</a></li>
<li class="nav-item"><a class="nav-link" href="#services">Services</a></li>
<li class="nav-item"><a class="nav-link" href="#portfolio">Portfolio</a></li>
<li class="nav-item"><a class="nav-link" href="#contact">Contact</a></li>
<li class="nav-item"><a class="nav-link" href="/login">Login</a></li>
</ul>
</div>
</div>
</nav>
<!-- Masthead-->
<header class="masthead">
<div class="container px-4 px-lg-5 h-100">
<div class="row gx-4 gx-lg-5 h-100 align-items-center justify-content-center text-center">
<div class="col-lg-8 align-self-end">
<h1 class="text-white font-weight-bold">Vessel</h1>
<hr class="divider" />
</div>
<div class="col-lg-8 align-self-baseline">
<p class="text-white-75 mb-5">We at Vessel making and selling projects for big and small companies! </p>
<a class="btn btn-primary btn-xl" href="#about">Find Out More</a>
</div>
</div>
</div>
</header>
<!-- About-->
<section class="page-section bg-primary" id="about">
<div class="container px-4 px-lg-5">
<div class="row gx-4 gx-lg-5 justify-content-center">
<div class="col-lg-8 text-center">
<h2 class="text-white mt-0">We've got what you need!</h2>
<hr class="divider divider-light" />
<p class="text-white-75 mb-4">We do many different projects on different subjects. We make robots, sites and a lot more!</p>
<a class="btn btn-light btn-xl" href="#services">Get Started!</a>
</div>
</div>
</div>
</section>
<!-- Services-->
<section class="page-section" id="services">
<div class="container px-4 px-lg-5">
<h2 class="text-center mt-0">At Your Service</h2>
<hr class="divider" />
<div class="row gx-4 gx-lg-5">
<div class="col-lg-3 col-md-6 text-center">
<div class="mt-5">
<div class="mb-2"><i class="bi-gem fs-1 text-primary"></i></div>
<h3 class="h4 mb-2">Quality</h3>
<p class="text-muted mb-0">We have a big specialized team. Our products is also from the best quality!</p>
</div>
</div>
<div class="col-lg-3 col-md-6 text-center">
<div class="mt-5">
<div class="mb-2"><i class="bi-laptop fs-1 text-primary"></i></div>
<h3 class="h4 mb-2">Up to Date</h3>
<p class="text-muted mb-0">We work with the newest software and hardware!</p>
</div>
</div>
<div class="col-lg-3 col-md-6 text-center">
<div class="mt-5">
<div class="mb-2"><i class="bi-globe fs-1 text-primary"></i></div>
<h3 class="h4 mb-2">Worldwide</h3>
<p class="text-muted mb-0">We have clients from all over the world.</p>
</div>
</div>
<div class="col-lg-3 col-md-6 text-center">
<div class="mt-5">
<div class="mb-2"><i class="bi-heart fs-1 text-primary"></i></div>
<h3 class="h4 mb-2">Made with Love</h3>
<p class="text-muted mb-0">We make our projects with love.</p>
</div>
</div>
</div>
</div>
</section>
<!-- Portfolio-->
<div id="portfolio">
<div class="container-fluid p-0">
<div class="row g-0">
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/1.jpg" title="Robots">
<img class="img-fluid" src="img/portfolio/thumbnails/1.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Robots</div>
<div class="project-name">We make different kind of robots, small and big ones.</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/2.jpg" title="Software">
<img class="img-fluid" src="img/portfolio/thumbnails/2.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Software</div>
<div class="project-name">We use the newest software.</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/3.jpg" title="Hardware">
<img class="img-fluid" src="img/portfolio/thumbnails/3.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Hardware</div>
<div class="project-name">We also use the newest hardware.</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/4.jpg" title="Mechanical work">
<img class="img-fluid" src="img/portfolio/thumbnails/4.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Mechanical work</div>
<div class="project-name">We have our own mechanics for installing our products.</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/5.jpg" title="Service">
<img class="img-fluid" src="img/portfolio/thumbnails/5.jpg" alt="..." />
<div class="portfolio-box-caption">
<div class="project-category text-white-50">Service</div>
<div class="project-name">We have our own customer service, 24/7 available!</div>
</div>
</a>
</div>
<div class="col-lg-4 col-sm-6">
<a class="portfolio-box" href="img/portfolio/thumbnails/6.jpg" title="something">
<img class="img-fluid" src="img/portfolio/thumbnails/6.jpg" alt="..." />
<div class="portfolio-box-caption p-3">
<div class="project-category text-white-50"></div>
<div class="project-name"></div>
</div>
</a>
</div>
</div>
</div>
</div>
</section>
<!-- Contact-->
<section class="page-section" id="contact">
<div class="container px-4 px-lg-5">
<div class="row gx-4 gx-lg-5 justify-content-center">
<div class="col-lg-8 col-xl-6 text-center">
<h2 class="mt-0">Let's Get In Touch!</h2>
<hr class="divider" />
<p class="text-muted mb-5">Ready to start your next project with us? Send us a messages and we will get back to you as soon as possible!</p>
</div>
</div>
<div class="row gx-4 gx-lg-5 justify-content-center mb-5">
<div class="col-lg-6">
<form id="contactForm" data-sb-form-api-token="API_TOKEN">
<!-- Name input-->
<div class="form-floating mb-3">
<input class="form-control" id="name" type="text" placeholder="Enter your name..." data-sb-validations="required" />
<label for="name">Full name</label>
<div class="invalid-feedback" data-sb-feedback="name:required">A name is required.</div>
</div>
<!-- Email address input-->
<div class="form-floating mb-3">
<input class="form-control" id="email" type="email" placeholder="name@example.com" data-sb-validations="required,email" />
<label for="email">Email address</label>
<div class="invalid-feedback" data-sb-feedback="email:required">An email is required.</div>
<div class="invalid-feedback" data-sb-feedback="email:email">Email is not valid.</div>
</div>
<!-- Phone number input-->
<div class="form-floating mb-3">
<input class="form-control" id="phone" type="tel" placeholder="(123) 456-7890" data-sb-validations="required" />
<label for="phone">Phone number</label>
<div class="invalid-feedback" data-sb-feedback="phone:required">A phone number is required.</div>
</div>
<!-- Message input-->
<div class="form-floating mb-3">
<textarea class="form-control" id="message" type="text" placeholder="Enter your message here..." style="height: 10rem" data-sb-validations="required"></textarea>
<label for="message">Message</label>
<div class="invalid-feedback" data-sb-feedback="message:required">A message is required.</div>
</div>
<!-- Submit success message-->
<!---->
<!-- This is what your users will see when the form-->
<!-- has successfully submitted-->
<div class="d-none" id="submitSuccessMessage">
<div class="text-center mb-3">
<div class="fw-bolder">Form submission successful!</div>
<br />
</div>
</div>
<!-- Submit error message-->
<!---->
<!-- This is what your users will see when there is-->
<!-- an error submitting the form-->
<div class="d-none" id="submitErrorMessage"><div class="text-center text-danger mb-3">Error sending message!</div></div>
<!-- Submit Button-->
<div class="d-grid"><button class="btn btn-primary btn-xl disabled" id="submitButton" type="submit">Submit</button></div>
</form>
</div>
</div>
<div class="row gx-4 gx-lg-5 justify-content-center">
<div class="col-lg-4 text-center mb-5 mb-lg-0">
<i class="bi-phone fs-2 mb-3 text-muted"></i>
<div>+1 (555) 123-4567</div>
</div>
</div>
</div>
</section>
<!-- Footer-->
<footer class="bg-light py-5">
<div class="container px-4 px-lg-5"><div class="small text-center text-muted">Copyright &copy; 2022 - Vessel.htb</div></div>
</footer>
<!-- Bootstrap core JS-->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<!-- SimpleLightbox plugin JS-->
<script src="https://cdnjs.cloudflare.com/ajax/libs/SimpleLightbox/2.1.0/simpleLightbox.min.js"></script>
<!-- Core theme JS-->
<script src="/js/scripts.js"></script>
<script src="https://cdn.startbootstrap.com/sb-forms-latest.js"></script>
</body>
</html>

97
HTB/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt Normal file
View File

@@ -0,0 +1,97 @@
WLD GET 1l 4w 26c Got 302 for http://vessel.htb/3dcb5642413842869d527ae1075c4f95 (url length: 32)
WLD - - - http://vessel.htb/3dcb5642413842869d527ae1075c4f95 => http://vessel.htb/404
WLD GET 1l 4w 26c Got 302 for http://vessel.htb/5b8de1358fc7463d9a1850338eee4b9be98b54c30b664243a7a24e4211cbe7f30463b1e3702349b39c6ff83af3cd3324 (url length: 96)
WLD - - - http://vessel.htb/5b8de1358fc7463d9a1850338eee4b9be98b54c30b664243a7a24e4211cbe7f30463b1e3702349b39c6ff83af3cd3324 => http://vessel.htb/404
200 GET 587l 4806w 250242c http://vessel.htb/img/portfolio/thumbnails/3.jpg
200 GET 919l 5377w 240234c http://vessel.htb/img/portfolio/thumbnails/2.jpg
200 GET 948l 5414w 244212c http://vessel.htb/img/portfolio/thumbnails/5.jpg
200 GET 59l 147w 1781c http://vessel.htb/js/scripts.js
200 GET 70l 182w 4213c http://vessel.htb/login
200 GET 1494l 8228w 362958c http://vessel.htb/img/portfolio/thumbnails/6.jpg
200 GET 11458l 22050w 213528c http://vessel.htb/css/styles.css
200 GET 1277l 6344w 274424c http://vessel.htb/img/portfolio/thumbnails/4.jpg
200 GET 3452l 18206w 846003c http://vessel.htb/img/portfolio/thumbnails/1.jpg
200 GET 243l 871w 15030c http://vessel.htb/
200 GET 1l 176w 6119c http://vessel.htb/img/error-404-monochrome.svg
200 GET 51l 125w 2393c http://vessel.htb/404
200 GET 51l 117w 2335c http://vessel.htb/500
200 GET 11766l 22753w 223365c http://vessel.htb/css/style.css
200 GET 26l 70w 976c http://vessel.htb/js/script.js
200 GET 52l 120w 2400c http://vessel.htb/401
302 GET 1l 4w 28c http://vessel.htb/ADMIN => http://vessel.htb/login
302 GET 1l 4w 28c http://vessel.htb/Admin => http://vessel.htb/login
200 GET 89l 234w 5830c http://vessel.htb/register
200 GET 63l 177w 3637c http://vessel.htb/reset
200 GET 70l 182w 4213c http://vessel.htb/Login
302 GET 1l 4w 28c http://vessel.htb/admin => http://vessel.htb/login
301 GET 10l 16w 173c http://vessel.htb/css => http://vessel.htb/css/
301 GET 10l 16w 173c http://vessel.htb/dev => http://vessel.htb/dev/
301 GET 10l 16w 173c http://vessel.htb/img => http://vessel.htb/img/
301 GET 10l 16w 171c http://vessel.htb/js => http://vessel.htb/js/
302 GET 1l 4w 28c http://vessel.htb/logout => http://vessel.htb/login
403 GET 9l 28w 275c http://vessel.htb/server-status
200 GET 89l 234w 5830c http://vessel.htb/Register
302 GET 1l 4w 28c http://vessel.htb/Logout => http://vessel.htb/login
302 GET 1l 4w 28c http://vessel.htb/LogOut => http://vessel.htb/login
200 GET 70l 182w 4213c http://vessel.htb/LogIn
200 GET 70l 182w 4213c http://vessel.htb/LOGIN
200 GET 63l 177w 3637c http://vessel.htb/Reset
302 GET 1l 4w 28c http://vessel.htb/logOut => http://vessel.htb/login
302 GET 1l 4w 28c http://vessel.htb/AdMin => http://vessel.htb/login
302 GET 1l 4w 28c http://vessel.htb/admiN => http://vessel.htb/login
200 GET 70l 182w 4213c http://vessel.htb/logIn
WLD GET 1l 4w 26c Got 302 for http://vessel.htb/af1b5bfa8f33472bb571a201efef834c (url length: 32)
WLD - - - http://vessel.htb/af1b5bfa8f33472bb571a201efef834c => http://vessel.htb/404
WLD GET 1l 4w 26c Got 302 for http://vessel.htb/e12490f639ae465e96feecf421ac5e64431666860e794c2195a6eb171c16f49652be7acb29b0430ebde73b090d1497fc (url length: 96)
WLD - - - http://vessel.htb/e12490f639ae465e96feecf421ac5e64431666860e794c2195a6eb171c16f49652be7acb29b0430ebde73b090d1497fc => http://vessel.htb/404
200 GET 70l 182w 4213c http://vessel.htb/login
200 GET 1277l 6344w 274424c http://vessel.htb/img/portfolio/thumbnails/4.jpg
301 GET 10l 16w 173c http://vessel.htb/img => http://vessel.htb/img/
200 GET 919l 5377w 240234c http://vessel.htb/img/portfolio/thumbnails/2.jpg
200 GET 26l 70w 976c http://vessel.htb/js/script.js
200 GET 89l 234w 5830c http://vessel.htb/register
200 GET 587l 4806w 250242c http://vessel.htb/img/portfolio/thumbnails/3.jpg
200 GET 63l 177w 3637c http://vessel.htb/reset
200 GET 59l 147w 1781c http://vessel.htb/js/scripts.js
200 GET 11766l 22753w 223365c http://vessel.htb/css/style.css
200 GET 3452l 18206w 846003c http://vessel.htb/img/portfolio/thumbnails/1.jpg
200 GET 1494l 8228w 362958c http://vessel.htb/img/portfolio/thumbnails/6.jpg
200 GET 11458l 22050w 213528c http://vessel.htb/css/styles.css
200 GET 948l 5414w 244212c http://vessel.htb/img/portfolio/thumbnails/5.jpg
200 GET 243l 871w 15030c http://vessel.htb/
302 GET 1l 4w 28c http://vessel.htb/admin => http://vessel.htb/login
301 GET 10l 16w 173c http://vessel.htb/css => http://vessel.htb/css/
200 GET 70l 182w 4213c http://vessel.htb/Login
301 GET 10l 16w 173c http://vessel.htb/dev => http://vessel.htb/dev/
301 GET 10l 16w 171c http://vessel.htb/js => http://vessel.htb/js/
302 GET 1l 4w 28c http://vessel.htb/logout => http://vessel.htb/login
200 GET 1l 176w 6119c http://vessel.htb/img/error-404-monochrome.svg
200 GET 51l 125w 2393c http://vessel.htb/404
200 GET 52l 120w 2400c http://vessel.htb/401
200 GET 89l 234w 5830c http://vessel.htb/Register
200 GET 51l 117w 2335c http://vessel.htb/500
302 GET 1l 4w 28c http://vessel.htb/Admin => http://vessel.htb/login
302 GET 1l 4w 28c http://vessel.htb/Logout => http://vessel.htb/login
WLD GET 1l 4w 26c Got 302 for http://vessel.htb/dev/f5c432c4141b49a69131b273e5f4a3f1 (url length: 32)
WLD - - - http://vessel.htb/dev/f5c432c4141b49a69131b273e5f4a3f1 => http://vessel.htb/404
WLD GET 1l 4w 26c Got 302 for http://vessel.htb/dev/6a3da44d15a94bd18bed521637f88473b78a1034aa284592a2772d5adc1275394b76ed61fc7b443a9cb577e3251694d8 (url length: 96)
WLD - - - http://vessel.htb/dev/6a3da44d15a94bd18bed521637f88473b78a1034aa284592a2772d5adc1275394b76ed61fc7b443a9cb577e3251694d8 => http://vessel.htb/404
302 GET 0l 0w 0c http://openwebanalytics.vessel.htb/ => http://openwebanalytics.vessel.htb/index.php?owa_do=base.loginForm&owa_go=http%3A%2F%2Fopenwebanalytics.vessel.htb%2F&
403 GET 9l 28w 292c http://openwebanalytics.vessel.htb/.html
403 GET 9l 28w 292c http://openwebanalytics.vessel.htb/.php
302 GET 0l 0w 0c http://openwebanalytics.vessel.htb/index.php => http://openwebanalytics.vessel.htb/index.php?owa_do=base.loginForm&owa_go=http%3A%2F%2Fopenwebanalytics.vessel.htb%2Findex.php&
301 GET 9l 28w 344c http://openwebanalytics.vessel.htb/modules => http://openwebanalytics.vessel.htb/modules/
200 GET 0l 0w 0c http://openwebanalytics.vessel.htb/blank.php
301 GET 9l 28w 344c http://openwebanalytics.vessel.htb/plugins => http://openwebanalytics.vessel.htb/plugins/
301 GET 9l 28w 345c http://openwebanalytics.vessel.htb/includes => http://openwebanalytics.vessel.htb/includes/
200 GET 1l 1w 42c http://openwebanalytics.vessel.htb/log.php
200 GET 0l 0w 0c http://openwebanalytics.vessel.htb/api/index.php
302 GET 79l 190w 2927c http://openwebanalytics.vessel.htb/install.php => http://openwebanalytics.vessel.htb/
200 GET 2220l 7885w 76203c http://openwebanalytics.vessel.htb/modules/base/js/owa.js
200 GET 287l 740w 8410c http://openwebanalytics.vessel.htb/modules/base/css/owa.css
200 GET 35l 186w 9849c http://openwebanalytics.vessel.htb/modules/base/i/owa_logo_150w.jpg
301 GET 9l 28w 340c http://openwebanalytics.vessel.htb/api => http://openwebanalytics.vessel.htb/api/
301 GET 9l 28w 341c http://openwebanalytics.vessel.htb/conf => http://openwebanalytics.vessel.htb/conf/
301 GET 9l 28w 343c http://openwebanalytics.vessel.htb/vendor => http://openwebanalytics.vessel.htb/vendor/
200 GET 0l 0w 0c http://openwebanalytics.vessel.htb/owa.php
200 GET 0l 0w 0c http://openwebanalytics.vessel.htb/queue.php

10
HTB/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_known-security.txt Normal file
View File

@@ -0,0 +1,10 @@
HTTP/1.1 302 Found
Date: Sun, 12 Feb 2023 17:15:15 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: Express
Location: /404
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 26
Found. Redirecting to /404

453
HTB/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nmap.txt Normal file
View File

@@ -0,0 +1,453 @@
# Nmap 7.93 scan initiated Sun Feb 12 18:15:15 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/htb/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/tcp80/xml/tcp_80_http_nmap.xml vessel.htb
Nmap scan report for vessel.htb (10.10.11.178)
Host is up, received user-set (0.14s latency).
Scanned at 2023-02-12 18:15:17 CET for 34s
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu))
| http-sitemap-generator:
| Directory structure:
| /
| Other: 5
| /css/
| css: 2
| /img/portfolio/thumbnails/
| jpg: 6
| /js/
| js: 2
| Longest directory structure:
| Depth: 3
| Dir: /img/portfolio/thumbnails/
| Total files found (by extension):
|_ Other: 5; css: 2; jpg: 6; js: 2
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-errors: Couldn't find any error pages.
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-favicon: Unknown favicon MD5: 9A251AF46E55C650807793D0DB9C38B8
|_http-chrono: Request times for /; avg: 449.98ms; min: 194.04ms; max: 605.84ms
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
| http-grep:
| (1) http://vessel.htb:80/:
| (1) email:
| + name@example.com
| (1) http://vessel.htb:80/register:
| (1) email:
|_ + name@vessel.htb
|_http-date: Sun, 12 Feb 2023 17:15:29 GMT; -1s from local time.
|_http-trane-info: Problem with XML parsing of /evox/about
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-devframework: Express detected. Found Express in X-Powered-By Header
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-mobileversion-checker: No mobile version detected.
| http-vuln-cve2010-0738:
|_ /jmx-console/: Authentication was not required
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-referer-checker:
| Spidering limited to: maxpagecount=30
| https://cdn.jsdelivr.net:443/npm/bootstrap15.1.3/dist/js/bootstrap.bundle.min.js
| https://cdnjs.cloudflare.com:443/ajax/libs/font-awesome/5.15.3/js/all.min.js
| https://cdnjs.cloudflare.com:443/ajax/libs/SimpleLightbox/2.1.0/simpleLightbox.min.js
|_ https://cdn.startbootstrap.com:443/sb-forms-0.4.1.js
| http-fileupload-exploiter:
|
|_ Couldn't find a file-type field.
| http-vhosts:
|_128 names had status 200
|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
|_http-feed: Couldn't find any feeds.
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=vessel.htb
| Found the following possible CSRF vulnerabilities:
|
| Path: http://vessel.htb:80/login
| Form id: username
| Form action: /api/login
|
| Path: http://vessel.htb:80/register
| Form id: inputfirstname
| Form action: /api/register
|
| Path: http://vessel.htb:80/reset
| Form id: inputemail
|_ Form action: /api/reset
| http-comments-displayer:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=vessel.htb
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 41
| Comment:
| // Collapse responsive navbar when toggler is visible
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 18
| Comment:
| // }
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 1
| Comment:
| /*!
| * Start Bootstrap - SB Admin v7.0.4 (https://startbootstrap.com/template/sb-admin)
| * Copyright 2013-2021 Start Bootstrap
| * Licensed under MIT (https://github.com/StartBootstrap/startbootstrap-sb-admin/blob/master/LICENSE)
| */
|
| Path: http://vessel.htb:80/
| Line number: 204
| Comment:
| <!---->
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 12
| Comment:
| // Navbar shrink function
|
| Path: http://vessel.htb:80/
| Line number: 11
| Comment:
| <!-- Bootstrap Icons-->
|
| Path: http://vessel.htb:80/
| Line number: 53
| Comment:
| <!-- About-->
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 6
| Comment:
| //
|
| Path: http://vessel.htb:80/
| Line number: 13
| Comment:
| <!-- Google fonts-->
|
| Path: http://vessel.htb:80/
| Line number: 215
| Comment:
| <!-- This is what your users will see when there is-->
|
| Path: http://vessel.htb:80/
| Line number: 165
| Comment:
| <!-- Contact-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 440
| Comment:
| /* rtl:raw:
| [type="tel"],
| [type="url"],
| [type="email"],
| [type="number"] {
| direction: ltr;
| }
| */
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 8
| Comment:
|
| //
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 11616
| Comment:
| /* TABLE */
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 32
| Comment:
| // Activate Bootstrap scrollspy on the main nav element
|
| Path: http://vessel.htb:80/
| Line number: 178
| Comment:
| <!-- Name input-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 7732
| Comment:
| /* rtl:end:remove */
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 2
| Comment:
| /*!
| * Start Bootstrap - SB Admin v7.0.4 (https://startbootstrap.com/template/sb-admin)
| * Copyright 2013-2021 Start Bootstrap
| * Licensed under MIT (https://github.com/StartBootstrap/startbootstrap-sb-admin/blob/master/LICENSE)
| */
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 17
| Comment:
| // document.body.classList.toggle('sb-sidenav-toggled');
|
| Path: http://vessel.htb:80/
| Line number: 184
| Comment:
| <!-- Email address input-->
|
| Path: http://vessel.htb:80/
| Line number: 103
| Comment:
| <!-- Portfolio-->
|
| Path: http://vessel.htb:80/
| Line number: 218
| Comment:
| <!-- Submit Button-->
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 15
| Comment:
| // Uncomment Below to persist sidebar toggle between refreshes
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 7726
| Comment:
| /* rtl:begin:remove */
|
| Path: http://vessel.htb:80/
| Line number: 9
| Comment:
| <!-- Favicon-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 6133
| Comment:
| /* rtl:options: {
| "autoRename": true,
| "stringMap":[ {
| "name" : "prev-next",
| "search" : "prev",
| "replace" : "next"
| } ]
| } */
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 11587
| Comment:
| /* PAGER */
|
| Path: http://vessel.htb:80/css/styles.css
| Line number: 2
| Comment:
| /*!
| * Start Bootstrap - Creative v7.0.5 (https://startbootstrap.com/theme/creative)
| * Copyright 2013-2021 Start Bootstrap
| * Licensed under MIT (https://github.com/StartBootstrap/startbootstrap-creative/blob/master/LICENSE)
| */
|
| Path: http://vessel.htb:80/
| Line number: 206
| Comment:
| <!-- has successfully submitted-->
|
| Path: http://vessel.htb:80/
| Line number: 38
| Comment:
| <!-- Masthead-->
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 12
| Comment:
| // Toggle the side navigation
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 6057
| Comment:
| /* rtl:end:ignore */
|
| Path: http://vessel.htb:80/
| Line number: 191
| Comment:
| <!-- Phone number input-->
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 26
| Comment:
| // Shrink the navbar
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 4807
| Comment:
| /* rtl: var(--bs-breadcrumb-divider, "/") */
|
| Path: http://vessel.htb:80/
| Line number: 197
| Comment:
| <!-- Message input-->
|
| Path: http://vessel.htb:80/
| Line number: 22
| Comment:
| <!-- Navigation-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 256
| Comment:
| /* rtl:ignore */
|
| Path: http://vessel.htb:80/
| Line number: 237
| Comment:
| <!-- SimpleLightbox plugin JS-->
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 7
| Comment:
| /*!
| * Bootstrap v5.1.3 (https://getbootstrap.com/)
| * Copyright 2011-2021 The Bootstrap Authors
| * Copyright 2011-2021 Twitter, Inc.
| * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
| */
|
| Path: http://vessel.htb:80/css/style.css
| Line number: 6046
| Comment:
| /* rtl:begin:ignore */
|
| Path: http://vessel.htb:80/
| Line number: 66
| Comment:
| <!-- Services-->
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 29
| Comment:
| // Shrink the navbar when page is scrolled
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 54
| Comment:
| // Activate SimpleLightbox plugin for portfolio items
|
| Path: http://vessel.htb:80/
| Line number: 16
| Comment:
| <!-- SimpleLightbox plugin CSS-->
|
| Path: http://vessel.htb:80/
| Line number: 239
| Comment:
| <!-- Core theme JS-->
|
| Path: http://vessel.htb:80/js/scripts.js
| Line number: 6
| Comment:
|
| //
|
| Path: http://vessel.htb:80/
| Line number: 216
| Comment:
| <!-- an error submitting the form-->
|
| Path: http://vessel.htb:80/
| Line number: 231
| Comment:
| <!-- Footer-->
|
| Path: http://vessel.htb:80/
| Line number: 205
| Comment:
| <!-- This is what your users will see when the form-->
|
| Path: http://vessel.htb:80/
| Line number: 18
| Comment:
| <!-- Core theme CSS (includes Bootstrap)-->
|
| Path: http://vessel.htb:80/
| Line number: 235
| Comment:
| <!-- Bootstrap core JS-->
|
| Path: http://vessel.htb:80/
| Line number: 213
| Comment:
| <!-- Submit error message-->
|
| Path: http://vessel.htb:80/js/script.js
| Line number: 16
| Comment:
| // if (localStorage.getItem('sb|sidebar-toggle') === 'true') {
|
| Path: http://vessel.htb:80/
| Line number: 203
| Comment:
|_ <!-- Submit success message-->
| http-headers:
| Date: Sun, 12 Feb 2023 17:15:27 GMT
| Server: Apache/2.4.41 (Ubuntu)
| X-Powered-By: Express
| Content-Type: text/html; charset=utf-8
| Content-Length: 15030
| ETag: W/"3ab6-fxJsnDvEyrs1BpGR1cM7Ovl8AME"
| Connection: close
|
|_ (Request type: HEAD)
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-title: Vessel
| http-php-version: Logo query returned unknown hash 9f5c9e0bd2e7384e02cb99aed63cf7ca
|_Credits query returned unknown hash 9f5c9e0bd2e7384e02cb99aed63cf7ca
| http-traceroute:
| HTML title
| Hop #1: 400 Proxy Error
| Hop #2: Vessel
| Hop #3: Vessel
| Status Code
| Hop #1: 400
| Hop #2: 200
| Hop #3: 200
| content-type
| Hop #1: text/html; charset=iso-8859-1
| Hop #2: text/html; charset=utf-8
| Hop #3: text/html; charset=utf-8
| content-length
| Hop #1: 422
| Hop #2: 15030
|_ Hop #3: 15030
| http-enum:
| /login/: Login page
| /js/: Potentially interesting folder
|_ /register/: Potentially interesting folder
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-auth-finder:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=vessel.htb
| url method
| http://vessel.htb:80/login FORM
|_ http://vessel.htb:80/register FORM
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 12 18:15:51 2023 -- 1 IP address (1 host up) scanned in 37.07 seconds

BIN
HTB/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 MiB

0
HTB/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_vessel.htb_vhosts_subdomains-top1million-110000.txt Normal file
View File

73
HTB/vessel/results/vessel.htb/scans/tcp80/tcp_80_http_whatweb.txt Normal file
View File

@@ -0,0 +1,73 @@
WhatWeb report for http://vessel.htb:80
Status : 200 OK
Title : Vessel
IP : 10.10.11.178
Country : RESERVED, ZZ
Summary : Apache[2.4.41], Bootstrap, Email[name@example.com], HTML5, HTTPServer[Ubuntu Linux][Apache/2.4.41 (Ubuntu)], Script, X-Powered-By[Express]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.41 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Website : https://getbootstrap.com/
[ Email ]
Extract email addresses. Find valid email address and
syntactically invalid email addresses from mailto: link
tags. We match syntactically invalid links containing
mailto: to catch anti-spam email addresses, eg. bob at
gmail.com. This uses the simplified email regular
expression from
http://www.regular-expressions.info/email.html for valid
email address matching.
String : name@example.com
[ HTML5 ]
HTML version 5, detected by the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin also attempts to
identify the operating system from the server header.
OS : Ubuntu Linux
String : Apache/2.4.41 (Ubuntu) (from server string)
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ X-Powered-By ]
X-Powered-By HTTP header
String : Express (from x-powered-by string)
HTTP Headers:
HTTP/1.1 200 OK
Date: Sun, 12 Feb 2023 17:15:29 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"3ab6-fxJsnDvEyrs1BpGR1cM7Ovl8AME-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2814
Connection: close

87
HTB/vessel/results/vessel.htb/scans/tcp80/xml/tcp_80_http_nmap.xml Normal file
View File

File diff suppressed because one or more lines are too long

124
HTB/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,124 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Feb 12 18:14:45 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml vessel.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/vessel/results/vessel.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_full_tcp_nmap.xml vessel.htb" start="1676222085" startstr="Sun Feb 12 18:14:45 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="65535" services="1-65535"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1676222085"/>
<taskend task="NSE" time="1676222085"/>
<taskbegin task="NSE" time="1676222085"/>
<taskend task="NSE" time="1676222085"/>
<taskbegin task="NSE" time="1676222085"/>
<taskend task="NSE" time="1676222085"/>
<taskbegin task="SYN Stealth Scan" time="1676222086"/>
<taskend task="SYN Stealth Scan" time="1676222109" extrainfo="65535 total ports"/>
<taskbegin task="Service scan" time="1676222109"/>
<taskend task="Service scan" time="1676222115" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1676222131"/>
<taskend task="Traceroute" time="1676222131"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1676222131"/>
<taskend task="Parallel DNS resolution of 1 host." time="1676222142"/>
<taskbegin task="NSE" time="1676222142"/>
<taskend task="NSE" time="1676222144"/>
<taskbegin task="NSE" time="1676222144"/>
<taskend task="NSE" time="1676222144"/>
<taskbegin task="NSE" time="1676222144"/>
<taskend task="NSE" time="1676222144"/>
<host starttime="1676222086" endtime="1676222144"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.178" addrtype="ipv4"/>
<hostnames>
<hostname name="vessel.htb" type="user"/>
<hostname name="vessel.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="65533">
<extrareasons reason="reset" count="65533" proto="tcp" ports="1-21,23-79,81-65535"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 38c297327b9ec565b44b4ea330a59aa5 (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=&#xa; 256 33b355f4a17ff84e48dac5296313833d (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=&#xa; 256 a1f1881c3a397274e6301f28b680254e (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq"><table>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=</elem>
<elem key="fingerprint">38c297327b9ec565b44b4ea330a59aa5</elem>
<elem key="type">ssh-rsa</elem>
<elem key="bits">3072</elem>
</table>
<table>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=</elem>
<elem key="fingerprint">33b355f4a17ff84e48dac5296313833d</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
<elem key="bits">256</elem>
</table>
<table>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq</elem>
<elem key="fingerprint">a1f1881c3a397274e6301f28b680254e</elem>
<elem key="type">ssh-ed25519</elem>
<elem key="bits">256</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="Apache httpd" version="2.4.41" extrainfo="(Ubuntu)" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.41</cpe></service><script id="http-title" output="Vessel"><elem key="title">Vessel</elem>
</script><script id="http-trane-info" output="Problem with XML parsing of /evox/about"/><script id="http-favicon" output="Unknown favicon MD5: 9A251AF46E55C650807793D0DB9C38B8"/><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script><script id="http-server-header" output="Apache/2.4.41 (Ubuntu)"><elem>Apache/2.4.41 (Ubuntu)</elem>
</script></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<portused state="closed" proto="udp" portid="42592"/>
<osmatch name="Linux 4.15 - 5.6" accuracy="95" line="67238">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="4.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:4</cpe></osclass>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.3 - 5.4" accuracy="95" line="68140">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 2.6.32" accuracy="95" line="55653">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:2.6.32</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.3" accuracy="95" line="68082">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="95"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.1" accuracy="94" line="62917">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:3.1</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.2" accuracy="94" line="64664">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:3.2</cpe></osclass>
</osmatch>
<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6.17)" accuracy="94" line="61815">
<osclass type="webcam" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="94"><cpe>cpe:/o:linux:linux_kernel:2.6.17</cpe></osclass>
<osclass type="webcam" vendor="AXIS" osfamily="embedded" accuracy="94"><cpe>cpe:/h:axis:210a_network_camera</cpe><cpe>cpe:/h:axis:211_network_camera</cpe></osclass>
</osmatch>
<osmatch name="ASUS RT-N56U WAP (Linux 3.4)" accuracy="93" line="8398">
<osclass type="WAP" vendor="Asus" osfamily="embedded" accuracy="93"><cpe>cpe:/h:asus:rt-n56u</cpe></osclass>
<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.4</cpe></osclass>
</osmatch>
<osmatch name="Linux 3.16" accuracy="93" line="64171">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:3.16</cpe></osclass>
</osmatch>
<osmatch name="Linux 5.0 - 5.4" accuracy="93" line="68103">
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="5.X" accuracy="93"><cpe>cpe:/o:linux:linux_kernel:5</cpe></osclass>
</osmatch>
<osfingerprint fingerprint="OS:SCAN(V=7.93%E=4%D=2/12%OT=22%CT=1%CU=42592%PV=Y%DS=2%DC=T%G=Y%TM=63E91EC&#xa;OS:0%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10E%TI=Z%CI=Z%II=I%TS=A)SEQ&#xa;OS:(SP=102%GCD=1%ISR=10E%TI=Z%CI=Z%TS=A)SEQ(TS=9)OPS(O1=M54EST11NW7%O2=M54E&#xa;OS:ST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)WIN(W1&#xa;OS:=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%TG=40%W=FAF0%&#xa;OS:O=M54ENNSNW7%CC=Y%Q=)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M54ENNSNW7%CC=Y%Q=)T1(R=&#xa;OS:Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q&#xa;OS:=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T4(R=Y%DF=Y&#xa;OS:%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F&#xa;OS:=AR%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T5(R=N)T6(R&#xa;OS:=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=&#xa;OS:R%O=%RD=0%Q=)T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T7(R=Y%DF=Y%&#xa;OS:T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T7(R=N)U1(R=N)U1(R=Y%DF=N%T=40%IPL=164&#xa;OS:%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%TG=40%CD=S)IE(R=Y%D&#xa;OS:FI=N%T=40%CD=S)&#xa;"/>
</os>
<uptime seconds="4150354" lastboot="Mon Dec 26 17:23:10 2022"/>
<distance value="2"/>
<tcpsequence index="258" difficulty="Good luck!" values="F3370323,1D3C9EF3,DCFF8BD7,771A09E3,B96A186,7D906E16"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="F761289C,F761290A,F7612970,F76129E1,F7612A28,F7612A93"/>
<trace port="587" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="35.37"/>
<hop ttl="2" ipaddr="10.10.11.178" rtt="35.59" host="vessel.htb"/>
</trace>
<times srtt="39382" rttvar="8179" to="100000"/>
</host>
<taskbegin task="NSE" time="1676222144"/>
<taskend task="NSE" time="1676222144"/>
<taskbegin task="NSE" time="1676222144"/>
<taskend task="NSE" time="1676222144"/>
<taskbegin task="NSE" time="1676222144"/>
<taskend task="NSE" time="1676222144"/>
<runstats><finished time="1676222144" timestr="Sun Feb 12 18:15:44 2023" summary="Nmap done at Sun Feb 12 18:15:44 2023; 1 IP address (1 host up) scanned in 59.61 seconds" elapsed="59.61" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

90
HTB/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml Normal file
View File

@@ -0,0 +1,90 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Feb 12 18:14:45 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml vessel.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/vessel/results/vessel.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_quick_tcp_nmap.xml vessel.htb" start="1676222085" startstr="Sun Feb 12 18:14:45 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1676222085"/>
<taskend task="NSE" time="1676222085"/>
<taskbegin task="NSE" time="1676222085"/>
<taskend task="NSE" time="1676222085"/>
<taskbegin task="NSE" time="1676222085"/>
<taskend task="NSE" time="1676222085"/>
<taskbegin task="SYN Stealth Scan" time="1676222085"/>
<taskend task="SYN Stealth Scan" time="1676222087" extrainfo="1000 total ports"/>
<taskbegin task="Service scan" time="1676222087"/>
<taskend task="Service scan" time="1676222093" extrainfo="2 services on 1 host"/>
<taskbegin task="Traceroute" time="1676222098"/>
<taskend task="Traceroute" time="1676222098"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1676222098"/>
<taskend task="Parallel DNS resolution of 1 host." time="1676222109"/>
<taskbegin task="NSE" time="1676222109"/>
<taskend task="NSE" time="1676222114"/>
<taskbegin task="NSE" time="1676222114"/>
<taskend task="NSE" time="1676222114"/>
<taskbegin task="NSE" time="1676222114"/>
<taskend task="NSE" time="1676222114"/>
<host starttime="1676222085" endtime="1676222114"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.178" addrtype="ipv4"/>
<hostnames>
<hostname name="vessel.htb" type="user"/>
<hostname name="vessel.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="998">
<extrareasons reason="reset" count="998" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="8.2p1 Ubuntu 4ubuntu0.5" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:8.2p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssh-hostkey" output="&#xa; 3072 38c297327b9ec565b44b4ea330a59aa5 (RSA)&#xa;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=&#xa; 256 33b355f4a17ff84e48dac5296313833d (ECDSA)&#xa;ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=&#xa; 256 a1f1881c3a397274e6301f28b680254e (ED25519)&#xa;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq"><table>
<elem key="bits">3072</elem>
<elem key="fingerprint">38c297327b9ec565b44b4ea330a59aa5</elem>
<elem key="key">AAAAB3NzaC1yc2EAAAADAQABAAABgQDRkVUZvNhJjWa+g8L2AvSkSx0UUQEWfqMP7peYHvV6ZkUiZgpXHDTIIu6VUJ0JgGvrM4RU7ZBEaWv7HJ+PWmv+tqOGdQC3O8MT4LadUlAod4aceqOUJKXjGW8f09s0XFg7WFFOzTPEserrn1StwLWDl/OEZmC4UjjaGnfTax/FfQuaLZOOEEFAayJhOVI05+zSAIkjOlNF4jHwWUKfaQ1v4of/HoZrBpyy9kUarhrkR2WuepT2z1zOSipvkYQyQgbA4xt44ZMaD8K/gX4+T3Tldoo7QzK48v40X/1hjbaznCXnv5W7cV8OTU7H7jTTbJ7YFeKk6SggOJTBB/jUbscVYSUFma/a6VQvlpJccHrYakf1m7nnW108Qk71dn6J0rZW/deLLRpfwtJsTD8xURupA9wCOWgw8HX/afxqbRTGWkr5spGHCJFVc2ITVH+fVZY1gr4u14r5gXDZo20iRoRtwJI7+sXxOxQMB/XHYG9hmx2E7Z8uJw0nq0Nl8DCh2jM=</elem>
<elem key="type">ssh-rsa</elem>
</table>
<table>
<elem key="bits">256</elem>
<elem key="fingerprint">33b355f4a17ff84e48dac5296313833d</elem>
<elem key="key">AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI228amP4DtyQ7hh3fSYHcLZlahh+YMF0aLTZ9N/0RaUtRLM9lBdVPHvN6h1SJ45wg1rXsdrNql7L/qqr0G3q2Q=</elem>
<elem key="type">ecdsa-sha2-nistp256</elem>
</table>
<table>
<elem key="bits">256</elem>
<elem key="fingerprint">a1f1881c3a397274e6301f28b680254e</elem>
<elem key="key">AAAAC3NzaC1lZDI1NTE5AAAAIJD+aZKxj3tW8fIaoig7O/RmU2zGCu48tA485peYqixq</elem>
<elem key="type">ssh-ed25519</elem>
</table>
</script></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="Apache httpd" version="2.4.41" extrainfo="(Ubuntu)" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.4.41</cpe></service><script id="http-trane-info" output="Problem with XML parsing of /evox/about"/><script id="http-favicon" output="Unknown favicon MD5: 9A251AF46E55C650807793D0DB9C38B8"/><script id="http-title" output="Vessel"><elem key="title">Vessel</elem>
</script><script id="http-server-header" output="Apache/2.4.41 (Ubuntu)"><elem>Apache/2.4.41 (Ubuntu)</elem>
</script><script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods">
<elem>GET</elem>
<elem>HEAD</elem>
<elem>POST</elem>
<elem>OPTIONS</elem>
</table>
</script></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="1"/>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/12%OT=22%CT=1%CU=%PV=Y%DS=2%DC=T%G=N%TM=63E91EA2%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=107%GCD=1%ISR=10E%TI=Z%TS=A)&#xa;OPS(O1=M54EST11NW7%O2=M54EST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11NW7%O6=M54EST11)&#xa;WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)&#xa;ECN(R=N)&#xa;T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=N)&#xa;T5(R=N)&#xa;T6(R=N)&#xa;T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=40%CD=S)&#xa;"/>
</os>
<uptime seconds="4150324" lastboot="Mon Dec 26 17:23:10 2022"/>
<distance value="2"/>
<tcpsequence index="263" difficulty="Good luck!" values="B137132B,20C7ED67,9C4B9CA7,4A0D7F8D,DD68713F,D8167DA2"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="F760A772,F760A7E3,F760A83B,F760A8A1,F760A919,F760A981"/>
<trace port="8888" proto="tcp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="33.64"/>
<hop ttl="2" ipaddr="10.10.11.178" rtt="34.24" host="vessel.htb"/>
</trace>
<times srtt="42009" rttvar="11659" to="100000"/>
</host>
<taskbegin task="NSE" time="1676222114"/>
<taskend task="NSE" time="1676222114"/>
<taskbegin task="NSE" time="1676222114"/>
<taskend task="NSE" time="1676222114"/>
<taskbegin task="NSE" time="1676222114"/>
<taskend task="NSE" time="1676222114"/>
<runstats><finished time="1676222114" timestr="Sun Feb 12 18:15:14 2023" summary="Nmap done at Sun Feb 12 18:15:14 2023; 1 IP address (1 host up) scanned in 29.91 seconds" elapsed="29.91" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>

66
HTB/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml Normal file
View File

@@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.93 scan initiated Sun Feb 12 18:14:45 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml vessel.htb -->
<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/simon/htb/vessel/results/vessel.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/vessel/results/vessel.htb/scans/xml/_top_100_udp_nmap.xml vessel.htb" start="1676222085" startstr="Sun Feb 12 18:14:45 2023" version="7.93" xmloutputversion="1.05">
<scaninfo type="udp" protocol="udp" numservices="100" services="7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
<verbose level="2"/>
<debugging level="0"/>
<taskbegin task="NSE" time="1676222085"/>
<taskend task="NSE" time="1676222085"/>
<taskbegin task="NSE" time="1676222085"/>
<taskend task="NSE" time="1676222085"/>
<taskbegin task="NSE" time="1676222085"/>
<taskend task="NSE" time="1676222085"/>
<taskbegin task="UDP Scan" time="1676222085"/>
<taskprogress task="UDP Scan" time="1676222116" percent="49.71" remaining="32" etc="1676222147"/>
<taskend task="UDP Scan" time="1676222189" extrainfo="100 total ports"/>
<taskbegin task="Service scan" time="1676222189"/>
<taskprogress task="Service scan" time="1676222237" percent="14.29" remaining="288" etc="1676222525"/>
<taskend task="Service scan" time="1676222287" extrainfo="7 services on 1 host"/>
<taskbegin task="Traceroute" time="1676222289"/>
<taskend task="Traceroute" time="1676222291"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1676222291"/>
<taskend task="Parallel DNS resolution of 1 host." time="1676222302"/>
<taskbegin task="NSE" time="1676222302"/>
<taskend task="NSE" time="1676222325"/>
<taskbegin task="NSE" time="1676222325"/>
<taskend task="NSE" time="1676222326"/>
<taskbegin task="NSE" time="1676222326"/>
<taskend task="NSE" time="1676222326"/>
<host starttime="1676222086" endtime="1676222326"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="10.10.11.178" addrtype="ipv4"/>
<hostnames>
<hostname name="vessel.htb" type="user"/>
<hostname name="vessel.htb" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="93">
<extrareasons reason="port-unreach" count="93" proto="udp" ports="7,9,17,19,49,53,67,69,80,88,111,120,123,136-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,5000,5060,5353,5632,9200,10000,17185,20031,30718,32768-32769,32771,33281,49152-49154,49156,49181-49182,49185,49188,49190-49194,49200-49201,65024"/>
</extraports>
<port protocol="udp" portid="68"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="dhcpc" method="table" conf="3"/></port>
<port protocol="udp" portid="135"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
<port protocol="udp" portid="1646"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="radacct" method="table" conf="3"/></port>
<port protocol="udp" portid="4500"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="nat-t-ike" method="table" conf="3"/></port>
<port protocol="udp" portid="31337"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="BackOrifice" method="table" conf="3"/></port>
<port protocol="udp" portid="32815"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
<port protocol="udp" portid="49186"><state state="open|filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
</ports>
<os><portused state="closed" proto="udp" portid="7"/>
<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/12%OT=%CT=%CU=7%PV=Y%DS=2%DC=T%G=N%TM=63E91F76%P=x86_64-pc-linux-gnu)&#xa;SEQ(CI=Z)&#xa;T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)&#xa;IE(R=Y%DFI=N%T=40%CD=S)&#xa;"/>
</os>
<distance value="2"/>
<trace port="996" proto="udp">
<hop ttl="1" ipaddr="10.10.16.1" rtt="44.80"/>
<hop ttl="2" ipaddr="10.10.11.178" rtt="62.53" host="vessel.htb"/>
</trace>
<times srtt="40585" rttvar="14588" to="100000"/>
</host>
<taskbegin task="NSE" time="1676222326"/>
<taskend task="NSE" time="1676222326"/>
<taskbegin task="NSE" time="1676222326"/>
<taskend task="NSE" time="1676222326"/>
<taskbegin task="NSE" time="1676222326"/>
<taskend task="NSE" time="1676222326"/>
<runstats><finished time="1676222326" timestr="Sun Feb 12 18:18:46 2023" summary="Nmap done at Sun Feb 12 18:18:46 2023; 1 IP address (1 host up) scanned in 241.44 seconds" elapsed="241.44" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>