# Nmap 7.93 scan initiated Sun Feb 19 22:35:24 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/bagel/results/bagel.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/bagel/results/bagel.htb/scans/xml/_quick_tcp_nmap.xml bagel.htb
Nmap scan report for bagel.htb (10.129.132.58)
Host is up, received user-set (0.19s latency).
Scanned at 2023-02-19 22:35:24 CET for 323s
Not shown: 997 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.8 (protocol 2.0)
| ssh-hostkey:
| 256 6e4e1341f2fed9e0f7275bededcc68c2 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEwHzrBpcTXWKbxBWhc6yfWMiWfWjPmUJv2QqB/c2tJDuGt/97OvgzC+Zs31X/IW2WM6P0rtrKemiz3C5mUE67k=
| 256 80a7cd10e72fdb958b869b1b20652a98 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnQ9frzL5hKjBf6oUklfUhQCMFuM0EtdYJOIxUiDuFl
5000/tcp open upnp? syn-ack ttl 63
| fingerprint-strings:
| GetRequest:
| HTTP/1.1 400 Bad Request
| Server: Microsoft-NetCore/2.0
| Date: Sun, 19 Feb 2023 21:35:36 GMT
| Connection: close
| HTTPOptions:
| HTTP/1.1 400 Bad Request
| Server: Microsoft-NetCore/2.0
| Date: Sun, 19 Feb 2023 21:35:53 GMT
| Connection: close
| Hello, Help:
| HTTP/1.1 400 Bad Request
| Content-Type: text/html
| Server: Microsoft-NetCore/2.0
| Date: Sun, 19 Feb 2023 21:36:04 GMT
| Content-Length: 52
| Connection: close
| Keep-Alive: true
| Bad Request (Invalid request line (parts).)
| RTSPRequest:
| HTTP/1.1 400 Bad Request
| Content-Type: text/html
| Server: Microsoft-NetCore/2.0
| Date: Sun, 19 Feb 2023 21:35:37 GMT
| Content-Length: 54
| Connection: close
| Keep-Alive: true
| Bad Request (Invalid request line (version).)
| SSLSessionReq, TerminalServerCookie:
| HTTP/1.1 400 Bad Request
| Content-Type: text/html
| Server: Microsoft-NetCore/2.0
| Date: Sun, 19 Feb 2023 21:36:05 GMT
| Content-Length: 52
| Connection: close
| Keep-Alive: true
|_ Bad Request (Invalid request line (parts).)
8000/tcp open http-alt syn-ack ttl 63 Werkzeug/2.2.2 Python/3.10.9
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 NOT FOUND
| Server: Werkzeug/2.2.2 Python/3.10.9
| Date: Sun, 19 Feb 2023 21:35:37 GMT
| Content-Type: text/html; charset=utf-8
| Content-Length: 207
| Connection: close
|
|
| 404 Not Found
| Not Found
| The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.
| GetRequest:
| HTTP/1.1 302 FOUND
| Server: Werkzeug/2.2.2 Python/3.10.9
| Date: Sun, 19 Feb 2023 21:35:31 GMT
| Content-Type: text/html; charset=utf-8
| Content-Length: 263
| Location: http://bagel.htb:8000/?page=index.html
| Connection: close
|
|
| Redirecting...
| Redirecting...
| You should be redirected automatically to the target URL: http://bagel.htb:8000/?page=index.html. If not, click the link.
| Socks5:
|
|
|
|
| Error response
|
|
| Error response
| Error code: 400
| Message: Bad request syntax ('
| ').
| Error code explanation: HTTPStatus.BAD_REQUEST - Bad request syntax or unsupported method.
|
|_
| http-methods:
|_ Supported Methods: OPTIONS HEAD GET
|_http-server-header: Werkzeug/2.2.2 Python/3.10.9
| http-title: Bagel — Free Website Template, Free HTML5 Template by fr...
|_Requested resource was http://bagel.htb:8000/?page=index.html
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5000-TCP:V=7.93%I=9%D=2/19%Time=63F2962B%P=x86_64-pc-linux-gnu%r(Ge
SF:tRequest,73,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x20Microsoft
SF:-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:35:36\x20GMT\
SF:r\nConnection:\x20close\r\n\r\n")%r(RTSPRequest,E8,"HTTP/1\.1\x20400\x2
SF:0Bad\x20Request\r\nContent-Type:\x20text/html\r\nServer:\x20Microsoft-N
SF:etCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:35:37\x20GMT\r\
SF:nContent-Length:\x2054\r\nConnection:\x20close\r\nKeep-Alive:\x20true\r
SF:\n\r\nBad\x20Request\x20\(Invalid\x20request\x20line\x20\(version\)
SF:\.\)
")%r(HTTPOptions,73,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nSer
SF:ver:\x20Microsoft-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2
SF:021:35:53\x20GMT\r\nConnection:\x20close\r\n\r\n")%r(Hello,E6,"HTTP/1\.
SF:1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nServer:\x20
SF:Microsoft-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:36:0
SF:4\x20GMT\r\nContent-Length:\x2052\r\nConnection:\x20close\r\nKeep-Alive
SF::\x20true\r\n\r\nBad\x20Request\x20\(Invalid\x20request\x20line\x20
SF:\(parts\)\.\)
")%r(Help,E6,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nC
SF:ontent-Type:\x20text/html\r\nServer:\x20Microsoft-NetCore/2\.0\r\nDate:
SF:\x20Sun,\x2019\x20Feb\x202023\x2021:36:04\x20GMT\r\nContent-Length:\x20
SF:52\r\nConnection:\x20close\r\nKeep-Alive:\x20true\r\n\r\nBad\x20Req
SF:uest\x20\(Invalid\x20request\x20line\x20\(parts\)\.\)
")%r(SSLSessi
SF:onReq,E6,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/h
SF:tml\r\nServer:\x20Microsoft-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\
SF:x202023\x2021:36:05\x20GMT\r\nContent-Length:\x2052\r\nConnection:\x20c
SF:lose\r\nKeep-Alive:\x20true\r\n\r\nBad\x20Request\x20\(Invalid\x20r
SF:equest\x20line\x20\(parts\)\.\)
")%r(TerminalServerCookie,E6,"HTTP/
SF:1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nServer:\
SF:x20Microsoft-NetCore/2\.0\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:3
SF:6:05\x20GMT\r\nContent-Length:\x2052\r\nConnection:\x20close\r\nKeep-Al
SF:ive:\x20true\r\n\r\nBad\x20Request\x20\(Invalid\x20request\x20line\
SF:x20\(parts\)\.\)
");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8000-TCP:V=7.93%I=9%D=2/19%Time=63F29626%P=x86_64-pc-linux-gnu%r(Ge
SF:tRequest,1EA,"HTTP/1\.1\x20302\x20FOUND\r\nServer:\x20Werkzeug/2\.2\.2\
SF:x20Python/3\.10\.9\r\nDate:\x20Sun,\x2019\x20Feb\x202023\x2021:35:31\x2
SF:0GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:
SF:\x20263\r\nLocation:\x20http://bagel\.htb:8000/\?page=index\.html\r\nCo
SF:nnection:\x20close\r\n\r\n\n\nRedirecting\.\.\.\nRedirecting\.\.\.
\nYou\x20shoul
SF:d\x20be\x20redirected\x20automatically\x20to\x20the\x20target\x20URL:\x
SF:20http://bagel
SF:\.htb:8000/\?page=index\.html\.\x20If\x20not,\x20click\x20the\x20li
SF:nk\.\n")%r(FourOhFourRequest,184,"HTTP/1\.1\x20404\x20NOT\x20FOUND\r\nS
SF:erver:\x20Werkzeug/2\.2\.2\x20Python/3\.10\.9\r\nDate:\x20Sun,\x2019\x2
SF:0Feb\x202023\x2021:35:37\x20GMT\r\nContent-Type:\x20text/html;\x20chars
SF:et=utf-8\r\nContent-Length:\x20207\r\nConnection:\x20close\r\n\r\n\n\n404\x20Not\x20Found\n<
SF:h1>Not\x20Found\nThe\x20requested\x20URL\x20was\x20not\x20found
SF:\x20on\x20the\x20server\.\x20If\x20you\x20entered\x20the\x20URL\x20manu
SF:ally\x20please\x20check\x20your\x20spelling\x20and\x20try\x20again\.
\n")%r(Socks5,213,"\n\n\x20\x20\x20\x20\n\x20\x20\x20\
SF:x20\x20\x20\x20\x20\n\x20\x20\x20\x20\x20\x20\x20\x20Error\
SF:x20response\n\x20\x20\x20\x20\n\x20\x20\x20\x20\n\
SF:x20\x20\x20\x20\x20\x20\x20\x20Error\x20response
\n\x20\x20\x20
SF:\x20\x20\x20\x20\x20Error\x20code:\x20400
\n\x20\x20\x20\x20\x20\
SF:x20\x20\x20Message:\x20Bad\x20request\x20syntax\x20\('\\x05\\x04\\x0
SF:0\\x01\\x02\\x80\\x05\\x01\\x00\\x03'\)\.
\n\x20\x20\x20\x20\x20\x20
SF:\x20\x20Error\x20code\x20explanation:\x20HTTPStatus\.BAD_REQUEST\x20
SF:-\x20Bad\x20request\x20syntax\x20or\x20unsupported\x20method\.
\n\x2
SF:0\x20\x20\x20\n\n");
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), Linux 2.6.32 (94%), Linux 5.0 - 5.3 (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Adtran 424RG FTTH gateway (92%)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=2/19%OT=22%CT=1%CU=44394%PV=Y%DS=2%DC=T%G=Y%TM=63F2975
OS:F%P=x86_64-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=105%TI=Z%CI=Z%II=I%TS=A)OPS
OS:(O1=M54EST11NW7%O2=M54EST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST1
OS:1NW7%O6=M54EST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN
OS:(R=Y%DF=Y%T=40%W=FAF0%O=M54ENNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=A
OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R
OS:=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F
OS:=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%
OS:T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD
OS:=S)
Uptime guess: 23.819 days (since Fri Jan 27 03:01:59 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE (using port 8080/tcp)
HOP RTT ADDRESS
1 214.27 ms 10.10.16.1
2 215.23 ms bagel.htb (10.129.132.58)
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Feb 19 22:40:47 2023 -- 1 IP address (1 host up) scanned in 323.76 seconds