# Nmap 7.93 scan initiated Tue Aug 29 21:01:43 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/CTF/HTB/results/keeper.htb/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/CTF/HTB/results/keeper.htb/scans/tcp80/xml/tcp_80_http_nmap.xml keeper.htb Nmap scan report for keeper.htb (10.10.11.227) Host is up, received user-set (0.036s latency). Scanned at 2023-08-29 21:01:46 CEST for 63s Bug in http-security-headers: no string output. PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack nginx 1.18.0 (Ubuntu) |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number= for deeper analysis) |_http-referer-checker: Couldn't find any cross-domain scripts. |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages. | http-sitemap-generator: | Directory structure: | / | Other: 1 | Longest directory structure: | Depth: 0 | Dir: / | Total files found (by extension): |_ Other: 1 |_http-date: Tue, 29 Aug 2023 19:01:54 GMT; +1s from local time. | http-useragent-tester: | Status for browser useragent: 200 | Allowed User Agents: | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) | libwww | lwp-trivial | libcurl-agent/1.0 | PHP/ | Python-urllib/2.5 | GT::WWW | Snoopy | MFC_Tear_Sample | HTTP::Lite | PHPCrawl | URI::Fetch | Zend_Http_Client | http client | PECL::HTTP | Wget/1.13.4 (linux-gnu) |_ WWW-Mechanize/1.34 |_http-jsonp-detection: Couldn't find any JSONP endpoints. |_http-errors: Couldn't find any error pages. |_http-csrf: Couldn't find any CSRF vulnerabilities. | http-methods: |_ Supported Methods: GET HEAD | http-headers: | Server: nginx/1.18.0 (Ubuntu) | Date: Tue, 29 Aug 2023 19:01:55 GMT | Content-Type: text/html | Content-Length: 149 | Last-Modified: Wed, 24 May 2023 14:04:44 GMT | Connection: close | ETag: "646e197c-95" | Accept-Ranges: bytes | |_ (Request type: HEAD) | http-php-version: Logo query returned unknown hash 24830e2d33064987e524816b6676af1d |_Credits query returned unknown hash 24830e2d33064987e524816b6676af1d |_http-malware-host: Host appears to be clean | http-vuln-cve2011-3192: | VULNERABLE: | Apache byterange filter DoS | State: VULNERABLE | IDs: BID:49303 CVE:CVE-2011-3192 | The Apache web server is vulnerable to a denial of service attack when numerous | overlapping byte ranges are requested. | Disclosure date: 2011-08-19 | References: | https://www.securityfocus.com/bid/49303 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 | https://www.tenable.com/plugins/nessus/55976 |_ https://seclists.org/fulldisclosure/2011/Aug/175 |_http-feed: Couldn't find any feeds. |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit= for deeper analysis) | http-vhosts: |_128 names had status 200 |_http-server-header: nginx/1.18.0 (Ubuntu) |_http-comments-displayer: Couldn't find any comments. |_http-fetch: Please enter the complete path of the directory to save data in. |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable |_http-chrono: Request times for /; avg: 174.69ms; min: 161.80ms; max: 221.23ms |_http-mobileversion-checker: No mobile version detected. |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php |_http-title: Site doesn't have a title (text/html). |_http-config-backup: ERROR: Script execution failed (use -d to debug) |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Tue Aug 29 21:02:49 2023 -- 1 IP address (1 host up) scanned in 65.96 seconds