3.9 KiB
3.9 KiB
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/trick/results/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_quick_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/trick/results/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/xml/_full_tcp_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -p 22 --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "/home/simon/htb/trick/results/scans/tcp22/tcp_22_ssh_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp22/xml/tcp_22_ssh_nmap.xml" 10.129.227.180
nmap -vv --reason -Pn -T4 -sV -p 25 --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp25/tcp_25_smtp_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp25/xml/tcp_25_smtp_nmap.xml" 10.129.227.180
hydra smtp-enum://10.129.227.180:25/vrfy -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" 2>&1
dnsrecon -n 10.129.227.180 -d trick.htb 2>&1
dig -p 53 -x 10.129.227.180 @10.129.227.180
dig AXFR -p 53 @10.129.227.180 trick.htb
nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.227.180
gobuster dns -d trick.htb -r 10.129.227.180 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/trick/results/scans/tcp53/tcp_53_trick.htb_subdomains_subdomains-top1million-110000.txt"
feroxbuster -u http://10.129.227.180:80/ -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -q -e -o "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_feroxbuster_directory-list-2.3-medium.txt"
curl -sSikf http://10.129.227.180:80/.well-known/security.txt
curl -sSikf http://10.129.227.180:80/robots.txt
curl -sSik http://10.129.227.180:80/
nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/htb/trick/results/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.227.180
curl -sk -o /dev/null -H "Host: fVtpogeXVjPkPqtnprUj.trick.htb" http://trick.htb:80/ -w "%{size_download}"
whatweb --color=never --no-errors -a 3 -v http://10.129.227.180:80 2>&1
wkhtmltoimage --format png http://10.129.227.180:80/ /home/simon/htb/trick/results/scans/tcp80/tcp_80_http_screenshot.png
dig AXFR -p 53 @10.129.227.180
ffuf -u http://trick.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.trick.htb" -fs 5480 -noninteractive -s | tee "/home/simon/htb/trick/results/scans/tcp80/tcp_80_http_trick.htb_vhosts_subdomains-top1million-110000.txt"
hydra smtp-enum://10.129.227.180:25/expn -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" 2>&1