Easy

This post is a walkthrough of the Hack The Box (Originally VulnLab Box) room Retro Hack The Box: Retro – Exploiting Weak Credentials, Pre-Created Computer Accounts, and Certificate Vulnerabilities Retro is an Easy-rated Windows machine from VulnLabs that offers a fantastic introduction to Active Directory (AD) exploitation, covering weak credential hygiene, pre-created computer account abuse, and certificate template vulnerabilities. The attack path begins with anonymous LDAP enumeration, revealing a list of domain users through a RID brute-force attack using the default guest account. A simple password spray attack with usernames as passwords yields valid credentials, granting access to network shares. Among these shares, a seemingly innocuous ToDo.txt file provides a critical clue—mentioning outdated finance software and pre-created computer accounts in the domain. ...

This post is a walkthrough of the Hack The Box (Originally VulnLab Box) room Down Intro Down is an easy Linux box created originally for Vulnlabs. Hack The Box recently acquired Vulnlabs and are sarting make available the machines. You will need a HTB VIP+ account to access these boxes. From SSRF to Root: A Step-by-Step Breakdown of a Web App Exploitation Chain In this penetration testing engagement, we began by discovering a Server-Side Request Forgery (SSRF) vulnerability, which led us to a Local File Inclusion (LFI) flaw. Exploiting the LFI, we extracted the source code of the web application, revealing a hidden “expertmode” feature designed to check open ports using netcat. ...

This post is a walkthrough of the Hack The Box room Nibbles Intro Nibbles is a fairly simple machine, however with the inclusion of a login blacklist, it is a fair bit more challenging to find valid credentials. Luckily, a username can be enumerated and guessing the correct password does not take long for most. Enumeration NMAP Scan sudo nmap -sVC -T4 -p- -vv -oA nmap/alltcp-ports 10.129.202.224 --open Discovered Ports Discovered open port 80/tcp on 10.129.202.224 Discovered open port 22/tcp on 10.129.202.224 Below we can see the web server is running on a Ubuntu 2.2 Server and using Apache 2.4.18 as the backend for the webserver. ...

This post is a walkthrough of the Try Hack Me room Expose Intro This challenge is an initial test to evaluate your capabilities in red teaming skills. You will find all the necessary tools to complete the challenge, like Nmap, sqlmap, wordlists, PHP shell, and many more in the AttackBox. Exposing unnecessary services in a machine can be dangerous. Can you capture the flags and pwn the machine? NMAP Scan sudo nmap -sVC -T4 -p- -vv -oA nmap/all-tcp-ports 10.10.191.114 [sudo] password for kali: Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-05 19:41 IST NSE: Loaded 156 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 3) scan. Initiating NSE at 19:41 Completed NSE at 19:41, 0.00s elapsed NSE: Starting runlevel 2 (of 3) scan. Initiating NSE at 19:41 Completed NSE at 19:41, 0.00s elapsed NSE: Starting runlevel 3 (of 3) scan. Initiating NSE at 19:41 Completed NSE at 19:41, 0.00s elapsed Initiating Ping Scan at 19:41 Scanning 10.10.191.114 [4 ports] Completed Ping Scan at 19:41, 0.02s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 19:41 Completed Parallel DNS resolution of 1 host. at 19:41, 0.01s elapsed Initiating SYN Stealth Scan at 19:41 Scanning 10.10.191.114 [65535 ports] Discovered open port 21/tcp on 10.10.191.114 Discovered open port 22/tcp on 10.10.191.114 Discovered open port 53/tcp on 10.10.191.114 Discovered open port 1883/tcp on 10.10.191.114 Discovered open port 1337/tcp on 10.10.191.114 Completed SYN Stealth Scan at 19:41, 12.23s elapsed (65535 total ports) Initiating Service scan at 19:41 Scanning 5 services on 10.10.191.114 Completed Service scan at 19:41, 11.11s elapsed (5 services on 1 host) NSE: Script scanning 10.10.191.114. NSE: Starting runlevel 1 (of 3) scan. Initiating NSE at 19:41 NSE: [ftp-bounce 10.10.191.114:21] PORT response: 500 Illegal PORT command. Completed NSE at 19:42, 10.16s elapsed NSE: Starting runlevel 2 (of 3) scan. Initiating NSE at 19:42 Completed NSE at 19:42, 0.09s elapsed NSE: Starting runlevel 3 (of 3) scan. Initiating NSE at 19:42 Completed NSE at 19:42, 0.01s elapsed Nmap scan report for 10.10.191.114 Host is up, received reset ttl 63 (0.051s latency). Scanned at 2023-09-05 19:41:30 IST for 34s Not shown: 65530 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 21/tcp open ftp syn-ack ttl 63 vsftpd 2.0.8 or later |_ftp-anon: Anonymous FTP login allowed (FTP code 230) | ftp-syst: | STAT: | FTP server status: | Connected to ::ffff:10.11.0.200 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 3 | vsFTPd 3.0.3 - secure, fast, stable |_End of status 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 bc:ad:ba:9e:00:c2:bb:94:46:71:6d:eb:9c:6c:8b:de (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW3b7bXXFhyAEJBjKekBQTRTlKLsL11XjqxcEdYnJZPA9MKD/M2rl8eTW4cBV+p8ktcZulk2BYUWfJpVMxkjLtUBZ5mvI9K89v0Uv01On5dVZitRBJMDMRCLRrlcMvbN5Nr/wizTL970/kxlpL6ya26lkHnXeoclrWj5F5LLZFo/510ZNE1TW9Cwb5+IrzhcdykB7iab3gPWi0Vr3WjelifDCyiOoItMgptg9gILJEoetkZfkR5Zs4ICqYgYoRc32BynnGGTp3mtbOO279RJ3U2y2NTcXtMG4GJl2yEmJAnsoq2y6mosXivbbwAvBZTZbMjXQqBtfkonJr2A/7ieXpwpcqU6eFVs17MjMeJJAE/vegRxj7nDBBobTqF4U/HrNu8nR9pYrrj92XsCu/iv+WxesKJrVIDAdiQDDY9ma6g+1BVThkCZb/Mwe8Z49zgCPcuVef/mpCpE2r0g5UiqXey+agJXsY+oNkDmkDBdd2r5KSh4b48lE3l1bRqjjt490= | 256 3c:0c:11:2f:96:05:ad:08:c6:dd:6e:20:08:b6:71:25 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNe4/l3KTGE7PJc7QH6ImgyMbg82kppYvZJByUaE2opJQ/XV93WScr6SzhcXqG/WrXvHfz4LtHzCxeujJTPyMys= | 256 66:4c:8e:11:31:8c:fb:3a:e1:69:38:ae:d5:d1:5f:5c (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2LEEUfDOIGeJBrF3AEOuhqYEnTj+n4/FcYGlAMV92f 53/tcp open domain syn-ack ttl 63 ISC BIND 9.16.1 (Ubuntu Linux) | dns-nsid: |_ bind.version: 9.16.1-Ubuntu 1337/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu)) | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-title: EXPOSED |_http-server-header: Apache/2.4.41 (Ubuntu) 1883/tcp open mosquitto version 1.6.9 syn-ack ttl 63 | mqtt-subscribe: | Topics and their most recent payloads: | $SYS/broker/load/publish/received/5min: 0.00 | $SYS/broker/load/publish/dropped/1min: 0.00 | $SYS/broker/messages/stored: 53 | $SYS/broker/load/bytes/sent/15min: 136.90 | $SYS/broker/heap/maximum: 54584 | $SYS/broker/publish/messages/dropped: 0 | $SYS/broker/load/bytes/received/1min: 63.04 | $SYS/broker/load/connections/5min: 0.39 | $SYS/broker/bytes/sent: 2066 | $SYS/broker/load/publish/received/1min: 0.00 | $SYS/broker/store/messages/count: 53 | $SYS/broker/clients/connected: 1 | $SYS/broker/publish/bytes/received: 0 | $SYS/broker/load/publish/sent/5min: 10.21 | $SYS/broker/load/publish/dropped/15min: 0.00 | $SYS/broker/bytes/received: 69 | $SYS/broker/load/connections/15min: 0.13 | $SYS/broker/load/sockets/5min: 0.39 | $SYS/broker/clients/inactive: 0 | $SYS/broker/clients/disconnected: 0 | $SYS/broker/load/publish/dropped/5min: 0.00 | $SYS/broker/load/bytes/sent/5min: 405.72 | $SYS/broker/load/publish/sent/15min: 3.45 | $SYS/broker/clients/expired: 0 | $SYS/broker/shared_subscriptions/count: 0 | $SYS/broker/clients/maximum: 1 | $SYS/broker/load/messages/sent/1min: 50.25 | $SYS/broker/version: mosquitto version 1.6.9 | $SYS/broker/load/bytes/sent/1min: 1887.68 | $SYS/broker/uptime: 44 seconds | $SYS/broker/load/messages/sent/5min: 10.80 | $SYS/broker/subscriptions/count: 2 | $SYS/broker/store/messages/bytes: 191 | $SYS/broker/retained messages/count: 53 | $SYS/broker/load/bytes/received/5min: 13.55 | $SYS/broker/load/publish/sent/1min: 47.51 | $SYS/broker/heap/current: 54184 | $SYS/broker/clients/active: 1 | $SYS/broker/load/sockets/15min: 0.13 | $SYS/broker/clients/total: 1 | $SYS/broker/publish/messages/sent: 52 | $SYS/broker/load/publish/received/15min: 0.00 | $SYS/broker/load/messages/sent/15min: 3.64 | $SYS/broker/publish/messages/received: 0 | $SYS/broker/publish/bytes/sent: 177 | $SYS/broker/load/bytes/received/15min: 4.57 | $SYS/broker/messages/sent: 55 | $SYS/broker/load/messages/received/1min: 2.74 | $SYS/broker/messages/received: 3 | $SYS/broker/load/sockets/1min: 1.67 | $SYS/broker/load/messages/received/5min: 0.59 | $SYS/broker/load/messages/received/15min: 0.20 |_ $SYS/broker/load/connections/1min: 1.83 Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 3) scan. Initiating NSE at 19:42 Completed NSE at 19:42, 0.00s elapsed NSE: Starting runlevel 2 (of 3) scan. Initiating NSE at 19:42 Completed NSE at 19:42, 0.00s elapsed NSE: Starting runlevel 3 (of 3) scan. Initiating NSE at 19:42 Completed NSE at 19:42, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 34.42 seconds Ports Of Interest Port 21 - FTP (vsftpd 2.0.8 or later) Port 22 - SSH Port 80 - Http Port 1883: mosquito ...

This post is a walkthrough of the Try Hack Me room Lesson-Learned Intro This is a relatively easy machine that tries to teach you a lesson, but perhaps you’ve already learned the lesson? Let’s find out. Treat this box as if it were a real target and not a CTF. Get past the login screen and you will find the flag. There are no rabbit holes, no hidden files, just a login page and a flag. Good luck! ...

This post is a walkthrough of the Try Hack Me room Grep Intro Welcome to the OSINT challenge, part of TryHackMe’s Red Teaming Path. In this task, you will be an ethical hacker aiming to exploit a newly developed web application. SuperSecure Corp, a fast-paced startup, is currently creating a blogging platform inviting security professionals to assess its security. The challenge involves using OSINT techniques to gather information from publicly accessible sources and exploit potential vulnerabilities in the web application. Your goal is to identify and exploit vulnerabilities in the application using a combination of recon and OSINT skills. As you progress, you’ll look for weak points in the app, find sensitive data, and attempt to gain unauthorized access. You will leverage the skills and knowledge acquired through the Red Team Pathway to devise and execute your attack strategies. ...

This post is a walkthrough of the Try Hack Me room Red Intro Red is a TryHackMe room created by readysetexploit which was inspired by TryHackMe’s King of the Hill. The theme of this machine is a battle between red and blue in which we try to navigate red’s defense mechanisms in order to take back the machine. We start by finding a Web Server that is vulnerable to Local File Inclusion. We use to read blue’s history file in order to create a password list. We gain access to the server and find that we can edit the hosts file so that a reverse shell that is being executed by red points to us. We then make use of the PwnKit exploit in order to get root and defeat red. Although it seems pretty straightforward, red’s defenses add a layer of complexity that can irritate even the most seasoned player. ...

This post is a walkthrough of the Try Hack Me room Cat Pictures 2 Intro NMAP Scan # Nmap 7.94 scan initiated Sat Jul 1 07:46:54 2023 as: nmap -sVC -T4 -vv -p- -oA nmap/all-tcp 10.10.23.83 Nmap scan report for 10.10.23.83 Host is up, received echo-reply ttl 63 (0.035s latency). Scanned at 2023-07-01 07:46:55 IST for 102s Not shown: 65529 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 33:f0:03:36:26:36:8c:2f:88:95:2c:ac:c3:bc:64:65 (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWn7oP+xezi54hhxJR3FAOcCt9gU+ZfOXquxFX/NC6USigzwXcxw2B4P3Yz6Huhaox1WRRgOSAYPJp9uo1gnA+ttkVdRaIqmcizbsznuU6sXntwiunD/QDNegq5UwJI3PjQu05HhnTNwGlBuiv+V/HW2OZGo0LLMY8ixqphCtAbw5uQZsV28rB2Yy1C7FYjkRzfhGePOfyq8Ga4FSpRnWz1vHYyEzFiF9tyLXNcDEdIWalKA6hrr7msEneSITE/RrGt5tynn6Rq5/3Os0mdbV0ztvqavwcWRR6B1UAJ+zPR/GKJ6s4Zr8ImoAXIZc7lFQ7Oh8DVWYp4cearg90RZUx | 256 4f:f3:b3:f2:6e:03:91:b2:7c:c0:53:d5:d4:03:88:46 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFhoBFkSKYS/dRjYASX26cs3gtgKxnLhhnXBas1fJ5i32J7h9+X8XA3GHT2SzP8/CBbs759W5q68jDA9nsTYnzo= | 256 13:7c:47:8b:6f:f8:f4:6b:42:9a:f2:d5:3d:34:13:52 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiQc+7IBNNbs8nZJ4L+ntHTLbWn0Xn5b+QnWuboKE6r 80/tcp open http syn-ack ttl 62 nginx 1.4.6 (Ubuntu) |_http-server-header: nginx/1.4.6 (Ubuntu) | http-robots.txt: 7 disallowed entries |_/data/ /dist/ /docs/ /php/ /plugins/ /src/ /uploads/ |_http-favicon: Unknown favicon MD5: 60D8216C0FDE4723DCA5FBD03AD44CB7 | http-methods: |_ Supported Methods: GET HEAD | http-git: | 10.10.23.83:80/.git/ | Git repository found! | Repository description: Unnamed repository; edit this file 'description' to name the... | Remotes: | https://github.com/electerious/Lychee.git |_ Project type: PHP application (guessed from .gitignore) |_http-title: Lychee 222/tcp open ssh syn-ack ttl 62 OpenSSH 9.0 (protocol 2.0) | ssh-hostkey: | 256 be:cb:06:1f:33:0f:60:06:a0:5a:06:bf:06:53:33:c0 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB+PtL9v5aeL5ZyAqgRnysYUVe0Ww60OwRp1w4zMWjWtAlcYbgHraHSSi5OhIhiiN1qXxWRDmgkHBteWs7nKZRI= | 256 9f:07:98:92:6e:fd:2c:2d:b0:93:fa:fe:e8:95:0c:37 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrtEihpl8XdvZJ4zLSvhdBlIeOBcRLyo7P6d7wOECm8 1337/tcp open waste? syn-ack ttl 63 | fingerprint-strings: | GenericLines: | HTTP/1.1 400 Bad Request | Content-Type: text/plain; charset=utf-8 | Connection: close | Request | GetRequest, HTTPOptions: | HTTP/1.0 200 OK | Accept-Ranges: bytes | Content-Length: 3858 | Content-Type: text/html; charset=utf-8 | Date: Sat, 01 Jul 2023 06:47:14 GMT | Last-Modified: Wed, 19 Oct 2022 15:30:49 GMT | <!DOCTYPE html> | <html> | <head> | <meta name="viewport" content="width=device-width, initial-scale=1.0"> | <title>OliveTin</title> | <link rel = "stylesheet" type = "text/css" href = "style.css" /> | <link rel = "shortcut icon" type = "image/png" href = "OliveTinLogo.png" /> | <link rel = "apple-touch-icon" sizes="57x57" href="OliveTinLogo-57px.png" /> | <link rel = "apple-touch-icon" sizes="120x120" href="OliveTinLogo-120px.png" /> | <link rel = "apple-touch-icon" sizes="180x180" href="OliveTinLogo-180px.png" /> | </head> | <body> | <main title = "main content"> | <fieldset id = "section-switcher" title = "Sections"> | <button id = "showActions">Actions</button> |_ <button id = "showLogs">Logs</but 3000/tcp open ppp? syn-ack ttl 62 | fingerprint-strings: | GenericLines, Help, RTSPRequest: | HTTP/1.1 400 Bad Request | Content-Type: text/plain; charset=utf-8 | Connection: close | Request | GetRequest: | HTTP/1.0 200 OK | Cache-Control: no-store, no-transform | Content-Type: text/html; charset=UTF-8 | Set-Cookie: i_like_gitea=31ce202f5c0c68f7; Path=/; HttpOnly; SameSite=Lax | Set-Cookie: _csrf=W9fXHPzyvbR4O9POmUgVtbgT81o6MTY4ODE5NDAzNDY2NjI2OTMxOQ; Path=/; Expires=Sun, 02 Jul 2023 06:47:14 GMT; HttpOnly; SameSite=Lax | Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax | X-Frame-Options: SAMEORIGIN | Date: Sat, 01 Jul 2023 06:47:14 GMT | <!DOCTYPE html> | <html lang="en-US" class="theme-"> | <head> | <meta charset="utf-8"> | <meta name="viewport" content="width=device-width, initial-scale=1"> | <title> Gitea: Git with a cup of tea</title> | <link rel="manifest" href="data:application/json;base64,eyJuYW1lIjoiR2l0ZWE6IEdpdCB3aXRoIGEgY3VwIG9mIHRlYSIsInNob3J0X25hbWUiOiJHaXRlYTogR2l0IHdpdGggYSBjdXAgb2YgdGVhIiwic3RhcnRfdXJsIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwLyIsImljb25zIjpbeyJzcmMiOiJodHRwOi | HTTPOptions: | HTTP/1.0 405 Method Not Allowed | Cache-Control: no-store, no-transform | Set-Cookie: i_like_gitea=dbfef6400c53f152; Path=/; HttpOnly; SameSite=Lax | Set-Cookie: _csrf=-ojc99I42U75nr_xxJyOTqyqNeg6MTY4ODE5NDAzOTc5NjQyNDYxMg; Path=/; Expires=Sun, 02 Jul 2023 06:47:19 GMT; HttpOnly; SameSite=Lax | Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax | X-Frame-Options: SAMEORIGIN | Date: Sat, 01 Jul 2023 06:47:19 GMT |_ Content-Length: 0 8080/tcp open http syn-ack ttl 63 SimpleHTTPServer 0.6 (Python 3.6.9) |_http-title: Welcome to nginx! |_http-server-header: SimpleHTTP/0.6 Python/3.6.9 | http-methods: |_ Supported Methods: GET HEAD 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service : ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port1337-TCP:V=7.94%I=7%D=7/1%Time=649FCBF2%P=x86_64-pc-linux-gnu%r(Gen SF:ericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20te SF:xt/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x2 SF:0Request")%r(GetRequest,FCC,"HTTP/1\.0\x20200\x20OK\r\nAccept-Ranges:\x SF:20bytes\r\nContent-Length:\x203858\r\nContent-Type:\x20text/html;\x20ch SF:arset=utf-8\r\nDate:\x20Sat,\x2001\x20Jul\x202023\x2006:47:14\x20GMT\r\ SF:nLast-Modified:\x20Wed,\x2019\x20Oct\x202022\x2015:30:49\x20GMT\r\n\r\n SF:<!DOCTYPE\x20html>\n\n<html>\n\t<head>\n\n\t\t<meta\x20name=\"viewport\ SF:"\x20content=\"width=device-width,\x20initial-scale=1\.0\">\n\n\t\t<tit SF:le>OliveTin</title>\n\t\t<link\x20rel\x20=\x20\"stylesheet\"\x20type\x2 SF:0=\x20\"text/css\"\x20href\x20=\x20\"style\.css\"\x20/>\n\t\t<link\x20r SF:el\x20=\x20\"shortcut\x20icon\"\x20type\x20=\x20\"image/png\"\x20href\x SF:20=\x20\"OliveTinLogo\.png\"\x20/>\n\n\t\t<link\x20rel\x20=\x20\"apple- SF:touch-icon\"\x20sizes=\"57x57\"\x20href=\"OliveTinLogo-57px\.png\"\x20/ SF:>\n\t\t<link\x20rel\x20=\x20\"apple-touch-icon\"\x20sizes=\"120x120\"\x SF:20href=\"OliveTinLogo-120px\.png\"\x20/>\n\t\t<link\x20rel\x20=\x20\"ap SF:ple-touch-icon\"\x20sizes=\"180x180\"\x20href=\"OliveTinLogo-180px\.png SF:\"\x20/>\n\t</head>\n\n\t<body>\n\t\t<main\x20title\x20=\x20\"main\x20c SF:ontent\">\n\t\t\t<fieldset\x20id\x20=\x20\"section-switcher\"\x20title\ SF:x20=\x20\"Sections\">\n\t\t\t\t<button\x20id\x20=\x20\"showActions\">Ac SF:tions</button>\n\t\t\t\t<button\x20id\x20=\x20\"showLogs\">Logs</but")% SF:r(HTTPOptions,FCC,"HTTP/1\.0\x20200\x20OK\r\nAccept-Ranges:\x20bytes\r\ SF:nContent-Length:\x203858\r\nContent-Type:\x20text/html;\x20charset=utf- SF:8\r\nDate:\x20Sat,\x2001\x20Jul\x202023\x2006:47:14\x20GMT\r\nLast-Modi SF:fied:\x20Wed,\x2019\x20Oct\x202022\x2015:30:49\x20GMT\r\n\r\n<!DOCTYPE\ SF:x20html>\n\n<html>\n\t<head>\n\n\t\t<meta\x20name=\"viewport\"\x20conte SF:nt=\"width=device-width,\x20initial-scale=1\.0\">\n\n\t\t<title>OliveTi SF:n</title>\n\t\t<link\x20rel\x20=\x20\"stylesheet\"\x20type\x20=\x20\"te SF:xt/css\"\x20href\x20=\x20\"style\.css\"\x20/>\n\t\t<link\x20rel\x20=\x2 SF:0\"shortcut\x20icon\"\x20type\x20=\x20\"image/png\"\x20href\x20=\x20\"O SF:liveTinLogo\.png\"\x20/>\n\n\t\t<link\x20rel\x20=\x20\"apple-touch-icon SF:\"\x20sizes=\"57x57\"\x20href=\"OliveTinLogo-57px\.png\"\x20/>\n\t\t<li SF:nk\x20rel\x20=\x20\"apple-touch-icon\"\x20sizes=\"120x120\"\x20href=\"O SF:liveTinLogo-120px\.png\"\x20/>\n\t\t<link\x20rel\x20=\x20\"apple-touch- SF:icon\"\x20sizes=\"180x180\"\x20href=\"OliveTinLogo-180px\.png\"\x20/>\n SF:\t</head>\n\n\t<body>\n\t\t<main\x20title\x20=\x20\"main\x20content\">\ SF:n\t\t\t<fieldset\x20id\x20=\x20\"section-switcher\"\x20title\x20=\x20\" SF:Sections\">\n\t\t\t\t<button\x20id\x20=\x20\"showActions\">Actions</but SF:ton>\n\t\t\t\t<button\x20id\x20=\x20\"showLogs\">Logs</but"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port3000-TCP:V=7.94%I=7%D=7/1%Time=649FCBF2%P=x86_64-pc-linux-gnu%r(Gen SF:ericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20te SF:xt/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x2 SF:0Request")%r(GetRequest,2DE8,"HTTP/1\.0\x20200\x20OK\r\nCache-Control:\ SF:x20no-store,\x20no-transform\r\nContent-Type:\x20text/html;\x20charset= SF:UTF-8\r\nSet-Cookie:\x20i_like_gitea=31ce202f5c0c68f7;\x20Path=/;\x20Ht SF:tpOnly;\x20SameSite=Lax\r\nSet-Cookie:\x20_csrf=W9fXHPzyvbR4O9POmUgVtbg SF:T81o6MTY4ODE5NDAzNDY2NjI2OTMxOQ;\x20Path=/;\x20Expires=Sun,\x2002\x20Ju SF:l\x202023\x2006:47:14\x20GMT;\x20HttpOnly;\x20SameSite=Lax\r\nSet-Cooki SF:e:\x20macaron_flash=;\x20Path=/;\x20Max-Age=0;\x20HttpOnly;\x20SameSite SF:=Lax\r\nX-Frame-Options:\x20SAMEORIGIN\r\nDate:\x20Sat,\x2001\x20Jul\x2 SF:02023\x2006:47:14\x20GMT\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en- SF:US\"\x20class=\"theme-\">\n<head>\n\t<meta\x20charset=\"utf-8\">\n\t<me SF:ta\x20name=\"viewport\"\x20content=\"width=device-width,\x20initial-sca SF:le=1\">\n\t<title>\x20Gitea:\x20Git\x20with\x20a\x20cup\x20of\x20tea</t SF:itle>\n\t<link\x20rel=\"manifest\"\x20href=\"data:application/json;base SF:64,eyJuYW1lIjoiR2l0ZWE6IEdpdCB3aXRoIGEgY3VwIG9mIHRlYSIsInNob3J0X25hbWUi SF:OiJHaXRlYTogR2l0IHdpdGggYSBjdXAgb2YgdGVhIiwic3RhcnRfdXJsIjoiaHR0cDovL2x SF:vY2FsaG9zdDozMDAwLyIsImljb25zIjpbeyJzcmMiOiJodHRwOi")%r(Help,67,"HTTP/1 SF:\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset SF:=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(HTTPOpt SF:ions,1C2,"HTTP/1\.0\x20405\x20Method\x20Not\x20Allowed\r\nCache-Control SF::\x20no-store,\x20no-transform\r\nSet-Cookie:\x20i_like_gitea=dbfef6400 SF:c53f152;\x20Path=/;\x20HttpOnly;\x20SameSite=Lax\r\nSet-Cookie:\x20_csr SF:f=-ojc99I42U75nr_xxJyOTqyqNeg6MTY4ODE5NDAzOTc5NjQyNDYxMg;\x20Path=/;\x2 SF:0Expires=Sun,\x2002\x20Jul\x202023\x2006:47:19\x20GMT;\x20HttpOnly;\x20 SF:SameSite=Lax\r\nSet-Cookie:\x20macaron_flash=;\x20Path=/;\x20Max-Age=0; SF:\x20HttpOnly;\x20SameSite=Lax\r\nX-Frame-Options:\x20SAMEORIGIN\r\nDate SF::\x20Sat,\x2001\x20Jul\x202023\x2006:47:19\x20GMT\r\nContent-Length:\x2 SF:00\r\n\r\n")%r(RTSPRequest,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nCo SF:ntent-Type:\x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n SF:\r\n400\x20Bad\x20Request"); Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Jul 1 07:48:37 2023 -- 1 IP address (1 host up) scanned in 103.33 seconds Ports Of Interest Discovered open port 8080/tcp on 10.10.23.83 Discovered open port 22/tcp on 10.10.23.83 Discovered open port 80/tcp on 10.10.23.83 Discovered open port 1337/tcp on 10.10.23.83 Discovered open port 3000/tcp on 10.10.23.83 Discovered open port 222/tcp on 10.10.23.83 Port 80 (HTTP) Browse to the main webpage and begin to begin or analysis of the site. I first checked for the presence of a ‘robots.txt’. Nmap already flagged it’s presence in the scan. ...