Post

HackTheBox - Sea

Gada deskripsi, mesin masih aktif...

Posted
Preview Image
By Muhammad Khoirul Huda
2 min read

Reconnaissance

Nmap

Scan open ports with nmap

1
2
3
4
5
6
7
8
9
10

# Nmap 7.95 scan initiated Mon Oct  7 09:08:28 2024 as: nmap -p- --min-rate 10000 -oN fs-nmap.txt 10.10.11.28
Warning: 10.10.11.28 giving up on port because retransmission cap hit (10).
Nmap scan report for 10.10.11.28
Host is up (0.27s latency).
Not shown: 57830 closed tcp ports (conn-refused), 7703 filtered tcp ports (no-response)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

# Nmap done at Mon Oct  7 09:09:50 2024 -- 1 IP address (1 host up) scanned in 82.22 seconds

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

# Nmap 7.95 scan initiated Mon Oct  7 09:14:57 2024 as: nmap -p 22,80 -T4 -sCV -oN nmap.txt 10.10.11.28
Nmap scan report for 10.10.11.28
Host is up (0.37s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 e3:54:e0:72:20:3c:01:42:93:d1:66:9d:90:0c:ab:e8 (RSA)
|   256 f3:24:4b:08:aa:51:9d:56:15:3d:67:56:74:7c:20:38 (ECDSA)
|_  256 30:b1:05:c6:41:50:ff:22:a3:7f:41:06:0e:67:fd:50 (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Sea - Home
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
|_http-server-header: Apache/2.4.41 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Oct  7 09:15:15 2024 -- 1 IP address (1 host up) scanned in 17.71 seconds

Feroxbuster

Fuzzing with ferox

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

❯ feroxbuster -u "http://sea.htb/" -w /usr/share/seclists/Discovery/Web-Content/raft-small-directories.txt -x php --threads 100
                                                                                                                                                                                                         
 ___  ___  __   __     __      __         __   ___
|__  |__  |__) |__) | /  `    /  \ \_/ | |  \ |__
|    |___ |  \ |  \ | \__,    \__/ / \ | |__/ |___
by Ben "epi" Risher πŸ€“                 ver: 2.11.0
───────────────────────────┬──────────────────────
 🎯  Target Url            β”‚ http://sea.htb/
 πŸš€  Threads               β”‚ 100
 πŸ“–  Wordlist              β”‚ /usr/share/seclists/Discovery/Web-Content/raft-small-directories.txt
 πŸ‘Œ  Status Codes          β”‚ All Status Codes!
 πŸ’₯  Timeout (secs)        β”‚ 7
 🦑  User-Agent            β”‚ feroxbuster/2.11.0
 πŸ”Ž  Extract Links         β”‚ true
 πŸ’²  Extensions            β”‚ [php]
 🏁  HTTP methods          β”‚ [GET]
 πŸ”ƒ  Recursion Depth       β”‚ 4
───────────────────────────┴──────────────────────
 🏁  Press [ENTER] to use the Scan Management Menuβ„’
──────────────────────────────────────────────────
301      GET        7l       20w      230c http://sea.htb/themes => http://sea.htb/themes/
301      GET        7l       20w      228c http://sea.htb/data => http://sea.htb/data/
200      GET      118l      226w     2731c http://sea.htb/contact.php
301      GET        7l       20w      231c http://sea.htb/plugins => http://sea.htb/plugins/
301      GET        7l       20w      234c http://sea.htb/data/files => http://sea.htb/data/files/
301      GET        7l       20w      232c http://sea.htb/messages => http://sea.htb/messages/

Website

open contact.php Desktop View

random
random
This post is licensed under CC BY 4.0 by the author.