Scanning and Enumeration

Scanning

# Nmap 7.80 scan initiated Sat Oct 10 10:12:45 2020 as: nmap -sC -sV -p80,443 -oN nineveh 10.10.10.43
Nmap scan report for nineveh.htb (10.10.10.43)
Host is up (0.097s latency).

PORT    STATE SERVICE  VERSION
80/tcp  open  http     Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
443/tcp open  ssl/http Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=nineveh.htb/organizationName=HackTheBox Ltd/stateOrProvinceName=Athens/countryName=GR
| Not valid before: 2017-07-01T15:03:30
|_Not valid after:  2018-07-01T15:03:30
|_ssl-date: TLS randomness does not represent time
| tls-alpn: 
|_  http/1.1

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Oct 10 10:13:05 2020 -- 1 IP address (1 host up) scanned in 19.37 seconds

Enumeration

After running our nmap scan, I ran a gobuster scan on both the http and https versions of the websites.

gobuster dir -u http://10.10.10.43 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt 
gobuster dir -u https://10.10.10.43 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -k 

Found Login Panel

HTTP

  • /department

HTTPS

  • /db

  • secure_notes

Possible Steg

Potential Username

  • admin

Last updated

Was this helpful?