$ nmap -p- -T4 -A 10.10.10.231
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 10.0
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/10.0
|_http-title: OS Tidy Inc.
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
$ nikto -h http://10.10.10.231
+ Server: Microsoft-IIS/10.0
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ Retrieved x-powered-by header: PHP/7.4.1
+ 7863 requests: 0 error(s) and 6 item(s) reported on remote host
$ dirb http://10.10.10.231
---- Scanning URL: http://10.10.10.231/ ----
==> DIRECTORY: http://10.10.10.231/assets/
+ http://10.10.10.231/index.html (CODE:200|SIZE:14257)
==> DIRECTORY: http://10.10.10.231/licenses/
---- Entering directory: http://10.10.10.231/assets/ ----
==> DIRECTORY: http://10.10.10.231/assets/api/
==> DIRECTORY: http://10.10.10.231/assets/css/
==> DIRECTORY: http://10.10.10.231/assets/fonts/
==> DIRECTORY: http://10.10.10.231/assets/img/
==> DIRECTORY: http://10.10.10.231/assets/js/
---- Entering directory: http://10.10.10.231/licenses/ ----
+ http://10.10.10.231/licenses/index.php (CODE:200|SIZE:1648)
---- Entering directory: http://10.10.10.231/assets/api/ ----
---- Entering directory: http://10.10.10.231/assets/css/ ----
---- Entering directory: http://10.10.10.231/assets/fonts/ ----
---- Entering directory: http://10.10.10.231/assets/img/ ----
==> DIRECTORY: http://10.10.10.231/assets/img/bg/
==> DIRECTORY: http://10.10.10.231/assets/img/ico/
==> DIRECTORY: http://10.10.10.231/assets/img/logo/
==> DIRECTORY: http://10.10.10.231/assets/img/shop/
---- Entering directory: http://10.10.10.231/assets/js/ ----
---- Entering directory: http://10.10.10.231/assets/img/bg/ ----
---- Entering directory: http://10.10.10.231/assets/img/ico/ ----
+ http://10.10.10.231/assets/img/ico/favicon.ico (CODE:200|SIZE:34494)
---- Entering directory: http://10.10.10.231/assets/img/logo/ ----
---- Entering directory: http://10.10.10.231/assets/img/shop/ ----
$ nikto -h http://10.10.10.231/licenses/
+ Server: Microsoft-IIS/10.0
+ Cookie PHPSESSID created without the httponly flag
+ Retrieved x-powered-by header: PHP/7.4.1
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ 7863 requests: 0 error(s) and 7 item(s) reported on remote host
http://10.10.10.231/licenses/
Please login with you mail address and password to access the licensing portal.
dustin, daksh, wafer, anna
$ echo "10.10.10.231 proper.htb" | sudo tee -a /etc/hosts