nmap | Hack The Box

  ___                        
 ( _ ) _ __ ___   __ _ _ __  
 / _ \| '_ ` _ \ / _` | '_ \ 
| (_) | | | | | | (_| | |_) |
 \___/|_| |_| |_|\__,_| .__/ 
                      |_|    

[+] Scanning 10.10.11.194 [65535 TCP ports]


[+] Enumerating 10.10.11.194 [22,80,9091]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-24 05:24 CDT
Nmap scan report for soccer.htb (10.10.11.194)
Host is up (0.059s latency).

PORT     STATE SERVICE         VERSION
22/tcp   open  ssh             OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 ad:0d:84:a3:fd:cc:98:a4:78:fe:f9:49:15:da:e1:6d (RSA)
|   256 df:d6:a3:9f:68:26:9d:fc:7c:6a:0c:29:e9:61:f0:0c (ECDSA)
|_  256 57:97:56:5d:ef:79:3c:2f:cb:db:35:ff:f1:7c:61:5c (ED25519)
80/tcp   open  http            nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: Soccer - Index 
9091/tcp open  xmltec-xmlmail?
| fingerprint-strings: 
|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, RPCCheck, SSLSessionReq, drda, informix: 
|     HTTP/1.1 400 Bad Request
|     Connection: close
|   GetRequest: 
|     HTTP/1.1 404 Not Found
|     Content-Security-Policy: default-src 'none'
|     X-Content-Type-Options: nosniff
|     Content-Type: text/html; charset=utf-8
|     Content-Length: 139
|     Date: Fri, 24 May 2024 10:24:32 GMT
|     Connection: close
|     <!DOCTYPE html>
|     <html lang="en">
|     <head>
|     <meta charset="utf-8">
|     <title>Error</title>
|     </head>
|     <body>
|     <pre>Cannot GET /</pre>
|     </body>
|     </html>
|   HTTPOptions, RTSPRequest: 
|     HTTP/1.1 404 Not Found
|     Content-Security-Policy: default-src 'none'
|     X-Content-Type-Options: nosniff
|     Content-Type: text/html; charset=utf-8
|     Content-Length: 143
|     Date: Fri, 24 May 2024 10:24:33 GMT
|     Connection: close
|     <!DOCTYPE html>
|     <html lang="en">
|     <head>
|     <meta charset="utf-8">
|     <title>Error</title>
|     </head>
|     <body>
|     <pre>Cannot OPTIONS /</pre>
|     </body>
|_    </html>
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port9091-TCP:V=7.94SVN%I=7%D=5/24%Time=66506ADB%P=x86_64-pc-linux-gnu%r
SF:(informix,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20clos
SF:e\r\n\r\n")%r(drda,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection
SF::\x20close\r\n\r\n")%r(GetRequest,168,"HTTP/1\.1\x20404\x20Not\x20Found
SF:\r\nContent-Security-Policy:\x20default-src\x20'none'\r\nX-Content-Type
SF:-Options:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\
SF:nContent-Length:\x20139\r\nDate:\x20Fri,\x2024\x20May\x202024\x2010:24:
SF:32\x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20l
SF:ang=\"en\">\n<head>\n<meta\x20charset=\"utf-8\">\n<title>Error</title>\
SF:n</head>\n<body>\n<pre>Cannot\x20GET\x20/</pre>\n</body>\n</html>\n")%r
SF:(HTTPOptions,16C,"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-
SF:Policy:\x20default-src\x20'none'\r\nX-Content-Type-Options:\x20nosniff\
SF:r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x201
SF:43\r\nDate:\x20Fri,\x2024\x20May\x202024\x2010:24:33\x20GMT\r\nConnecti
SF:on:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n
SF:<meta\x20charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pr
SF:e>Cannot\x20OPTIONS\x20/</pre>\n</body>\n</html>\n")%r(RTSPRequest,16C,
SF:"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20defaul
SF:t-src\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\
SF:x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fr
SF:i,\x2024\x20May\x202024\x2010:24:33\x20GMT\r\nConnection:\x20close\r\n\
SF:r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<meta\x20charset=
SF:\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot\x20OPTIO
SF:NS\x20/</pre>\n</body>\n</html>\n")%r(RPCCheck,2F,"HTTP/1\.1\x20400\x20
SF:Bad\x20Request\r\nConnection:\x20close\r\n\r\n")%r(DNSVersionBindReqTCP
SF:,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n
SF:")%r(DNSStatusRequestTCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConn
SF:ection:\x20close\r\n\r\n")%r(Help,2F,"HTTP/1\.1\x20400\x20Bad\x20Reques
SF:t\r\nConnection:\x20close\r\n\r\n")%r(SSLSessionReq,2F,"HTTP/1\.1\x2040
SF:0\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.10 seconds

[+] Enumerating 10.10.11.194 for vulnerabilities [22,80,9091]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-24 05:24 CDT
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for soccer.htb (10.10.11.194)
Host is up (0.064s latency).

PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
| http-vuln-cve2011-3192: 
|   VULNERABLE:
|   Apache byterange filter DoS
|     State: VULNERABLE
|     IDs:  CVE:CVE-2011-3192  BID:49303
|       The Apache web server is vulnerable to a denial of service attack when numerous
|       overlapping byte ranges are requested.
|     Disclosure date: 2011-08-19
|     References:
|       https://www.tenable.com/plugins/nessus/55976
|       https://www.securityfocus.com/bid/49303
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
|_      https://seclists.org/fulldisclosure/2011/Aug/175
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
9091/tcp open  xmltec-xmlmail

Nmap done: 1 IP address (1 host up) scanned in 172.45 seconds

[+] Scanning 10.10.11.194 [1000 UDP ports]
[sudo] password for adot: 
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-24 05:27 CDT
Initiating Ping Scan at 05:27
Scanning 10.10.11.194 [4 ports]
Completed Ping Scan at 05:27, 0.09s elapsed (1 total hosts)
Initiating UDP Scan at 05:27
Scanning soccer.htb (10.10.11.194) [100 ports]
Increasing send delay for 10.10.11.194 from 0 to 50 due to max_successful_tryno increase to 5
Increasing send delay for 10.10.11.194 from 50 to 100 due to max_successful_tryno increase to 6
Warning: 10.10.11.194 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.194 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.194 from 200 to 400 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.10.11.194 from 400 to 800 due to 11 out of 15 dropped probes since last increase.
Completed UDP Scan at 05:29, 88.49s elapsed (100 total ports)
Nmap scan report for soccer.htb (10.10.11.194)
Host is up (0.045s latency).
Not shown: 87 closed udp ports (port-unreach)
PORT      STATE         SERVICE
19/udp    open|filtered chargen
68/udp    open|filtered dhcpc
120/udp   open|filtered cfdptkt
177/udp   open|filtered xdmcp
626/udp   open|filtered serialnumberd
1719/udp  open|filtered h323gatestat
1900/udp  open|filtered upnp
2049/udp  open|filtered nfs
2223/udp  open|filtered rockwell-csp2
49152/udp open|filtered unknown
49154/udp open|filtered unknown
49156/udp open|filtered unknown
65024/udp open|filtered unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 88.72 seconds
           Raw packets sent: 413 (24.617KB) | Rcvd: 95 (7.704KB)

[+] Completed!

Last updated 9 months ago

Was this helpful?

___ ( _ ) _ __ ___ __ _ _ __ / _ \| '_ ` _ \ / _` | '_ \ | (_) | | | | | | (_| | |_) | \___/|_| |_| |_|\__,_| .__/ |_| [+] Scanning 10.10.11.194 [65535 TCP ports] [+] Enumerating 10.10.11.194 [22,80,9091] Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-24 05:24 CDT Nmap scan report for soccer.htb (10.10.11.194) Host is up (0.059s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 ad:0d:84:a3:fd:cc:98:a4:78:fe:f9:49:15:da:e1:6d (RSA) | 256 df:d6:a3:9f:68:26:9d:fc:7c:6a:0c:29:e9:61:f0:0c (ECDSA) |_ 256 57:97:56:5d:ef:79:3c:2f:cb:db:35:ff:f1:7c:61:5c (ED25519) 80/tcp open http nginx 1.18.0 (Ubuntu) |_http-server-header: nginx/1.18.0 (Ubuntu) |_http-title: Soccer - Index 9091/tcp open xmltec-xmlmail? | fingerprint-strings: | DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, RPCCheck, SSLSessionReq, drda, informix: | HTTP/1.1 400 Bad Request | Connection: close | GetRequest: | HTTP/1.1 404 Not Found | Content-Security-Policy: default-src 'none' | X-Content-Type-Options: nosniff | Content-Type: text/html; charset=utf-8 | Content-Length: 139 | Date: Fri, 24 May 2024 10:24:32 GMT | Connection: close | <!DOCTYPE html> | <html lang="en"> | <head> | <meta charset="utf-8"> | <title>Error</title> | </head> | <body> | <pre>Cannot GET /</pre> | </body> | </html> | HTTPOptions, RTSPRequest: | HTTP/1.1 404 Not Found | Content-Security-Policy: default-src 'none' | X-Content-Type-Options: nosniff | Content-Type: text/html; charset=utf-8 | Content-Length: 143 | Date: Fri, 24 May 2024 10:24:33 GMT | Connection: close | <!DOCTYPE html> | <html lang="en"> | <head> | <meta charset="utf-8"> | <title>Error</title> | </head> | <body> | <pre>Cannot OPTIONS /</pre> | </body> |_ </html> 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port9091-TCP:V=7.94SVN%I=7%D=5/24%Time=66506ADB%P=x86_64-pc-linux-gnu%r SF:(informix,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20clos SF:e\r\n\r\n")%r(drda,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection SF::\x20close\r\n\r\n")%r(GetRequest,168,"HTTP/1\.1\x20404\x20Not\x20Found SF:\r\nContent-Security-Policy:\x20default-src\x20'none'\r\nX-Content-Type SF:-Options:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\ SF:nContent-Length:\x20139\r\nDate:\x20Fri,\x2024\x20May\x202024\x2010:24: SF:32\x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20l SF:ang=\"en\">\n<head>\n<meta\x20charset=\"utf-8\">\n<title>Error</title>\ SF:n</head>\n<body>\n<pre>Cannot\x20GET\x20/</pre>\n</body>\n</html>\n")%r SF:(HTTPOptions,16C,"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security- SF:Policy:\x20default-src\x20'none'\r\nX-Content-Type-Options:\x20nosniff\ SF:r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x201 SF:43\r\nDate:\x20Fri,\x2024\x20May\x202024\x2010:24:33\x20GMT\r\nConnecti SF:on:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n SF:<meta\x20charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pr SF:e>Cannot\x20OPTIONS\x20/</pre>\n</body>\n</html>\n")%r(RTSPRequest,16C, SF:"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20defaul SF:t-src\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\ SF:x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Fr SF:i,\x2024\x20May\x202024\x2010:24:33\x20GMT\r\nConnection:\x20close\r\n\ SF:r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<meta\x20charset= SF:\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot\x20OPTIO SF:NS\x20/</pre>\n</body>\n</html>\n")%r(RPCCheck,2F,"HTTP/1\.1\x20400\x20 SF:Bad\x20Request\r\nConnection:\x20close\r\n\r\n")%r(DNSVersionBindReqTCP SF:,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n SF:")%r(DNSStatusRequestTCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConn SF:ection:\x20close\r\n\r\n")%r(Help,2F,"HTTP/1\.1\x20400\x20Bad\x20Reques SF:t\r\nConnection:\x20close\r\n\r\n")%r(SSLSessionReq,2F,"HTTP/1\.1\x2040 SF:0\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n"); Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 16.10 seconds [+] Enumerating 10.10.11.194 for vulnerabilities [22,80,9091] Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-24 05:24 CDT Pre-scan script results: | broadcast-avahi-dos: | Discovered hosts: | 224.0.0.251 | After NULL UDP avahi packet DoS (CVE-2011-1002). |_ Hosts are all up (not vulnerable). Nmap scan report for soccer.htb (10.10.11.194) Host is up (0.064s latency). PORT STATE SERVICE 22/tcp open ssh 80/tcp open http | http-vuln-cve2011-3192: | VULNERABLE: | Apache byterange filter DoS | State: VULNERABLE | IDs: CVE:CVE-2011-3192 BID:49303 | The Apache web server is vulnerable to a denial of service attack when numerous | overlapping byte ranges are requested. | Disclosure date: 2011-08-19 | References: | https://www.tenable.com/plugins/nessus/55976 | https://www.securityfocus.com/bid/49303 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 |_ https://seclists.org/fulldisclosure/2011/Aug/175 |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. 9091/tcp open xmltec-xmlmail Nmap done: 1 IP address (1 host up) scanned in 172.45 seconds [+] Scanning 10.10.11.194 [1000 UDP ports] [sudo] password for adot: Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-24 05:27 CDT Initiating Ping Scan at 05:27 Scanning 10.10.11.194 [4 ports] Completed Ping Scan at 05:27, 0.09s elapsed (1 total hosts) Initiating UDP Scan at 05:27 Scanning soccer.htb (10.10.11.194) [100 ports] Increasing send delay for 10.10.11.194 from 0 to 50 due to max_successful_tryno increase to 5 Increasing send delay for 10.10.11.194 from 50 to 100 due to max_successful_tryno increase to 6 Warning: 10.10.11.194 giving up on port because retransmission cap hit (6). Increasing send delay for 10.10.11.194 from 100 to 200 due to 11 out of 11 dropped probes since last increase. Increasing send delay for 10.10.11.194 from 200 to 400 due to 11 out of 11 dropped probes since last increase. Increasing send delay for 10.10.11.194 from 400 to 800 due to 11 out of 15 dropped probes since last increase. Completed UDP Scan at 05:29, 88.49s elapsed (100 total ports) Nmap scan report for soccer.htb (10.10.11.194) Host is up (0.045s latency). Not shown: 87 closed udp ports (port-unreach) PORT STATE SERVICE 19/udp open|filtered chargen 68/udp open|filtered dhcpc 120/udp open|filtered cfdptkt 177/udp open|filtered xdmcp 626/udp open|filtered serialnumberd 1719/udp open|filtered h323gatestat 1900/udp open|filtered upnp 2049/udp open|filtered nfs 2223/udp open|filtered rockwell-csp2 49152/udp open|filtered unknown 49154/udp open|filtered unknown 49156/udp open|filtered unknown 65024/udp open|filtered unknown Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 88.72 seconds Raw packets sent: 413 (24.617KB) | Rcvd: 95 (7.704KB) [+] Completed!