BroScience: Difference between revisions

From RCATs
No edit summary
No edit summary
Line 67: Line 67:
manual                  [Status: 301, Size: 319, Words: 20, Lines: 10, Duration: 80ms]
manual                  [Status: 301, Size: 319, Words: 20, Lines: 10, Duration: 80ms]
server-status          [Status: 403, Size: 280, Words: 20, Lines: 10, Duration: 101ms]
server-status          [Status: 403, Size: 280, Words: 20, Lines: 10, Duration: 101ms]
</syntaxhighlight>
===Username Enumeration===
<syntaxhighlight lang="powershell">
# https://broscience.htb/user.php
# URL states missing ID Value
# https://broscience.htb/user.php?id=1
administrator
administrator@broscience.htb
# https://broscience.htb/user.php?id=2
bill
bill@broscience.htb
# https://broscience.htb/user.php?id=3
michael
michael@broscience.htb
# https://broscience.htb/user.php?id=4
john
john@broscience.htb
# https://broscience.htb/user.php?id=5
dmytro
dmytro@broscience.htb
</syntaxhighlight>
</syntaxhighlight>

Revision as of 15:00, 5 February 2023

Box Information

Network: Hack The Box

Operating System: Linux

Release Date: 7 January 2023

Creator: bmdyy

Difficulty: Medium

Points: 30

Enumeration

Nmap

# Nmap 7.93 scan initiated Thu Jan 26 19:36:36 2023 as: nmap -sCV -oA nmap/broscience 10.129.5.153
Nmap scan report for 10.129.5.153
Host is up (0.077s latency).
Not shown: 997 closed tcp ports (conn-refused)
PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey: 
|   3072 df17c6bab18222d91db5ebff5d3d2cb7 (RSA)
|   256 3f8a56f8958faeafe3ae7eb880f679d2 (ECDSA)
|_  256 3c6575274ae2ef9391374cfdd9d46341 (ED25519)
80/tcp  open  http     Apache httpd 2.4.54
|_http-title: Did not follow redirect to https://broscience.htb/
|_http-server-header: Apache/2.4.54 (Debian)
443/tcp open  ssl/http Apache httpd 2.4.54 ((Debian))
|_ssl-date: TLS randomness does not represent time
|_http-title: BroScience : Home
|_http-server-header: Apache/2.4.54 (Debian)
| tls-alpn: 
|_  http/1.1
| ssl-cert: Subject: commonName=broscience.htb/organizationName=BroScience/countryName=AT
| Not valid before: 2022-07-14T19:48:36
|_Not valid after:  2023-07-14T19:48:36
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
Service Info: Host: broscience.htb; OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Jan 26 19:37:09 2023 -- 1 IP address (1 host up) scanned in 32.28 seconds

Directory Scan

________________________________________________                                                                                                                                                                                        [15/68]
                                                                                                                                                                                                                                               
 :: Method           : GET                                                                                                                                                                                                                     
 :: URL              : https://broscience.htb/FUZZ                                                                                                                                                                                             
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/Web-Content/raft-medium-directories-lowercase.txt                                                                                                                                   
 :: Follow redirects : false                                                                                                                                                                                                                   
 :: Calibration      : false                                                                                                                                                                                                                   
 :: Timeout          : 10                                                                                                                                                                                                                      
 :: Threads          : 40                                                                                                                                                                                                                      
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405,500                                                                                                                                                                    
________________________________________________                                                                                                                                              
images                  [Status: 301, Size: 319, Words: 20, Lines: 10, Duration: 131ms]                                                                                                                                                                                                                                      
includes                [Status: 301, Size: 321, Words: 20, Lines: 10, Duration: 104ms]                                                                                                                                                        
styles                  [Status: 301, Size: 319, Words: 20, Lines: 10, Duration: 115ms]
javascript              [Status: 301, Size: 323, Words: 20, Lines: 10, Duration: 73ms]
manual                  [Status: 301, Size: 319, Words: 20, Lines: 10, Duration: 80ms]
server-status           [Status: 403, Size: 280, Words: 20, Lines: 10, Duration: 101ms]

Username Enumeration

# https://broscience.htb/user.php
# URL states missing ID Value


# https://broscience.htb/user.php?id=1
administrator
administrator@broscience.htb

# https://broscience.htb/user.php?id=2
bill
bill@broscience.htb

# https://broscience.htb/user.php?id=3
michael
michael@broscience.htb

# https://broscience.htb/user.php?id=4
john
john@broscience.htb

# https://broscience.htb/user.php?id=5
dmytro
dmytro@broscience.htb