Bizness

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Fri Mar  1 14:49:07 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/bizness/nmap.txt 10.10.11.252
Nmap scan report for bizness.htb (10.10.11.252)
Host is up, received syn-ack (0.088s latency).
Scanned at 2024-03-01 14:49:07 EST for 29s
Not shown: 997 closed tcp ports (conn-refused)
PORT    STATE SERVICE  REASON  VERSION
22/tcp  open  ssh      syn-ack OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey: 
|   3072 3e:21:d5:dc:2e:61:eb:8f:a6:3b:24:2a:b7:1c:05:d3 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0B2izYdzgANpvBJW4Ym5zGRggYqa8smNlnRrVK6IuBtHzdlKgcFf+Gw0kSgJEouRe8eyVV9iAyD9HXM2L0N/17+rIZkSmdZPQi8chG/PyZ+H1FqcFB2LyxrynHCBLPTWyuN/tXkaVoDH/aZd1gn9QrbUjSVo9mfEEnUduO5Abf1mnBnkt3gLfBWKq1P1uBRZoAR3EYDiYCHbuYz30rhWR8SgE7CaNlwwZxDxYzJGFsKpKbR+t7ScsviVnbfEwPDWZVEmVEd0XYp1wb5usqWz2k7AMuzDpCyI8klc84aWVqllmLml443PDMIh1Ud2vUnze3FfYcBOo7DiJg7JkEWpcLa6iTModTaeA1tLSUJi3OYJoglW0xbx71di3141pDyROjnIpk/K45zR6CbdRSSqImPPXyo3UrkwFTPrSQbSZfeKzAKVDZxrVKq+rYtd+DWESp4nUdat0TXCgefpSkGfdGLxPZzFg0cQ/IF1cIyfzo1gicwVcLm4iRD9umBFaM2E=
|   256 39:11:42:3f:0c:25:00:08:d7:2f:1b:51:e0:43:9d:85 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFMB/Pupk38CIbFpK4/RYPqDnnx8F2SGfhzlD32riRsRQwdf19KpqW9Cfpp2xDYZDhA3OeLV36bV5cdnl07bSsw=
|   256 b0:6f:a0:0a:9e:df:b1:7a:49:78:86:b2:35:40:ec:95 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOjcxHOO/Vs6yPUw6ibE6gvOuakAnmR7gTk/yE2yJA/3
80/tcp  open  http     syn-ack nginx 1.18.0
|_http-server-header: nginx/1.18.0
|_http-title: Did not follow redirect to https://bizness.htb/
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
443/tcp open  ssl/http syn-ack nginx 1.18.0
|_http-server-header: nginx/1.18.0
| tls-nextprotoneg: 
|_  http/1.1
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=UK
| Issuer: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=UK
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-12-14T20:03:40
| Not valid after:  2328-11-10T20:03:40
| MD5:   b182:2fdb:92b0:2036:6b98:8850:b66e:da27
| SHA-1: 8138:8595:4343:f40f:937b:cc82:23af:9052:3f5d:eb50
| -----BEGIN CERTIFICATE-----
| MIIDbTCCAlWgAwIBAgIUcNuUwJFmLYEqrKfOdzHtcHum2IwwDQYJKoZIhvcNAQEL
| BQAwRTELMAkGA1UEBhMCVUsxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
| GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yMzEyMTQyMDAzNDBaGA8yMzI4
| MTExMDIwMDM0MFowRTELMAkGA1UEBhMCVUsxEzARBgNVBAgMClNvbWUtU3RhdGUx
| ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
| AQEBBQADggEPADCCAQoCggEBAK4O2guKkSjwv8sruMD3DiDi1FoappVwDJ86afPZ
| XUCwlhtZD/9gPeXuRIy66QKNSzv8H7cGfzEL8peDF9YhmwvYc+IESuemPscZSlbr
| tSdWXVjn4kMRlah/2PnnWZ/Rc7I237V36lbsavjkY6SgBK8EPU3mAdHNdIBqB+XH
| ME/G3uP/Ut0tuhU1AAd7jiDktv8+c82EQx21/RPhuuZv7HA3pYdtkUja64bSu/kG
| 7FOWPxKTvYxxcWdO02GRXs+VLce+q8tQ7hRqAQI5vwWU6Ht3K82oftVPMZfT4BAp
| 4P4vhXvvcyhrjgjzGPH4QdDmyFkL3B4ljJfZrbXo4jXqp4kCAwEAAaNTMFEwHQYD
| VR0OBBYEFKXr9HwWqLMEFnr6keuCa8Fm7JOpMB8GA1UdIwQYMBaAFKXr9HwWqLME
| Fnr6keuCa8Fm7JOpMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
| AFruPmKZwggy7XRwDF6EJTnNe9wAC7SZrTPC1gAaNZ+3BI5RzUaOkElU0f+YBIci
| lSvcZde+dw+5aidyo5L9j3d8HAFqa/DP+xAF8Jya0LB2rIg/dSoFt0szla1jQ+Ff
| 6zMNMNseYhCFjHdxfroGhUwYWXEpc7kT7hL9zYy5Gbmd37oLYZAFQv+HNfjHnE+2
| /gTR+RwkAf81U3b7Czl39VJhMu3eRkI3Kq8LiZYoFXr99A4oefKg1xiN3vKEtou/
| c1zAVUdnau5FQSAbwjDg0XqRrs1otS0YQhyMw/3D8X+f/vPDN9rFG8l9Q5wZLmCa
| zj1Tly1wsPCYAq9u570e22U=
|_-----END CERTIFICATE-----
|_http-trane-info: Problem with XML parsing of /evox/about
|_http-title: BizNess Incorporated
| http-methods: 
|_  Supported Methods: OPTIONS GET HEAD POST
| tls-alpn: 
|_  http/1.1
|_http-favicon: Unknown favicon MD5: 7CF35F0B3566DB84C7260F0CC357D0B8
|_ssl-date: TLS randomness does not represent time
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar  1 14:49:36 2024 -- 1 IP address (1 host up) scanned in 29.36 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] bizness.htb
[options-method] [http] [info] https://bizness.htb ["OPTIONS, GET, HEAD, POST"]
[nginx-version] [http] [info] https://bizness.htb ["nginx/1.18.0"]
[tech-detect:lightbox] [http] [info] https://bizness.htb
[tech-detect:owl-carousel] [http] [info] https://bizness.htb
[tech-detect:font-awesome] [http] [info] https://bizness.htb
[tech-detect:animate.css] [http] [info] https://bizness.htb
[tech-detect:bootstrap] [http] [info] https://bizness.htb
[tech-detect:google-font-api] [http] [info] https://bizness.htb
[tech-detect:ionicons] [http] [info] https://bizness.htb
[tech-detect:nginx] [http] [info] https://bizness.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] https://bizness.htb
[http-missing-security-headers:referrer-policy] [http] [info] https://bizness.htb
[http-missing-security-headers:clear-site-data] [http] [info] https://bizness.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] https://bizness.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] https://bizness.htb
[http-missing-security-headers:content-security-policy] [http] [info] https://bizness.htb
[http-missing-security-headers:x-frame-options] [http] [info] https://bizness.htb
[http-missing-security-headers:x-content-type-options] [http] [info] https://bizness.htb
[http-missing-security-headers:strict-transport-security] [http] [info] https://bizness.htb
[http-missing-security-headers:permissions-policy] [http] [info] https://bizness.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] https://bizness.htb
[tomcat-stacktraces] [http] [info] https://bizness.htb/?f=\[
[waf-detect:apachegeneric] [http] [info] https://bizness.htb/
[waf-detect:nginxgeneric] [http] [info] https://bizness.htb/
[ssh-auth-methods] [javascript] [info] bizness.htb:22 ["[\"publickey\",\"password\"]"]
[ssh-password-auth] [javascript] [info] bizness.htb:22
[ssh-server-enumeration] [javascript] [info] bizness.htb:22 ["SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3"]
[ssh-sha1-hmac-algo] [javascript] [info] bizness.htb:22
[openssh-detect] [tcp] [info] bizness.htb:22 ["SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3"]
[ssl-issuer] [ssl] [info] bizness.htb:443 ["Internet Widgits Pty Ltd"]
[mismatched-ssl-certificate] [ssl] [low] bizness.htb:443
[self-signed-ssl] [ssl] [low] bizness.htb:443
[tls-version] [ssl] [info] bizness.htb:443 ["tls10"]
[weak-cipher-suites:tls-1.0] [ssl] [low] bizness.htb:443 ["[tls10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]"]
[tls-version] [ssl] [info] bizness.htb:443 ["tls11"]
[deprecated-tls] [ssl] [info] bizness.htb:443 ["tls10"]
[tls-version] [ssl] [info] bizness.htb:443 ["tls12"]
[deprecated-tls] [ssl] [info] bizness.htb:443 ["tls11"]
[tls-version] [ssl] [info] bizness.htb:443 ["tls13"]
[weak-cipher-suites:tls-1.1] [ssl] [low] bizness.htb:443 ["[tls11 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]"]

Automation Summary

NMap Scan Summary:

• The scan identified three open ports: 22 (SSH), 80 (HTTP), and 443 (HTTPS).
• OpenSSH 8.4p1 is running on port 22.
• Nginx 1.18.0 is serving HTTP on ports 80 and 443.
• The SSL certificate for HTTPS is self-signed and mismatched, indicating potential security concerns.

Nuclei Scan Summary:

• Identified various technologies/frameworks used on the website, such as Lightbox, Owl Carousel, Font Awesome, etc.
• Detected missing security headers for improved web security.
• Identified Apache and Nginx WAF signatures.
• Revealed SSH details including supported authentication methods, server enumeration, and SSH version.
• Highlighted SSL/TLS information including supported versions, deprecated TLS versions, weak cipher suites, and mismatched SSL certificate.

Insights:

• The website appears to be running on Nginx and potentially Apache, with various technologies incorporated.
• Missing security headers on the website indicate potential vulnerabilities that could be exploited.
• SSH service details reveal supported authentication methods and server information, which could aid in further enumeration.
• SSL/TLS weaknesses and mismatched certificate suggest potential security risks that need addressing.

Overall, further investigation and vulnerability assessment are recommended to secure the system effectively.

AI Generated

---

User Own

---

Root Own

---

Summary

AI Generated

References