Skip to content

Codify

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Sat Mar  2 01:20:47 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/codify/nmap.txt 10.10.11.239
Increasing send delay for 10.10.11.239 from 0 to 5 due to 210 out of 524 dropped probes since last increase.
Increasing send delay for 10.10.11.239 from 5 to 10 due to 11 out of 20 dropped probes since last increase.
Nmap scan report for codify.htb (10.10.11.239)
Host is up, received conn-refused (0.087s latency).
Scanned at 2024-03-02 01:20:47 EST for 33s
Not shown: 997 closed tcp ports (conn-refused)
PORT     STATE SERVICE REASON  VERSION
22/tcp   open  ssh     syn-ack OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 96:07:1c:c6:77:3e:07:a0:cc:6f:24:19:74:4d:57:0b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN+/g3FqMmVlkT3XCSMH/JtvGJDW3+PBxqJ+pURQey6GMjs7abbrEOCcVugczanWj1WNU5jsaYzlkCEZHlsHLvk=
|   256 0b:a4:c0:cf:e2:3b:95:ae:f6:f5:df:7d:0c:88:d6:ce (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIm6HJTYy2teiiP6uZoSCHhsWHN+z3SVL/21fy6cZWZi
80/tcp   open  http    syn-ack Apache httpd 2.4.52
|_http-title: Codify
|_http-server-header: Apache/2.4.52 (Ubuntu)
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
3000/tcp open  http    syn-ack Node.js Express framework
|_http-title: Codify
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Mar  2 01:21:20 2024 -- 1 IP address (1 host up) scanned in 32.81 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] codify.htb
[options-method] [http] [info] http://codify.htb ["GET,HEAD"]
[apache-detect] [http] [info] http://codify.htb ["Apache/2.4.52 (Ubuntu)"]
[tech-detect:bootstrap] [http] [info] http://codify.htb
[tech-detect:express] [http] [info] http://codify.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://codify.htb
[http-missing-security-headers:content-security-policy] [http] [info] http://codify.htb
[http-missing-security-headers:referrer-policy] [http] [info] http://codify.htb
[http-missing-security-headers:clear-site-data] [http] [info] http://codify.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://codify.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://codify.htb
[http-missing-security-headers:strict-transport-security] [http] [info] http://codify.htb
[http-missing-security-headers:permissions-policy] [http] [info] http://codify.htb
[http-missing-security-headers:x-frame-options] [http] [info] http://codify.htb
[http-missing-security-headers:x-content-type-options] [http] [info] http://codify.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://codify.htb
[waf-detect:apachegeneric] [http] [info] http://codify.htb/
[waf-detect:securesphere] [http] [info] http://codify.htb/
[ssh-auth-methods] [javascript] [info] codify.htb:22 ["[\"publickey\",\"password\"]"]
[ssh-password-auth] [javascript] [info] codify.htb:22
[ssh-server-enumeration] [javascript] [info] codify.htb:22 ["SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4"]
[ssh-sha1-hmac-algo] [javascript] [info] codify.htb:22

Automation Summary

NMap Scan: - The scan reveals three open ports on the target machine: 22 (SSH), 80 (HTTP), and 3000 (HTTP). - SSH is running OpenSSH 8.9p1 on Ubuntu. - Both port 80 and port 3000 are serving HTTP, with the Apache HTTP server running on port 80 and a Node.js Express framework on port 3000. - Some basic information about the services and server software versions is obtained.

Nuclei Scan: - Several potential security headers are missing from the HTTP responses, which might indicate vulnerabilities or misconfigurations. - Detection of various web technologies such as Apache, Bootstrap, and Express. - Identification of SSH-related information like available authentication methods and server enumeration.

Insights: - The absence of certain security headers on the web server might indicate potential security weaknesses, such as vulnerability to cross-site scripting (XSS) or clickjacking attacks. - Running services like SSH could potentially pose security risks, especially if weak authentication methods are enabled. - The presence of Apache and Node.js suggests a diverse technology stack, which could provide multiple attack vectors for exploitation. - Further enumeration and exploitation based on the identified vulnerabilities and service versions could lead to gaining unauthorized access to the target system.

AI Generated

User Own

Root Own

Summary

AI Generated

References