Skip to content

Corporate

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Fri Mar  1 14:59:46 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/corporate/nmap.txt 10.10.11.246
Nmap scan report for corporate.htb (10.10.11.246)
Host is up, received syn-ack (0.12s latency).
Scanned at 2024-03-01 14:59:49 EST for 56s
Not shown: 999 filtered tcp ports (no-response)
PORT   STATE SERVICE REASON  VERSION
80/tcp open  http    syn-ack OpenResty web app server 1.21.4.3
|_http-server-header: openresty/1.21.4.3
|_http-title: Corporate.HTB
| http-methods: 
|_  Supported Methods: GET HEAD

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar  1 15:00:45 2024 -- 1 IP address (1 host up) scanned in 58.19 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] corporate.htb
[CVE-2021-31250] [http] [medium] http://corporate.htb/if.cgi?redirect=setting.htm&failure=fail.htm&type=ap_tcps_apply&TF_ip=443&TF_submask=0&TF_submask=%22%3E%3Cscript%3Ealert%282d6KonkJnaTOhYM3rAG0NsB3ywt%29%3C%2Fscript%3E&radio_ping_block=0&max_tcp=3&B_apply=APPLY
[tech-detect:google-font-api] [http] [info] http://corporate.htb
[tech-detect:font-awesome] [http] [info] http://corporate.htb
[tech-detect:animate.css] [http] [info] http://corporate.htb
[tech-detect:bootstrap] [http] [info] http://corporate.htb
[old-copyright] [http] [info] http://corporate.htb ["\u00a9 2036"]
[http-missing-security-headers:strict-transport-security] [http] [info] http://corporate.htb
[http-missing-security-headers:permissions-policy] [http] [info] http://corporate.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://corporate.htb
[http-missing-security-headers:referrer-policy] [http] [info] http://corporate.htb
[http-missing-security-headers:clear-site-data] [http] [info] http://corporate.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://corporate.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://corporate.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://corporate.htb

Automation Summary

  • NMap Scan:
  • One open port (80/tcp) running OpenResty web app server version 1.21.4.3.

  • The website is titled "Corporate.HTB" and supports HTTP methods GET and HEAD.

  • Gobuster (DNS) Scan: No results were found.

  • DirBuster Scan: No results were found.

  • Nuclei Scan:

  • Identified potential vulnerabilities and information:
    • A DNS-related fingerprint.
    • A medium severity CVE-2021-31250 in the URL parameter of a CGI script.
    • Detection of various web technologies including Google Font API, Font Awesome, Animate.css, and Bootstrap.
    • An old copyright year "2036".
    • Missing security headers such as Strict-Transport-Security, Permissions-Policy, X-Permitted-Cross-Domain-Policies, Referrer-Policy, Clear-Site-Data, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Resource-Policy, indicating potential security weaknesses.

AI Generated

User Own

Root Own

Summary

AI Generated

References