Skip to content

CozyHosting

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Fri Mar  1 16:28:55 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/cozyhosting/nmap.txt 10.10.11.230
Nmap scan report for cozyhosting.htb (10.10.11.230)
Host is up, received conn-refused (0.089s latency).
Scanned at 2024-03-01 16:28:56 EST for 134s
Not shown: 996 closed tcp ports (conn-refused)
PORT     STATE SERVICE    REASON  VERSION
22/tcp   open  ssh        syn-ack OpenSSH 8.9p1 Ubuntu 3ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 43:56:bc:a7:f2:ec:46:dd:c1:0f:83:30:4c:2c:aa:a8 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEpNwlByWMKMm7ZgDWRW+WZ9uHc/0Ehct692T5VBBGaWhA71L+yFgM/SqhtUoy0bO8otHbpy3bPBFtmjqQPsbC8=
|   256 6f:7a:6c:3f:a6:8d:e2:75:95:d4:7b:71:ac:4f:7e:42 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVzF8iMVIHgp9xMX9qxvbaoXVg1xkGLo61jXuUAYq5q
80/tcp   open  http       syn-ack nginx 1.18.0 (Ubuntu)
| http-methods: 
|_  Supported Methods: GET HEAD OPTIONS
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-favicon: Unknown favicon MD5: 72A61F8058A9468D57C3017158769B1F
|_http-title: Cozy Hosting - Home
4444/tcp open  krb524?    syn-ack
4445/tcp open  upnotifyp? syn-ack
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar  1 16:31:10 2024 -- 1 IP address (1 host up) scanned in 134.61 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] cozyhosting.htb
[options-method] [http] [info] http://cozyhosting.htb ["GET,HEAD,OPTIONS"]
[nginx-version] [http] [info] http://cozyhosting.htb ["nginx/1.18.0"]
[tech-detect:bootstrap] [http] [info] http://cozyhosting.htb
[tech-detect:google-font-api] [http] [info] http://cozyhosting.htb
[tech-detect:nginx] [http] [info] http://cozyhosting.htb
[http-missing-security-headers:permissions-policy] [http] [info] http://cozyhosting.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://cozyhosting.htb
[http-missing-security-headers:referrer-policy] [http] [info] http://cozyhosting.htb
[http-missing-security-headers:clear-site-data] [http] [info] http://cozyhosting.htb
[http-missing-security-headers:strict-transport-security] [http] [info] http://cozyhosting.htb
[http-missing-security-headers:content-security-policy] [http] [info] http://cozyhosting.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://cozyhosting.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://cozyhosting.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://cozyhosting.htb
[springboot-env] [http] [low] http://cozyhosting.htb/actuator/env
[springboot-beans] [http] [low] http://cozyhosting.htb/actuator/beans
[springboot-mappings] [http] [low] http://cozyhosting.htb/actuator/mappings
[spring-detect] [http] [info] http://cozyhosting.htb/error
[springboot-actuator:available-endpoints] [http] [info] http://cozyhosting.htb/actuator ["beans","env","env-toMatch","health","health-path","mappings","self","sessions"]
[waf-detect:nginxgeneric] [http] [info] http://cozyhosting.htb/
[ssh-auth-methods] [javascript] [info] cozyhosting.htb:22 ["[\"publickey\",\"password\"]"]
[ssh-sha1-hmac-algo] [javascript] [info] cozyhosting.htb:22
[ssh-server-enumeration] [javascript] [info] cozyhosting.htb:22 ["SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3"]
[ssh-password-auth] [javascript] [info] cozyhosting.htb:22

Automation Summary

Summary of Scan Results:

  1. NMap Scan:
  2. Detected open ports: 22 (SSH), 80 (HTTP), 4444, 4445 (Unknown services).
  3. SSH service version: OpenSSH 8.9p1 Ubuntu 3ubuntu0.3.
  4. HTTP service: nginx 1.18.0 (Ubuntu).

  5. Notable findings: Lack of detailed service information on ports 4444 and 4445.

  6. Gobuster (DNS) Scan:

  7. No results were found.

  8. DirBuster Scan:

  9. No results were found.

  10. Nuclei Scan:

  11. Revealed various HTTP-related information:
    • Identified web technologies such as nginx and Spring Boot.
    • Detected missing security headers which may lead to potential vulnerabilities.
    • Discovered endpoints for Spring Boot Actuator.
    • Detected SSH authentication methods and version information.
    • Detected possible presence of a WAF (Web Application Firewall).
    • Identified possible SSH weak configurations such as SHA1 HMAC algorithm usage.

Insights: The NMap scan reveals open ports and services running on the target machine, with HTTP and SSH services being the most prominent. However, the lack of results from Gobuster and DirBuster scans suggests potential limitations in directory enumeration. The Nuclei scan provides valuable insights into web server configurations, potential security vulnerabilities, and SSH configuration details. These findings could guide further enumeration and exploitation efforts during penetration testing or CTF challenges.

AI Generated

User Own

Root Own

Summary

AI Generated

References