Skip to content

HackTheBox Automated Writeups & Guides

Crafty

Crafty

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Fri Mar  1 13:55:29 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/crafty/nmap.txt 10.10.11.249
Nmap scan report for crafty.htb (10.10.11.249)
Host is up, received syn-ack (0.091s latency).
Scanned at 2024-03-01 13:55:29 EST for 28s
Not shown: 999 filtered tcp ports (no-response)
PORT   STATE SERVICE REASON  VERSION
80/tcp open  http    syn-ack Microsoft IIS httpd 10.0
|_http-title: Crafty - Official Website
| http-methods: 
|   Supported Methods: OPTIONS TRACE GET HEAD POST
|_  Potentially risky methods: TRACE
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar  1 13:55:57 2024 -- 1 IP address (1 host up) scanned in 27.93 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] crafty.htb
[options-method] [http] [info] http://crafty.htb ["OPTIONS, TRACE, GET, HEAD, POST"]
[microsoft-iis-version] [http] [info] http://crafty.htb ["Microsoft-IIS/10.0"]
[tech-detect:google-font-api] [http] [info] http://crafty.htb
[tech-detect:ms-iis] [http] [info] http://crafty.htb
[http-missing-security-headers:content-security-policy] [http] [info] http://crafty.htb
[http-missing-security-headers:permissions-policy] [http] [info] http://crafty.htb
[http-missing-security-headers:x-frame-options] [http] [info] http://crafty.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://crafty.htb
[http-missing-security-headers:clear-site-data] [http] [info] http://crafty.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://crafty.htb
[http-missing-security-headers:strict-transport-security] [http] [info] http://crafty.htb
[http-missing-security-headers:x-content-type-options] [http] [info] http://crafty.htb
[http-missing-security-headers:referrer-policy] [http] [info] http://crafty.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://crafty.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://crafty.htb
[iis-shortname] [http] [info] http://crafty.htb/*~1*/a.aspx'
[missing-sri] [http] [info] http://crafty.htb/ ["https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"]
[waf-detect:modsecurity] [http] [info] http://crafty.htb/

Automation Summary

The Nmap scan reveals a single open port (port 80) running Microsoft IIS httpd 10.0. The HTTP service appears to be hosting Crafty's official website.

The Gobuster and DirBuster scans did not yield any results, indicating no additional directories or files were discovered.

The Nuclei scan provides various insights into the HTTP service hosted on Crafty, including missing security headers, detected technologies (such as Google Font API and Microsoft IIS), and potential vulnerabilities (such as the presence of ModSecurity WAF). This information can be valuable for further enumeration and potential exploitation.

AI Generated

User Own

Root Own

Summary

AI Generated

References