Skip to content

HackTheBox Automated Writeups & Guides

DevVortex

DevVortex

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Fri Mar  1 15:26:31 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/devvortex/nmap.txt 10.10.11.242
Nmap scan report for 10.10.11.242 [host down, received no-response]
Read data files from: /usr/bin/../share/nmap
# Nmap done at Fri Mar  1 15:26:34 2024 -- 1 IP address (0 hosts up) scanned in 2.40 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] devvortex.htb
[nginx-version] [http] [info] http://devvortex.htb ["nginx/1.18.0"]
[tech-detect:bootstrap] [http] [info] http://devvortex.htb
[tech-detect:google-font-api] [http] [info] http://devvortex.htb
[tech-detect:nginx] [http] [info] http://devvortex.htb
[tech-detect:owl-carousel] [http] [info] http://devvortex.htb
[old-copyright] [http] [info] http://devvortex.htb ["&copy; 2020"]
[http-missing-security-headers:x-frame-options] [http] [info] http://devvortex.htb
[http-missing-security-headers:referrer-policy] [http] [info] http://devvortex.htb
[http-missing-security-headers:strict-transport-security] [http] [info] http://devvortex.htb
[http-missing-security-headers:content-security-policy] [http] [info] http://devvortex.htb
[http-missing-security-headers:permissions-policy] [http] [info] http://devvortex.htb
[http-missing-security-headers:x-content-type-options] [http] [info] http://devvortex.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://devvortex.htb
[http-missing-security-headers:clear-site-data] [http] [info] http://devvortex.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://devvortex.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://devvortex.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://devvortex.htb
[missing-sri] [http] [info] http://devvortex.htb/ ["https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js"]
[waf-detect:nginxgeneric] [http] [info] http://devvortex.htb/
[ssh-auth-methods] [javascript] [info] devvortex.htb:22 ["[\"publickey\",\"password\"]"]
[ssh-password-auth] [javascript] [info] devvortex.htb:22

Automation Summary

The NMap scan did not yield any results as the target host was down.

No findings were reported from the Gobuster (DNS) and DirBuster scans.

The Nuclei scan revealed several insights:

The target appears to be a web server running nginx version 1.18.0.
Various technologies such as Bootstrap, Google Font API, and Owl Carousel are detected.
The copyright year on the website is reported as 2020.
Numerous missing security headers are identified, indicating potential security weaknesses.
There is a missing Subresource Integrity (SRI) check on a JavaScript file.
The web application firewall (WAF) used is identified as nginxgeneric.
SSH authentication methods and password authentication are disclosed for the SSH service running on port 22.

AI Generated

User Own

Root Own

Summary

AI Generated

References