Skip to content

Napper

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Fri Mar  1 15:48:17 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/napper/nmap.txt 10.10.11.240
Nmap scan report for napper.htb (10.10.11.240)
Host is up, received syn-ack (0.089s latency).
Scanned at 2024-03-01 15:48:18 EST for 43s
Not shown: 998 filtered tcp ports (no-response)
PORT    STATE SERVICE  REASON  VERSION
80/tcp  open  http     syn-ack Microsoft IIS httpd 10.0
|_http-title: Did not follow redirect to https://app.napper.htb
|_http-server-header: Microsoft-IIS/10.0
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
443/tcp open  ssl/http syn-ack Microsoft IIS httpd 10.0
|_http-title: Research Blog | Home 
| http-methods: 
|_  Supported Methods: HEAD OPTIONS
|_ssl-date: 2024-03-01T20:48:57+00:00; -1s from scanner time.
|_http-generator: Hugo 0.112.3
| ssl-cert: Subject: commonName=app.napper.htb/organizationName=MLopsHub/stateOrProvinceName=California/countryName=US/organizationalUnitName=MlopsHub Dev/localityName=San Fransisco
| Subject Alternative Name: DNS:app.napper.htb
| Issuer: commonName=ca.napper.htb/countryName=US/localityName=San Fransisco
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-06-07T14:58:55
| Not valid after:  2033-06-04T14:58:55
| MD5:   ee1a:dff8:9a6f:5ddd:1add:9d22:0408:58dc
| SHA-1: f134:fe38:31f5:0c74:9a26:d441:63a8:232d:a67a:782b
| -----BEGIN CERTIFICATE-----
| MIIDzTCCArWgAwIBAgIJALM7fwOVfMaCMA0GCSqGSIb3DQEBCwUAMD0xFjAUBgNV
| BAMMDWNhLm5hcHBlci5odGIxCzAJBgNVBAYTAlVTMRYwFAYDVQQHDA1TYW4gRnJh
| bnNpc2NvMB4XDTIzMDYwNzE0NTg1NVoXDTMzMDYwNDE0NTg1NVowfTELMAkGA1UE
| BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuc2lz
| Y28xETAPBgNVBAoMCE1Mb3BzSHViMRUwEwYDVQQLDAxNbG9wc0h1YiBEZXYxFzAV
| BgNVBAMMDmFwcC5uYXBwZXIuaHRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
| CgKCAQEAqkM19E9lbE476qF6RBriuwNHdCgjwLybb9pXWIgtPen6hNCBvzp0XLlY
| ZWJ3NNszYH7Z6pgDJHCDIrSZXtkAEHh7AdoN7ZFLWScHwz/qWesBjH2DYHfBABkm
| qorv3dS6MqpZXJK81e1bQdS9IlRiPmJTYHX17+vfd7FBP2XaARtpgDIkDEPyPIIe
| GfTbtk3/E3N/EjZX7lR7lgAMhZmpEpmb7AoQ1btPraFwH/PXG5r020vfC+fCzgAK
| X3BmCfSzUI2AXz/2GJrRsSSdjKTCLJgn5Cau9bI+IO9pH3HOkfXDiWLB4ip++dGK
| hxYMEc5xwrcF3ZsE6s42cisD8pNipwIDAQABo4GPMIGMMFcGA1UdIwRQME6hQaQ/
| MD0xFjAUBgNVBAMMDWNhLm5hcHBlci5odGIxCzAJBgNVBAYTAlVTMRYwFAYDVQQH
| DA1TYW4gRnJhbnNpc2NvggkA4xs9TVmYevYwCQYDVR0TBAIwADALBgNVHQ8EBAMC
| BPAwGQYDVR0RBBIwEIIOYXBwLm5hcHBlci5odGIwDQYJKoZIhvcNAQELBQADggEB
| ABuy5lV920FJXR4j0dWSAqpEPCXj3jVc7vbozP24sFAocNCzodYiuKV10NyhXxJ+
| rxgu5HgmWk47yaz17eYwMDWYnfoIGRVMl4IkSve/9wr1+ReiywIPGyCG/GCxk3KI
| OG/IyX9j8KR7bhTnlMPixVVqkAu0E2CwZ8I0WmjBdQzEs4wBmpmRO5Eqodxf/jkM
| 3a7CU0Q3m9+SKwOnvarn0Wp++UmlD4/y+O8+j9+URXtD7RElZfrcv9wknVGD7H0s
| U98Kn5WCVanMjGtaQmBjCNdTX/6rif90qiTgyw3mGw8IyatfXAwF75jkvB4vTAHk
| ziVXyfoozsWvOoF8/YiMKsI=
|_-----END CERTIFICATE-----
| tls-alpn: 
|_  http/1.1
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: -1s

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar  1 15:49:01 2024 -- 1 IP address (1 host up) scanned in 43.41 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] napper.htb
[options-method] [http] [info] https://napper.htb ["OPTIONS, TRACE, GET, HEAD, POST"]
[addeventlistener-detect] [http] [info] https://napper.htb
[microsoft-iis-version] [http] [info] https://napper.htb ["Microsoft-IIS/10.0"]
[metatag-cms] [http] [info] https://napper.htb ["Hugo 0.112.3"]
[tech-detect:jsdelivr] [http] [info] https://napper.htb
[tech-detect:ms-iis] [http] [info] https://napper.htb
[http-missing-security-headers:permissions-policy] [http] [info] https://napper.htb
[http-missing-security-headers:x-frame-options] [http] [info] https://napper.htb
[http-missing-security-headers:referrer-policy] [http] [info] https://napper.htb
[http-missing-security-headers:clear-site-data] [http] [info] https://napper.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] https://napper.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] https://napper.htb
[http-missing-security-headers:strict-transport-security] [http] [info] https://napper.htb
[http-missing-security-headers:content-security-policy] [http] [info] https://napper.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] https://napper.htb
[http-missing-security-headers:x-content-type-options] [http] [info] https://napper.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] https://napper.htb
[iis-shortname] [http] [info] https://napper.htb/*~1*/a.aspx'
[missing-sri] [http] [info] https://napper.htb/ ["https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/contrib/auto-render.min.js","https://app.napper.htb/js/feather.min.js","https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML","https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.js"]
[waf-detect:modsecurity] [http] [info] https://napper.htb/
[mismatched-ssl-certificate] [ssl] [low] napper.htb:443 ["CN: app.napper.htb"]
[self-signed-ssl] [ssl] [low] napper.htb:443
[ssl-dns-names] [ssl] [info] napper.htb:443 ["app.napper.htb"]
[deprecated-tls] [ssl] [info] napper.htb:443 ["tls10"]
[deprecated-tls] [ssl] [info] napper.htb:443 ["tls11"]
[tls-version] [ssl] [info] napper.htb:443 ["tls10"]
[tls-version] [ssl] [info] napper.htb:443 ["tls11"]
[weak-cipher-suites:tls-1.0] [ssl] [low] napper.htb:443 ["[tls10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]"]
[tls-version] [ssl] [info] napper.htb:443 ["tls12"]
[weak-cipher-suites:tls-1.1] [ssl] [low] napper.htb:443 ["[tls11 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]"]

Automation Summary

Summary of scans:

  1. NMap Scan:
  2. Identified two open ports: 80 (HTTP) and 443 (HTTPS) on napper.htb.
  3. Web servers on both ports are Microsoft IIS version 10.0.
  4. SSL certificate information and some HTTP headers were extracted.

  5. The TLS certificate is self-signed and includes deprecated TLS versions and weak cipher suites.

  6. Gobuster (DNS) Scan:

  7. No results obtained from the Gobuster scan.

  8. DirBuster Scan:

  9. No results obtained from the DirBuster scan.

  10. Nuclei Scan:

  11. Detected various information related to HTTP headers, web server technology, and SSL/TLS configuration.
  12. Identified missing security headers and deprecated TLS versions.
  13. Discovered a potential WAF (Web Application Firewall) being used.
  14. Detected mismatched SSL certificates, self-signed SSL, and weak cipher suites.

Overall, the Nuclei scan provided detailed insights into potential vulnerabilities and misconfigurations in the web server's setup, including security header issues and weak SSL/TLS configurations. Further investigation and exploitation may be possible based on these findings.

AI Generated

User Own

Root Own

Summary

AI Generated

References