Skip to content

Perfection

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Sat Mar  2 14:55:50 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/perfection/nmap.txt 10.10.11.253
Increasing send delay for 10.10.11.253 from 0 to 5 due to 144 out of 359 dropped probes since last increase.
Increasing send delay for 10.10.11.253 from 5 to 10 due to 11 out of 15 dropped probes since last increase.
Warning: 10.10.11.253 giving up on port because retransmission cap hit (6).
Nmap scan report for perfection.htb (10.10.11.253)
Host is up, received conn-refused (0.076s latency).
Scanned at 2024-03-02 14:55:52 EST for 35s
Not shown: 997 closed tcp ports (conn-refused)
PORT      STATE    SERVICE REASON      VERSION
22/tcp    open     ssh     syn-ack     OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 80:e4:79:e8:59:28:df:95:2d:ad:57:4a:46:04:ea:70 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMz41H9QQUPCXN7lJsU+fbjZ/vR4Ho/eacq8LnS89xLx4vsJvjUJCcZgMYAmhHLXIGKnVv16ipqPaDom5cK9tig=
|   256 e9:ea:0c:1d:86:13:ed:95:a9:d0:0b:c8:22:e4:cf:e9 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqNwnyqGqYHNSIjQnv7hRU0UC9Q4oB4g9Pfzuj2qcG4
80/tcp    open     http    syn-ack     nginx
| http-methods: 
|_  Supported Methods: GET
|_http-title: Weighted Grade Calculator
32784/tcp filtered unknown no-response
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Mar  2 14:56:27 2024 -- 1 IP address (1 host up) scanned in 37.26 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] perfection.htb
[xss-deprecated-header] [http] [info] http://perfection.htb ["1; mode=block"]
[tech-detect:font-awesome] [http] [info] http://perfection.htb
[tech-detect:nginx] [http] [info] http://perfection.htb
[http-missing-security-headers:content-security-policy] [http] [info] http://perfection.htb
[http-missing-security-headers:permissions-policy] [http] [info] http://perfection.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://perfection.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://perfection.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://perfection.htb
[http-missing-security-headers:strict-transport-security] [http] [info] http://perfection.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://perfection.htb
[http-missing-security-headers:referrer-policy] [http] [info] http://perfection.htb
[http-missing-security-headers:clear-site-data] [http] [info] http://perfection.htb
[waf-detect:nginxgeneric] [http] [info] http://perfection.htb/
[ssh-auth-methods] [javascript] [info] perfection.htb:22 ["[\"publickey\",\"password\"]"]

Automation Summary

NMap Scan Summary:

  • The scan reveals two open ports: SSH (22/tcp) and HTTP (80/tcp).
  • SSH is running OpenSSH 8.9p1 Ubuntu 3ubuntu0.6.
  • HTTP service is running nginx, with a weighted grade calculator hosted on it.
  • There's a filtered port (32784/tcp) with unknown service.

Nuclei Scan Summary:

  • Several security headers are missing in the HTTP response.
  • Various technologies are detected including Nginx, Font Awesome.
  • Some deprecated headers like "X-XSS-Protection" are present.
  • SSH authentication methods suggest both public key and password authentication.

Insights: - The system may have potential vulnerabilities related to the missing security headers in the HTTP responses. - The presence of SSH and HTTP services suggests avenues for further enumeration and exploitation. - Further manual enumeration might be necessary to identify potential vulnerabilities and avenues for exploitation.

AI Generated

User Own

Root Own

Summary

AI Generated

References