Skip to content

Skyfall

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Fri Mar  1 14:07:09 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/skyfall/nmap.txt 10.10.11.254
Nmap scan report for skyfall.htb (10.10.11.254)
Host is up, received syn-ack (0.090s latency).
Scanned at 2024-03-01 14:07:09 EST for 20s
Not shown: 998 closed tcp ports (conn-refused)
PORT   STATE SERVICE REASON  VERSION
22/tcp open  ssh     syn-ack OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 65:70:f7:12:47:07:3a:88:8e:27:e9:cb:44:5d:10:fb (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCVqvI8vGs8EIUAAUiRze8kfKmYh9ETTUei3zRd1wWWLRBjSm+soBLfclIUP69cNtQOa961nyt2/BOwuR35cLR4=
|   256 74:48:33:07:b7:88:9d:32:0e:3b:ec:16:aa:b4:c8:fe (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINk0VgEkDNZoIJwcG5LEVZDZkEeSRHLBmAOtd/pduzRW
80/tcp open  http    syn-ack nginx 1.18.0 (Ubuntu)
|_http-favicon: Unknown favicon MD5: FED84E16B6CCFE88EE7FFAAE5DFEFD34
|_http-server-header: nginx/1.18.0 (Ubuntu)
| http-methods: 
|_  Supported Methods: GET HEAD
|_http-title: Skyfall - Introducing Sky Storage!
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar  1 14:07:29 2024 -- 1 IP address (1 host up) scanned in 20.69 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] skyfall.htb
[email-extractor] [http] [info] http://skyfall.htb ["contact@skyfall.com"]
[nginx-version] [http] [info] http://skyfall.htb ["nginx/1.18.0"]
[tech-detect:lightbox] [http] [info] http://skyfall.htb
[tech-detect:bootstrap] [http] [info] http://skyfall.htb
[tech-detect:google-font-api] [http] [info] http://skyfall.htb
[tech-detect:nginx] [http] [info] http://skyfall.htb
[http-missing-security-headers:strict-transport-security] [http] [info] http://skyfall.htb
[http-missing-security-headers:content-security-policy] [http] [info] http://skyfall.htb
[http-missing-security-headers:referrer-policy] [http] [info] http://skyfall.htb
[http-missing-security-headers:clear-site-data] [http] [info] http://skyfall.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://skyfall.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://skyfall.htb
[http-missing-security-headers:permissions-policy] [http] [info] http://skyfall.htb
[http-missing-security-headers:x-frame-options] [http] [info] http://skyfall.htb
[http-missing-security-headers:x-content-type-options] [http] [info] http://skyfall.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://skyfall.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://skyfall.htb
[waf-detect:nginxgeneric] [http] [info] http://skyfall.htb/
[ssh-auth-methods] [javascript] [info] skyfall.htb:22 ["[\"publickey\",\"password\",\"keyboard-interactive\"]"]
[ssh-password-auth] [javascript] [info] skyfall.htb:22
[ssh-server-enumeration] [javascript] [info] skyfall.htb:22 ["SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6"]
[ssh-sha1-hmac-algo] [javascript] [info] skyfall.htb:22

Automation Summary

  • NMap Scan Summary:
  • Target system has SSH (port 22) and HTTP (port 80) services running.
  • SSH service is identified as OpenSSH 8.9p1 on Ubuntu.
  • HTTP service is identified as nginx 1.18.0 on Ubuntu.

  • Web server hosts an application titled "Skyfall - Introducing Sky Storage!".

  • Nuclei Scan Insights:

  • Various technologies and headers are detected on the HTTP service, including Nginx, Lightbox, Bootstrap, Google Font API, etc.
  • Multiple missing security headers are found, indicating potential vulnerabilities in the web application's security posture.
  • WAF detection suggests the presence of a generic Nginx Web Application Firewall.
  • SSH-related information reveals supported authentication methods, password authentication, and SSH server version.

Overall, the scans provide insights into the services and potential vulnerabilities present on the target machine, indicating areas for further exploration and potential exploitation.

AI Generated

User Own

Root Own

Summary

AI Generated

References