02.VULNERABILITY ASSESSMENT
root@htb:~$ sudo nmap --script=vuln {targetIP} -p 22,6789,8080,8443,8843,8880
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.129.141.59
| Found the following possible CSRF vulnerabilities:
|
| Path: http://10.129.141.59:80/
| Form id: name
| Form action: forms/contact.php
|
| Path: http://10.129.141.59:80/
| Form id:
| Form action:
|
| Path: http://10.129.141.59:80/login/login.php
| Form id: login-form
| Form action:
|
| Path: http://10.129.141.59:80/login/login.php
| Form id:
| Form action:
|
| Path: http://10.129.141.59:80/index.html
| Form id: name
| Form action: forms/contact.php
|
| Path: http://10.129.141.59:80/index.html
| Form id:
|_ Form action:
|_http-internal-ip-disclosure: ERROR: Script execution failed (use -d to debug)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-sql-injection:
| Possible sqli for queries:
| http://10.129.141.59:80/login/?C=S%3BO%3DA%27%20OR%20sqlspider
| http://10.129.141.59:80/login/?C=M%3BO%3DA%27%20OR%20sqlspider
| http://10.129.141.59:80/login/?C=D%3BO%3DA%27%20OR%20sqlspider
| http://10.129.141.59:80/login/?C=N%3BO%3DD%27%20OR%20sqlspider
| http://10.129.141.59:80/login/?C=M%3BO%3DA%27%20OR%20sqlspider
| http://10.129.141.59:80/login/?C=D%3BO%3DA%27%20OR%20sqlspider
| http://10.129.141.59:80/login/?C=S%3BO%3DD%27%20OR%20sqlspider
|_ http://10.129.141.59:80/login/?C=N%3BO%3DA%27%20OR%20sqlspider
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-enum:
| /login/: Login page
|_ /forms/: Potentially interesting directory w/ listing on 'apache/2.4.29 (ubuntu)'
* the --script=vuln will run scripts that focus specifically on detecting known
vulnerabilities in the service running on port 6379
- e.g., weak configurations, or known vulnerabilities in the redis service
- if no results are found then the service may be fully patched!Last updated