Diff medium
#2025.11.7
Adding to IP
sudo nano /etc/hosts
Network enumeration
htb/vpn/lab took 4s
> rustscan -a 10.10.11.83
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \\ | `| |
| .-. \\| {_} |.-._} } | | .-._} }\\ }/ /\\ \\| |\\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: <http://discord.skerritt.blog> :
: <https://github.com/RustScan/RustScan> :
--------------------------------------
With RustScan, I scan ports so fast, even my firewall gets whiplash π¨
[~] The config file is expected to be at "/home/xacce/.rustscan.toml"
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
[!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'.
Open 10.10.11.83:22
Open 10.10.11.83:80
[~] Starting Script(s)
[~] Starting Nmap 7.98 ( <https://nmap.org> ) at 2025-11-07 15:12 +0800
Initiating Ping Scan at 15:12
Scanning 10.10.11.83 [2 ports]
Completed Ping Scan at 15:12, 0.33s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:12
Completed Parallel DNS resolution of 1 host. at 15:12, 0.50s elapsed
DNS resolution of 1 IPs took 0.50s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 15:12
Scanning 10.10.11.83 [2 ports]
Discovered open port 22/tcp on 10.10.11.83
Discovered open port 80/tcp on 10.10.11.83
Completed Connect Scan at 15:12, 0.27s elapsed (2 total ports)
Nmap scan report for 10.10.11.83
Host is up, received conn-refused (0.31s latency).
Scanned at 2025-11-07 15:12:48 +08 for 0s
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack
80/tcp open http syn-ack
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds
htb/vpn/lab took 1m18s
>
Visiting the web on the port 80
Directory enumeration
htb/machine/prev took 11s
> feroxbuster -u <http://previous.htb/> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
___ ___ __ __ __ __ __ ___
|__ |__ |__) |__) | / ` / \\ \\_/ | | \\ |__
| |___ | \\ | \\ | \\__, \\__/ / \\ | |__/ |___
by Ben "epi" Risher π€ ver: 2.13.0
ββββββββββββββββββββββββββββ¬ββββββββββββββββββββββ
π― Target Url β <http://previous.htb/>
π© In-Scope Url β previous.htb
π Threads β 50
π Wordlist β /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
π Status Codes β All Status Codes!
π₯ Timeout (secs) β 7
𦑠User-Agent β feroxbuster/2.13.0
π Extract Links β true
π HTTP methods β [GET]
π Recursion Depth β 4
ββββββββββββββββββββββββββββ΄ββββββββββββββββββββββ
π Press [ENTER] to use the Scan Management Menuβ’
ββββββββββββββββββββββββββββββββββββββββββββββββββ
404 GET 1l 66w 2181c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
307 GET 1l 1w 36c <http://previous.htb/docs> => <http://previous.htb/api/auth/signin?callbackUrl=%2Fdocs>
308 GET 1l 1w 6c <http://previous.htb/_next/> => <http://previous.htb/_next>
308 GET 1l 1w 35c <http://previous.htb/_next/static/-ipsiOtEey-zESpHzrwmc/> => <http://previous.htb/_next/static/-ipsiOtEey-zESpHzrwmc>
308 GET 1l 1w 13c <http://previous.htb/_next/static/> => <http://previous.htb/_next/static>
308 GET 1l 1w 26c <http://previous.htb/_next/static/chunks/pages/> => <http://previous.htb/_next/static/chunks/pages>
308 GET 1l 1w 20c <http://previous.htb/_next/static/chunks/> => <http://previous.htb/_next/static/chunks>
308 GET 1l 1w 17c <http://previous.htb/_next/static/css/> => <http://previous.htb/_next/static/css>
308 GET 1l 1w 12c <http://previous.htb/application/> => <http://previous.htb/application>
200 GET 1l 283w 5101c <http://previous.htb/_next/static/chunks/pages/index-a09f42904785092c.js>
200 GET 1l 1w 1305c <http://previous.htb/_next/static/-ipsiOtEey-zESpHzrwmc/_buildManifest.js>
200 GET 1l 2w 77c <http://previous.htb/_next/static/-ipsiOtEey-zESpHzrwmc/_ssgManifest.js>
200 GET 1l 250w 23885c <http://previous.htb/_next/static/css/9a1ff1f4870b5a50.css>
200 GET 1l 60w 3028c <http://previous.htb/_next/static/chunks/webpack-cb370083d4f9953f.js>
200 GET 1l 725w 33690c <http://previous.htb/_next/static/chunks/pages/_app-95f33af851b6322a.js>
200 GET 1l 591w 119495c <http://previous.htb/_next/static/chunks/main-0221d9991a31a63c.js>
200 GET 1l 650w 112594c <http://previous.htb/_next/static/chunks/polyfills-42372ed130431b0a.js>
200 GET 1l 1126w 139924c <http://previous.htb/_next/static/chunks/framework-ee17a4c43a44d3e2.js>
200 GET 1l 407w 5493c <http://previous.htb/>
404 GET 1l 37w 2181c <http://previous.htb/profiles>
307 GET 1l 1w 35c <http://previous.htb/api> => <http://previous.htb/api/auth/signin?callbackUrl=%2Fapi>
200 GET 1l 3w 232c <http://previous.htb/_next/static/chunks/pages/_error-41608b100cc61246.js>
404 GET 1l 37w 2181c <http://previous.htb/office>
200 GET 1l 179w 3481c <http://previous.htb/signin>
404 GET 1l 37w 2181c <http://previous.htb/v2>
200 GET 1l 136w 3480c <http://previous.htb/_next/static/chunks/pages/signin-d0284ed11872b445.js>
200 GET 1l 217w 8862c <http://previous.htb/_next/static/chunks/0-c54fcec2d27b858d.js>
404 GET 1l 37w 2181c <http://previous.htb/W>
404 GET 1l 37w 2181c <http://previous.htb/360>
404 GET 1l 37w 2181c <http://previous.htb/forum_new>
404 GET 1l 37w 2181c <http://previous.htb/tp>
404 GET 1l 37w 2181c <http://previous.htb/rss091>
404 GET 1l 37w 2181c <http://previous.htb/topicsMain>
404 GET 1l 37w 2181c <http://previous.htb/utility>
404 GET 1l 37w 2181c <http://previous.htb/ideas>
404 GET 1l 37w 2181c <http://previous.htb/_derived>
404 GET 1l 37w 2181c <http://previous.htb/acrobat>
404 GET 1l 37w 2181c <http://previous.htb/todo>
404 GET 1l 37w 2181c <http://previous.htb/_W0QQfromZR12>
404 GET 1l 37w 2181c <http://previous.htb/55033>
404 GET 1l 37w 2181c <http://previous.htb/page-2>
404 GET 1l 37w 2181c <http://previous.htb/ri>
404 GET 1l 37w 2181c <http://previous.htb/ln>
404 GET 1l 37w 2181c <http://previous.htb/tutor>
404 GET 1l 37w 2181c <http://previous.htb/feed-icon16x16>
404 GET 1l 37w 2181c <http://previous.htb/distro>
404 GET 1l 37w 2181c <http://previous.htb/search_results>
404 GET 1l 37w 2181c <http://previous.htb/sup>
404 GET 1l 37w 2181c <http://previous.htb/com-mod>
404 GET 1l 37w 2181c <http://previous.htb/scl>
404 GET 1l 37w 2181c <http://previous.htb/emp>
404 GET 1l 37w 2181c <http://previous.htb/newsfeeds>
404 GET 1l 37w 2181c <http://previous.htb/1311>
404 GET 1l 37w 2181c <http://previous.htb/oklahoma>
404 GET 1l 37w 2181c <http://previous.htb/prepare>
404 GET 1l 37w 2181c <http://previous.htb/showbiz>
404 GET 1l 37w 2181c <http://previous.htb/issue2>
404 GET 1l 37w 2181c <http://previous.htb/whats-new>
404 GET 1l 37w 2181c <http://previous.htb/2609>
404 GET 1l 37w 2181c <http://previous.htb/arr1>
307 GET 1l 1w 38c <http://previous.htb/docsis> => <http://previous.htb/api/auth/signin?callbackUrl=%2Fdocsis>
404 GET 1l 37w 2181c <http://previous.htb/rape-sex>
404 GET 1l 37w 2181c <http://previous.htb/flag_germany>
404 GET 1l 37w 2181c <http://previous.htb/4049>
404 GET 1l 37w 2181c <http://previous.htb/rsync>
[#>------------------] - 4m 11888/220567 62m found:64 errors:66
π¨ Caught ctrl+c π¨ saving scan state to ferox-http_previous_htb_-1762499990.state ... [#>------------------] - 4m 11889/220567 62m found:64 errors:66
[#>------------------] - 4m 11831/220546 52/s <http://previous.htb/>
Trying to log in
looking with wappalyzer