TryHack3M: Bricks Heist

April 17, 2024

Last updated 1 year ago

# Nmap 7.94 scan initiated Wed Apr 17 12:46:16 2024 as: nmap -sC -sV -oN nmap -vv 10.10.104.208 Increasing send delay for 10.10.104.208 from 5 to 10 due to 11 out of 14 dropped probes since last increase. Increasing send delay for 10.10.104.208 from 10 to 20 due to 11 out of 15 dropped probes since last increase. Nmap scan report for bricks.thm (10.10.104.208) Host is up, received syn-ack (0.30s latency). Scanned at 2024-04-17 12:46:16 PST for 142s Not shown: 996 closed tcp ports (conn-refused) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 5e:89:d0:d2:48:d4:18:83:48:e8:ab:1f:fc:28:6a:d3 (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOPU67F6ouV5VnVyMkX96y1BsWQ37oIuqRyJgi13etXjrpB+0tePkjEyI1EfOxumZBwJMFcnOhGS0GfnN6nDoJTb/vG4FMEbnaEBdH4z0slzZTqmL68UOEsygVEEa+W/b9VZc+3AsevLu7dppZtF+se7tdYn9mJujZBEEPCLMRyQrVtB5a/zYI+pRLQSsxnyNVE8Xk9ADBt3f5TrCHnrKKhgfFefEC1vuT/GFVrvCrE/MdcUkOy48vEPhpQuqxbTR2WJcvegoZF+ucE6N6L+h+RhxG/fuEPznal695ogeUhhsMCEwGpgm47eX7uizy0Na3judXXavp41casSGjnigYiqqiazCd17mPGHKiAx7TAR/k+2ikZptOSBHYAf6bTC+/RVhMyyutTGbuObKFJdkmAeVDpoOzQwSxuKyc+dsC2QWAGlw7igIvLTYwvtTPKYbh4GnugWJgz2Adup1Tlqljrm3rdpLKM5c34QxuQhq1TNBcckvbWf5QFm6UwXGh0Ec= | 256 e3:10:af:92:38:39:00:04:a9:6b:26:f4:25:7f:3b:7a (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNUCluz0/6BCWD3bMhaUqhLzAwmlRBHBba4x3xxVYZ3A+3ORAncakjNC+9XfL3cyUlvq7g5hRPw5ROuhcWmsxmI= | 256 6b:db:02:32:ab:20:11:f2:d0:2b:c1:b5:b2:8a:91:99 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2oqRDeef0Q/Nc9ZKl3AnsevKhL5WAbHYSgifv4zUZC 80/tcp open http syn-ack WebSockify Python/3.8.10 |_http-title: Error response |_http-server-header: WebSockify Python/3.8.10 | fingerprint-strings: | GetRequest: | HTTP/1.1 405 Method Not Allowed | Server: WebSockify Python/3.8.10 | Date: Wed, 17 Apr 2024 04:46:59 GMT | Connection: close | Content-Type: text/html;charset=utf-8 | Content-Length: 472 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" | "http://www.w3.org/TR/html4/strict.dtd"> | <html> | <head> | <meta http-equiv="Content-Type" content="text/html;charset=utf-8"> | <title>Error response</title> | </head> | <body> | <h1>Error response</h1> | <p>Error code: 405</p> | <p>Message: Method Not Allowed.</p> | <p>Error code explanation: 405 - Specified method is invalid for this resource.</p> | </body> | </html> | HTTPOptions: | HTTP/1.1 501 Unsupported method ('OPTIONS') | Server: WebSockify Python/3.8.10 | Date: Wed, 17 Apr 2024 04:47:00 GMT | Connection: close | Content-Type: text/html;charset=utf-8 | Content-Length: 500 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" | "http://www.w3.org/TR/html4/strict.dtd"> | <html> | <head> | <meta http-equiv="Content-Type" content="text/html;charset=utf-8"> | <title>Error response</title> | </head> | <body> | <h1>Error response</h1> | <p>Error code: 501</p> | <p>Message: Unsupported method ('OPTIONS').</p> | <p>Error code explanation: HTTPStatus.NOT_IMPLEMENTED - Server does not support this operation.</p> | </body> |_ </html> 443/tcp open ssl/http syn-ack Apache httpd | tls-alpn: | h2 |_ http/1.1 | ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=US | Issuer: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2024-04-02T11:59:14 | Not valid after: 2025-04-02T11:59:14 | MD5: f1df:99bc:d5ab:5a5a:5709:5099:4add:a385 | SHA-1: 1f26:54bb:e2c5:b4a1:1f62:5ea0:af00:0261:35da:23c3 | -----BEGIN CERTIFICATE----- | MIIDazCCAlOgAwIBAgIUPbOGG+Xi6dsd8rNRzG/wI3DvA8MwDQYJKoZIhvcNAQEL | BQAwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM | GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA0MDIxMTU5MTRaFw0yNTA0 | MDIxMTU5MTRaMEUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw | HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB | AQUAA4IBDwAwggEKAoIBAQCtzw+eboW61zIzd/tl7LdrZCO86nc/MN0DkZfTngO7 | lJq/VQgR617FfExm26yI+wZSEkUWO5dg+1BYJbkYlayzr0Dyor3E2l73dIsM2Ur4 | s6hET6gYFD8pCu9z6YvMqxcq/1YWN+pOGsicAFeT6t8uQBYyA9NZZXSAISnorUbV | aRW/Z8cwijQquIfwIiBaVhOnqBAqoudHQ5yLb461PGgVpioNeS9DDe3I7+J5LPe7 | va5wcnTJ2xfKrCHIPipuAgj5lCJ7lihlvT0KDB1elFxy5yIPABR5MthRs36eiO4+ | 1AKfPDVrvC5IpBvycgT95qhR0AnS+N9CwmO4HUWq5AJtAgMBAAGjUzBRMB0GA1Ud | DgQWBBQHb6dwgvFLizbay0+nIgxlfzZYtjAfBgNVHSMEGDAWgBQHb6dwgvFLizba | y0+nIgxlfzZYtjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBJ | gjQinsS5AIb/LJT4KVhHgDAVezICOx3kg6foyMV3z6CcU9e6QLuMpyMCR/UGqUqs | m0iJH8sR1jJdS3tDPTEmJXW8gBux3Y4xl9/A1sMhm97O5O7KHiBiwiW47Pwfo4/a | wchcSEcU/4jfivY7ifGcIBSN4GInUHjwfD63J0/LHh1GPEo/Wsoekk0586psicaV | dv3UqrFcLFztwKGDgs+51Oc9a70xT96bko0huCZ1NFOh4zchZ3kno9mueURi/SJO | ibgwFMBWO7mQHKnlnQxxQwxER+QyftgnO+gXvkPGQU+o4rMnjHX5EAjyfoutRjjN | tQWUR7AJRMC+3VGdRcVV |_-----END CERTIFICATE----- |_http-favicon: Unknown favicon MD5: 000BF649CC8F6BF27CFB04D1BCDCD3C7 | http-robots.txt: 1 disallowed entry |_/wp-admin/ |_http-server-header: Apache |_http-generator: WordPress 6.5 | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-title: Brick by Brick |_ssl-date: TLS randomness does not represent time 3306/tcp open mysql syn-ack MySQL (unauthorized) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port80-TCP:V=7.94%I=7%D=4/17%Time=661F5440%P=x86_64-pc-linux-gnu%r(GetR SF:equest,291,"HTTP/1\.1\x20405\x20Method\x20Not\x20Allowed\r\nServer:\x20 SF:WebSockify\x20Python/3\.8\.10\r\nDate:\x20Wed,\x2017\x20Apr\x202024\x20 SF:04:46:59\x20GMT\r\nConnection:\x20close\r\nContent-Type:\x20text/html;c SF:harset=utf-8\r\nContent-Length:\x20472\r\n\r\n<!DOCTYPE\x20HTML\x20PUBL SF:IC\x20\"-//W3C//DTD\x20HTML\x204\.01//EN\"\n\x20\x20\x20\x20\x20\x20\x2 SF:0\x20\"http://www\.w3\.org/TR/html4/strict\.dtd\">\n<html>\n\x20\x20\x2 SF:0\x20<head>\n\x20\x20\x20\x20\x20\x20\x20\x20<meta\x20http-equiv=\"Cont SF:ent-Type\"\x20content=\"text/html;charset=utf-8\">\n\x20\x20\x20\x20\x2 SF:0\x20\x20\x20<title>Error\x20response</title>\n\x20\x20\x20\x20</head>\ SF:n\x20\x20\x20\x20<body>\n\x20\x20\x20\x20\x20\x20\x20\x20<h1>Error\x20r SF:esponse</h1>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Error\x20code:\x20405< SF:/p>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Message:\x20Method\x20Not\x20Al SF:lowed\.</p>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Error\x20code\x20explan SF:ation:\x20405\x20-\x20Specified\x20method\x20is\x20invalid\x20for\x20th SF:is\x20resource\.</p>\n\x20\x20\x20\x20</body>\n</html>\n")%r(HTTPOption SF:s,2B9,"HTTP/1\.1\x20501\x20Unsupported\x20method\x20\('OPTIONS'\)\r\nSe SF:rver:\x20WebSockify\x20Python/3\.8\.10\r\nDate:\x20Wed,\x2017\x20Apr\x2 SF:02024\x2004:47:00\x20GMT\r\nConnection:\x20close\r\nContent-Type:\x20te SF:xt/html;charset=utf-8\r\nContent-Length:\x20500\r\n\r\n<!DOCTYPE\x20HTM SF:L\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01//EN\"\n\x20\x20\x20\x20\x SF:20\x20\x20\x20\"http://www\.w3\.org/TR/html4/strict\.dtd\">\n<html>\n\x SF:20\x20\x20\x20<head>\n\x20\x20\x20\x20\x20\x20\x20\x20<meta\x20http-equ SF:iv=\"Content-Type\"\x20content=\"text/html;charset=utf-8\">\n\x20\x20\x SF:20\x20\x20\x20\x20\x20<title>Error\x20response</title>\n\x20\x20\x20\x2 SF:0</head>\n\x20\x20\x20\x20<body>\n\x20\x20\x20\x20\x20\x20\x20\x20<h1>E SF:rror\x20response</h1>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Error\x20code SF::\x20501</p>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Message:\x20Unsupporte SF:d\x20method\x20\('OPTIONS'\)\.</p>\n\x20\x20\x20\x20\x20\x20\x20\x20<p> SF:Error\x20code\x20explanation:\x20HTTPStatus\.NOT_IMPLEMENTED\x20-\x20Se SF:rver\x20does\x20not\x20support\x20this\x20operation\.</p>\n\x20\x20\x20 SF:\x20</body>\n</html>\n"); Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Wed Apr 17 12:48:38 2024 -- 1 IP address (1 host up) scanned in 142.57 seconds