22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   3072 39:03:16:06:11:30:a0:b0:c2:91:79:88:d3:93:1b:3e (RSA)
|   256 51:94:5c:59:3b:bd:bc:b6:26:7a:ef:83:7f:4c:ca:7d (ECDSA)
|_  256 a5:6d:03:fa:6c:f5:b9:4a:a2:a1:b6:bd:bc:60:42:31 (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Moderators
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.85 seconds

(August 6, 2022, 07:52 PM)loge23 Wrote: http://moderators.htb/logs/md5(report_no)/

URL not found? How did u find this?

Found three additional reports to the ones posted in the blog:

2589
3478
4221
7612
8121
9798

Of note, on 9798, this is listed:

[+] LOGS : logs/e21cece511f43a5cb18d4932429915ed/

Page shows nothing, and returns a blank index.html with wget.

Three new domains are listed in the reports, but I don't think any have to do with the machine:

healtharcade.io.htb
actionmeter.org.htb
bethebest101.uk.htb

Hello everyone
Have a good day, dear!

(August 6, 2022, 08:05 PM)karhu Wrote: Found three additional reports to the ones posted in the blog:

2589
3478
4221
7612
8121
9798

Of note, on 9798, this is listed:

[+] LOGS : logs/e21cece511f43a5cb18d4932429915ed/

Page shows nothing, and returns a blank index.html with wget.

Three new domains are listed in the reports, but I don't think any have to do with the machine:

healtharcade.io.htb
actionmeter.org.htb
bethebest101.uk.htb

Exactly, and when you check e21cece511f43a5cb18d4932429915ed on crackstation, it shows the id of  the report.
So, the question is, when you md5 all those available reports and check their logs folder, will there be any file discovery?

(August 6, 2022, 08:05 PM)karhu Wrote: Found three additional reports to the ones posted in the blog:

2589
3478
4221
7612
8121
9798

Of note, on 9798, this is listed:

[+] LOGS : logs/e21cece511f43a5cb18d4932429915ed/

Page shows nothing, and returns a blank index.html with wget.

Three new domains are listed in the reports, but I don't think any have to do with the machine:

healtharcade.io.htb
actionmeter.org.htb
bethebest101.uk.htb

e21cece511f43a5cb18d4932429915ed is md5 of 9798. there is a folder under logs for each report like this.

(August 6, 2022, 08:09 PM)farkow Wrote:

(August 6, 2022, 08:05 PM)karhu Wrote: Found three additional reports to the ones posted in the blog:

2589
3478
4221
7612
8121
9798

Of note, on 9798, this is listed:

[+] LOGS : logs/e21cece511f43a5cb18d4932429915ed/

Page shows nothing, and returns a blank index.html with wget.

Three new domains are listed in the reports, but I don't think any have to do with the machine:

healtharcade.io.htb
actionmeter.org.htb
bethebest101.uk.htb

Exactly, and when you check e21cece511f43a5cb18d4932429915ed on crackstation, it shows the id of  the report.
So, the question is, when you md5 all those available reports and check their logs folder, will there be any file discovery?

Right, this is what I'm working on currently, but I'm not making much headway. Running ffuf on /HASH/FUZZ where HASH is the list of md5(report#) and FUZZ is a list of common filenames. All that has returned so far is just index.html which are all empty.

(August 6, 2022, 08:30 PM)karhu Wrote:

(August 6, 2022, 08:09 PM)farkow Wrote:

(August 6, 2022, 08:05 PM)karhu Wrote: Found three additional reports to the ones posted in the blog:

2589
3478
4221
7612
8121
9798

Of note, on 9798, this is listed:

[+] LOGS : logs/e21cece511f43a5cb18d4932429915ed/

Page shows nothing, and returns a blank index.html with wget.

Three new domains are listed in the reports, but I don't think any have to do with the machine:

healtharcade.io.htb
actionmeter.org.htb
bethebest101.uk.htb

Exactly, and when you check e21cece511f43a5cb18d4932429915ed on crackstation, it shows the id of  the report.
So, the question is, when you md5 all those available reports and check their logs folder, will there be any file discovery?

Right, this is what I'm working on currently, but I'm not making much headway. Running ffuf on /HASH/FUZZ where HASH is the list of md5(report#) and FUZZ is a list of common filenames. All that has returned so far is just index.html which are all empty.

There is logs.pdf in md5 of one of the report numbers
It shows file upload page and you see it on there having php shell upload

(August 6, 2022, 08:34 PM)paulwatson42016 Wrote:

(August 6, 2022, 08:30 PM)karhu Wrote:

(August 6, 2022, 08:09 PM)farkow Wrote:

(August 6, 2022, 08:05 PM)karhu Wrote: Found three additional reports to the ones posted in the blog:

2589
3478
4221
7612
8121
9798

Of note, on 9798, this is listed:

[+] LOGS : logs/e21cece511f43a5cb18d4932429915ed/

Page shows nothing, and returns a blank index.html with wget.

Three new domains are listed in the reports, but I don't think any have to do with the machine:

healtharcade.io.htb
actionmeter.org.htb
bethebest101.uk.htb

Exactly, and when you check e21cece511f43a5cb18d4932429915ed on crackstation, it shows the id of  the report.
So, the question is, when you md5 all those available reports and check their logs folder, will there be any file discovery?

Right, this is what I'm working on currently, but I'm not making much headway. Running ffuf on /HASH/FUZZ where HASH is the list of md5(report#) and FUZZ is a list of common filenames. All that has returned so far is just index.html which are all empty.

There is logs.pdf in md5 of one of the report numbers
It shows file upload page and you see it on there having php shell upload

Ah, I see. I found the /logs/upload page during my initial enum of the site. Guess I should have put that together lol. Thanks for the hint!