TUTORIAL my prepration script for HTB machines
by angramainyu - November 25, 2021 at 05:49 AM
#1
Lightbulb 
#!/usr/bin/env bash






boxname=${1,,}


boxip=${2,,}


hosts="$boxip  $boxname.htb"





# Help


Help()


{


        # Display Help


        echo "Hackthebox prepration tool!"


        echo


        echo "Syntax: ./initial_htb.sh box_name box_ip"


        echo "-h        Print this Help."


        echo "Version: 0.1"


        echo "By Angra Mainyu"


        exit


}






if [ $# -eq 0 ]; then


    echo "No arguments supplied. Use -h for help."


    exit


else


        echo "some unwritten rules:



        if you find a password in one place, you should test it at other places



        if you find an open web connection, you should find all accessible sites



        if you can register a new account, you should register it



        if you have some source code, you should analyze it



"


fi




Dir(){


# Location


        mkdir -p ~/Documents/hackthebox/$boxname


        cd ~/Documents/hackthebox/$boxname


}






# Get the options


while getopts ":hcd:" option; do


        case $option in


                h) # display Help


                        Help


                ;;


                \?) # incorrect option


                        echo "Error: Invalid option"


                        exit


                ;;


        esac


done






Dir






# hosts


if grep "$boxname" /etc/hosts; then


        echo "$boxip    $boxname.htb"


else


        echo "$boxip    $boxname.htb" | sudo tee -a /etc/hosts


fi






# Port Scan


sudo nmap -sT -sV -sC -T4 $boxname.htb -oA $boxname\_tcp


sudo nmap -sU -p 53,123,161,162,1646,1812,1813 -T4 $boxname.htb -oA $boxname\_udp






# HTTP


http_state=`cat $boxname\_tcp.xml | xmllint --xpath '//port[@portid="80"]/state/@state' -`


if [ "$http_state" == " state=\"open\"" ]; then


        # Subdomains


        wfuzz -H "Host: FUZZ.$boxname.htb" --hc 302 -H "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0" -c -z file,"/usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt" "http://$boxname.htb" | tee vhost.wfuzz;


        # directiries


        gobuster dir -u "http://$boxname.htb" -w /usr/share/wordlists/dirb/common.txt -o dir.gobuster;


else


        echo "http not found from xml"


fi


# run burp


burpsuite --disable-auto-update --use-defaults &







Result:


some unwritten rules:



        if you find a password in one place, you should test it at other places



        if you find an open web connection, you should find all accessible sites



        if you can register a new account, you should register it



        if you have some source code, you should analyze it






10.10.11.124    shibboleth.htb



Starting Nmap 7.92 ( https://nmap.org ) at ...


Nmap scan report for shibboleth.htb (10.10.11.124)


Host is up (0.18s latency).


Not shown: 999 closed tcp ports (conn-refused)


PORT  STATE SERVICE VERSION


80/tcp open  http    Apache httpd 2.4.41


|_http-title: FlexStart Bootstrap Template - Index


|_http-server-header: Apache/2.4.41 (Ubuntu)






Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .


Nmap done: 1 IP address (1 host up) scanned in 23.18 seconds


Starting Nmap 7.92 ( https://nmap.org ) at ...





Nmap scan report for shibboleth.htb (10.10.11.124)


Host is up (0.20s latency).






PORT    STATE  SERVICE


53/udp  closed domain


123/udp  closed ntp


161/udp  closed snmp


162/udp  closed snmptrap


1646/udp closed radacct


1812/udp closed radius

1813/udp closed radius




Nmap done: 1 IP address (1 host up) scanned in 2.06 seconds






********************************************************


* Wfuzz 3.1.0 - The Web Fuzzer                        *


********************************************************






Target: http://shibboleth.htb/


Total requests: 4989






=====================================================================


ID          Response  Lines    Word      Chars      Payload                                                                                                                                                                 


=====================================================================






000000099:  200        29 L    219 W      3684 Ch    "monitor"                                                                                                                                                               


000000346:  200        29 L    219 W      3684 Ch    "monitoring"                                                                                                                                                             


000000390:  200        29 L    219 W      3684 Ch    "zabbix"                                                                                                                                                                 






Total time: 0


Processed Requests: 4989


Filtered Requests: 4986


Requests/sec.: 0






===============================================================


Gobuster v3.1.0


by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)


===============================================================


[+] Url:                    http://shibboleth.htb


[+] Method:                  GET


[+] Threads:                10


[+] Wordlist:                /usr/share/wordlists/dirb/common.txt


[+] Negative Status codes:  404


[+] User Agent:              gobuster/3.1.0


[+] Timeout:                10s


===============================================================


... Starting gobuster in directory enumeration mode


===============================================================


/.htaccess            (Status: 403) [Size: 279]


/.hta                (Status: 403) [Size: 279]


/.htpasswd            (Status: 403) [Size: 279]


/assets              (Status: 301) [Size: 317] [--> http://shibboleth.htb/assets/]


/forms                (Status: 301) [Size: 316] [--> http://shibboleth.htb/forms/]


/index.html          (Status: 200) [Size: 59474]                                 


/server-status        (Status: 403) [Size: 279]                                   

                                                                      



===============================================================


... Finished

===============================================================
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
SELLING Hackthebox Challenges, Active Machines, Endgames, Fortress, Solutions Available! xander2000 2 932 June 09, 2021 at 07:43 AM
Last Post: JamesNothington
TUTORIAL Making Vulnerable Machines magicianlin21 1 714 May 13, 2021 at 01:24 PM
Last Post: paulwatson42016
SELLING Hackthebox Solutions:- Fortress, Pro Labs, Active Machines, Active Challenges! xander2000 0 728 May 07, 2021 at 09:14 AM
Last Post: xander2000

 Users browsing this thread: 1 Guest(s)