This header can hint to the user agent to protect against some forms of XSS + The X-XSS-Protection header is not defined. + The anti-clickjacking X-Frame-Options header is not present.
I ran Nikto Scan and found that I was able to read system files by adding extra / to url, something I will use in exploitation nikto -host |_http-title: Site doesn't have a title (text/plain). nmap -sC -sV -p 59777 10.129.172.173ĥ9777/tcp open http Bukkit JSONAPI httpd for Minecraft game server 3.6.0 or older
PORT 5555 FREECIV TRIAL
After trial and error, port 59777 got my attention. I ran another nmap scan -p- for enumerating and found three new ports.
Nmap done: 1 IP address (1 host up) scanned in 1095.40 seconds I ran another nmap scan -sU for enumerating udp services and found two filtered ports, I may look into them. Nmap done: 1 IP address (1 host up) scanned in 12.68 seconds
If you know the service/version, please submit the following fingerprint at : Nmap found port ssh(2222) opened and freeciv (5555) filtered which after researching I found that it belongs to adb not freeciv. I am Nasef and today I am going to show you how I hacked Explore machine from hack the box, so let’s get started ! Services Enumeration
0 kommentar(er)
