JOIN BREACHFORUMS TELEGRAM
HTB - Napper
by peRd1 - Saturday November 11, 2023 at 07:18 PM
Elite User

Posts: 148
Threads: 2
Joined: Oct 2023
Reputation: 25
#1
Nov 11, 2023, 07:18 PM
Let's go guys and let's do this.

PORT    STATE SERVICE  VERSION
80/tcp  open  http    Microsoft IIS httpd 10.0
|_http-title: Did not follow redirect to https://app.napper.htb
|_http-server-header: Microsoft-IIS/10.0
443/tcp open  ssl/http Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
| ssl-cert: Subject: commonName=app.napper.htb/organizationName=MLopsHub/stateOrProvinceName=California/countryName=US
| Subject Alternative Name: DNS:app.napper.htb
| http-methods:
|  Supported Methods: OPTIONS TRACE GET HEAD POST
|_  Potentially risky methods: TRACE
|_http-generator: Hugo 0.112.3
|_http-title: Research Blog | Home
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
7680/tcp open  pando-pub? syn-ack ttl 127
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Reply
VIP User
VIP
Posts: 3
Threads: 1
Joined: Oct 2023
Reputation: 10
#2
Nov 11, 2023, 07:20 PM
The cert is issued by
L=San Fransisco,C=US,CN=ca.napper.htb
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Oct 2023
Reputation: 0
#3
Nov 11, 2023, 08:08 PM
/ews/MsExgHealthCheckd/
Reply
Breached
Member
Posts: 37
Threads: 1
Joined: Jul 2023
Reputation: 1
#4
Nov 11, 2023, 08:11 PM
you can also find `internal.napper.htb`
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Oct 2023
Reputation: 0
#5
Nov 11, 2023, 08:13 PM
POST /ews/MsExgHealthCheckd/ HTTP/2

Host: napper.htb

User-Agent: curl/8.3.0

Accept: */*

Content-Length: 2350

Content-Type: application/x-www-form-ulrencoded



sdafwe3rwe23=test

you get a code 200
Reply
Elite User

Posts: 148
Threads: 2
Joined: Oct 2023
Reputation: 25
#6
Nov 11, 2023, 08:17 PM
Yes that seems to be the way, creating the payload towards that. Naplistener malware.
Reply
Breached
Member
Posts: 20
Threads: 0
Joined: Jul 2023
Reputation: 0
#7
Nov 11, 2023, 08:19 PM
(Nov 11, 2023, 08:13 PM)Akless Wrote: POST /ews/MsExgHealthCheckd/ HTTP/2

Host: napper.htb

User-Agent: curl/8.3.0

Accept: */*

Content-Length: 2350

Content-Type: application/x-www-form-ulrencoded



sdafwe3rwe23=test

you get a code 200

NAPLISTENER????
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Oct 2023
Reputation: 0
#8
Nov 11, 2023, 08:20 PM
(Nov 11, 2023, 08:17 PM)peRd1 Wrote: Yes that seems to be the way, creating the payload towards that. Naplistener malware.

have you managed to do it?
Reply
Breached
Member
Posts: 20
Threads: 0
Joined: Jul 2023
Reputation: 0
#9
Nov 11, 2023, 08:23 PM
(Nov 11, 2023, 08:17 PM)peRd1 Wrote: Yes that seems to be the way, creating the payload towards that. Naplistener malware.

sorry, I hadn't seen this post
Reply
Elite User

Posts: 148
Threads: 2
Joined: Oct 2023
Reputation: 25
#10
Nov 11, 2023, 08:43 PM
...trying all kinds of payloads, but struggling to get it going. ... http is okay on them, so yeah.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 23 2,186 2 hours ago
Last Post: kkkato
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 20 2,495 Yesterday, 11:06 PM
Last Post: op334
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 3 398 Yesterday, 10:36 PM
Last Post: op334
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 369 92,013 Yesterday, 04:10 PM
Last Post: sabbyahmed
  CBBH Write Ups hiddenhacker 22 6,229 Yesterday, 06:39 AM
Last Post: Usercomplex

Forum Jump:


 Users browsing this forum: 1 Guest(s)