Port recognition withnmapor you can use recon

┌──(root@ghost)-[/home/ghost]
└─# recon appointment.htb

    .o oOOOOOOOo                                            OOOo
    Ob.OOOOOOOo  OOOo.      oOOo.                      .adOOOOOOO
    OboO"""""""""""".OOo. .oOOOOOo.    OOOo.oOOOOOo.."""""""""'OO
    OOP.oOOOOOOOOOOO "POOOOOOOOOOOo.   `"OOOOOOOOOP,OOOOOOOOOOOB'
    `O'OOOO'     `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO'    `OOOOo
    .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
    OOOOO                 '"OOOOOOOOOOOOOOOO"`                oOO
   oOOOOOba.                .adOOOOOOOOOOba               .adOOOOo.
  oOOOOOOOOOOOOOba.    .adOOOOOOOOOO@^OOOOOOOba.     .adOOOOOOOOOOOO
 OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"`  '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
 "OOOO"       "YOoOOOOMOIONODOO"`  .   '"OOROAOPOEOOOoOY"     "OOO"
    Y           'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?'         :`
    :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO?         .
    .            oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
                 '%o  OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
                      `$"  `OOOO' `O"Y ' `OOOO'  o             .
    .                  .     OP"          : o     .
                              :
                              .

[R3C0N] by 0bfxgh0st 4 WWA with ❤
WWA for the #15 !

[OS] Linux (99%)
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-21 11:15 EDT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 11:15
Completed NSE at 11:15, 0.00s elapsed
Initiating Ping Scan at 11:15
Scanning appointment.htb (10.129.125.216) [4 ports]
Completed Ping Scan at 11:15, 0.06s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 11:15
Scanning appointment.htb (10.129.125.216) [65535 ports]
Discovered open port 80/tcp on 10.129.125.216
Completed SYN Stealth Scan at 11:15, 14.40s elapsed (65535 total ports)
NSE: Script scanning 10.129.125.216.
Initiating NSE at 11:15
Completed NSE at 11:15, 0.00s elapsed
Nmap scan report for appointment.htb (10.129.125.216)
Host is up (0.067s latency).
Not shown: 65336 closed tcp ports (reset), 198 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT   STATE SERVICE
80/tcp open  http

NSE: Script Post-scanning.
Initiating NSE at 11:15
Completed NSE at 11:15, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 14.63 seconds
           Raw packets sent: 71640 (3.152MB) | Rcvd: 67934 (2.717MB)


[+] [fuzzin server]
http://appointment.htb [200 OK] Apache[2.4.38], Bootstrap, Country[RESERVED][ZZ], HTML5, HTTPServer[Debian Linux][Apache/2.4.38 (Debian)], IP[10.129.125.216], JQuery[3.2.1], PasswordField[password], Script, Title[Login]

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Thu Jul 21 11:15:56 2022
URL_BASE: http://appointment.htb:80/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
OPTION: Not Recursive

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: http://appointment.htb:80/ ----
==> DIRECTORY: http://appointment.htb:80/css/                                                                                                                                                     
==> DIRECTORY: http://appointment.htb:80/fonts/                                                                                                                                                   
==> DIRECTORY: http://appointment.htb:80/images/                                                                                                                                                  
+ http://appointment.htb:80/index.php (CODE:200|SIZE:4896)                                                                                                                                        
==> DIRECTORY: http://appointment.htb:80/js/                                                                                                                                                      
+ http://appointment.htb:80/server-status (CODE:403|SIZE:280)                                                                                                                                     
==> DIRECTORY: http://appointment.htb:80/vendor/                                                                                                                                                  
                                                                                                                                                                                                  
-----------------
END_TIME: Thu Jul 21 11:21:15 2022
DOWNLOADED: 4612 - FOUND: 2

recon http web service on port 80

We have a login

Trying SQL injection ' or 1=1; --