10.10.11.16	solarLab.htb

nmap -A -p- -v -T4 solarlab.htb

Nmap scan report for solarlab.htb (10.10.11.16)
Host is up (0.28s latency).
Not shown: 65530 filtered tcp ports (no-response)
PORT     STATE SERVICE       VERSION
80/tcp   open  http          nginx 1.24.0
|_http-server-header: nginx/1.24.0
|_http-title: SolarLab Instant Messenger
135/tcp  open  msrpc         Microsoft Windows RPC
139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp  open  microsoft-ds?
6791/tcp open  http          nginx 1.24.0
|_http-server-header: nginx/1.24.0
|_http-title: Did not follow redirect to http://report.solarlab.htb:6791/
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2024-07-23T04:44:44
|_  start_date: N/A
|_clock-skew: -8m12s

nmap -A -v -T4 10.10.11.12

Nmap scan report for capiclean.htb (10.10.11.12)
Host is up (0.28s latency).
Not shown: 976 closed tcp ports (conn-refused)
PORT      STATE    SERVICE          VERSION
22/tcp    open     ssh              OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 2c:f9:07:77:e3:f1:3a:36:db:f2:3b:94:e3:b7:cf:b2 (ECDSA)
|_  256 4a:91:9f:f2:74:c0:41:81:52:4d:f1:ff:2d:01:78:6b (ED25519)
80/tcp    open     http             Apache httpd 2.4.52 ((Ubuntu))
|_http-favicon: Unknown favicon MD5: 59A6DBEA095D69E461CAC2D85CE6999A
| http-methods: 
|_  Supported Methods: HEAD OPTIONS GET
|_http-title: Capiclean
| http-server-header: 
|   Apache/2.4.52 (Ubuntu)
|_  Werkzeug/2.3.7 Python/3.10.12
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

gobuster vhost -u http://capiclean.htb/ --append-domain -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
Nothing