FEAT:🚩 HTB S10「CCTV」Easy
Easy, Linux
FEAT:🚩 HTB S10「CCTV」Easy
このマシンは
2026/04/06現在アクティブです.解法の共有は禁止されています.
Reconnaissance & Initial Enumeration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
$ nmap cctv.htb -p- -sV --min-rate 1000
Starting Nmap 7.98 ( https://nmap.org ) at 2026-04-05 19:42 +0900
Nmap scan report for cctv.htb (10.129.194.229)
Host is up (0.13s latency).
Not shown: 65533 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.14 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.58
Service Info: Host: default; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 74.78 seconds
$ sudo nmap cctv.htb -p- -sV -sU --top-ports 100 --min-rate 1000
Starting Nmap 7.98 ( https://nmap.org ) at 2026-04-05 19:47 +0900
Nmap scan report for cctv.htb (10.129.194.229)
Host is up (0.13s latency).
Not shown: 94 open|filtered udp ports (no-response)
PORT STATE SERVICE VERSION
177/udp closed xdmcp
1022/udp closed exp2
1433/udp closed ms-sql-s
1813/udp closed radacct
5060/udp closed sip
49194/udp closed unknown
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 412.48 seconds
VHOST & サブドメイン探索
1
2
3
4
5
$ ffuf -u http://cctv.htb -H "Host: FUZZ.cctv.htb" -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -mc all -ac
# None
$ ffuf -u http://FUZZ.cctv.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -mc all -ac
# None
ディレクトリ探索
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
╰─>[👾]~/wksp/ctf/htb/s10/cctv $ feroxbuster -u http://cctv.htb -w /usr/share/seclists/Discovery/Web-Content/common.txt -C 404,400 -t 50
───────────────────────────┬──────────────────────
🎯 Target Url │ http://cctv.htb/
🚩 In-Scope Url │ cctv.htb
🚀 Threads │ 50
📖 Wordlist │ /usr/share/seclists/Discovery/Web-Content/common.txt
💢 Status Code Filters │ [404, 400]
💥 Timeout (secs) │ 7
🦡 User-Agent │ feroxbuster/2.13.1
🔎 Extract Links │ true
🏁 HTTP methods │ [GET]
🔃 Recursion Depth │ 4
───────────────────────────┴──────────────────────
🏁 Press [ENTER] to use the Scan Management Menu™
──────────────────────────────────────────────────
403 GET 9l 28w 273c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
404 GET 9l 31w 270c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
200 GET 224l 562w 6177c http://cctv.htb/
301 GET 9l 28w 301c http://cctv.htb/zm => http://cctv.htb/zm/
301 GET 9l 28w 305c http://cctv.htb/zm/api => http://cctv.htb/zm/api/
301 GET 9l 28w 307c http://cctv.htb/zm/cache => http://cctv.htb/zm/cache/
301 GET 9l 28w 309c http://cctv.htb/zm/cgi-bin => http://cctv.htb/zm/cgi-bin/
200 GET 224l 562w 6177c http://cctv.htb/index.html
301 GET 9l 28w 305c http://cctv.htb/zm/css => http://cctv.htb/zm/css/
301 GET 9l 28w 309c http://cctv.htb/javascript => http://cctv.htb/javascript/
301 GET 9l 28w 306c http://cctv.htb/zm/ajax => http://cctv.htb/zm/ajax/
301 GET 9l 28w 310c http://cctv.htb/zm/graphics => http://cctv.htb/zm/graphics/
404 GET 27l 83w -c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
301 GET 9l 28w 310c http://cctv.htb/zm/includes => http://cctv.htb/zm/includes/
200 GET 5l 17w 151c http://cctv.htb/zm/cache/skins_classic_views_js_login-base-1752558138.js
200 GET 48l 165w 1205c http://cctv.htb/zm/cache/js_ajaxQueue-base-1752558138.js
200 GET 10l 50w 664c http://cctv.htb/zm/cache/skins_classic_js_bootstrap-table-1.22.3_extensions_page-jump-to_bootstrap-table-page-jump-to.min-base-1752558138.css
200 GET 68l 338w 2610c http://cctv.htb/zm/cache/js_Server-base-1752558138.js
200 GET 5l 290w 13891c http://cctv.htb/zm/skins/classic/js/jquery-ui-1.13.2/jquery-ui.theme.min.css
200 GET 10l 945w 36468c http://cctv.htb/zm/cache/skins_classic_js_bootstrap-table-1.22.3_extensions_toolbar_bootstrap-table-toolbar.min-base-1752558138.js
200 GET 10l 663w 32272c http://cctv.htb/zm/cache/skins_classic_js_bootstrap-table-1.22.3_extensions_export_bootstrap-table-export.min-base-1752558138.js
200 GET 4l 66w 31000c http://cctv.htb/zm/cache/css_font-awesome.min-base-1752558138.css
200 GET 7033l 23033w 229201c http://cctv.htb/zm/skins/classic/js/bootstrap-4.5.0.min.js
301 GET 9l 28w 307c http://cctv.htb/zm/fonts => http://cctv.htb/zm/fonts/
301 GET 9l 28w 304c http://cctv.htb/zm/js => http://cctv.htb/zm/js/
401 GET 25l 73w 903c http://cctv.htb/zm/api/.swf
200 GET 30l 187w 1945c http://cctv.htb/zm/cache/skins_classic_js_dateTimePicker_jquery-ui-timepicker-addon-base-1752558138.css
200 GET 8l 71w 4455c http://cctv.htb/zm/cache/js_fontfaceobserver.standalone-base-1752558138.js
200 GET 11l 374w 10220c http://cctv.htb/zm/skins/classic/js/chosen/chosen.min.css
200 GET 1134l 2233w 19195c http://cctv.htb/zm/cache/skins_classic_css_base_skin-base-1752558138.css
200 GET 10l 459w 20347c http://cctv.htb/zm/cache/skins_classic_js_bootstrap-table-1.22.3_extensions_auto-refresh_bootstrap-table-auto-refresh.min-base-1752558138.js
200 GET 183l 561w 8477c http://cctv.htb/zm/index.php
301 GET 9l 28w 318c http://cctv.htb/zm/includes/actions => http://cctv.htb/zm/includes/actions/
301 GET 9l 28w 306c http://cctv.htb/zm/lang => http://cctv.htb/zm/lang/
301 GET 9l 28w 315c http://cctv.htb/zm/skins/classic => http://cctv.htb/zm/skins/classic/
200 GET 1l 2w 438c http://cctv.htb/zm/graphics/favicon.ico
301 GET 9l 28w 309c http://cctv.htb/zm/api/app => http://cctv.htb/zm/api/app/
401 GET 27l 83w -c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
401 GET 1l 4w 217c http://cctv.htb/zm/api/app/.well-known/jwks.json
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/.well-known/keybase.txt
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/.well-known/mta-sts.txt
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/.well-known/security.txt
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/.well-known/humans.txt
301 GET 9l 28w 321c http://cctv.htb/zm/api/css => http://cctv.htb/zm/api/app/webroot/css/
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/.well-known/dnt-policy.txt
401 GET 1l 4w 223c http://cctv.htb/zm/api/app/_framework/blazor.boot.json
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/_framework/zm/api/favicon.ico
200 GET 3l 9w 618c http://cctv.htb/zm/api/favicon.ico
301 GET 9l 28w 322c http://cctv.htb/zm/skins/classic/assets => http://cctv.htb/zm/skins/classic/assets/
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/_framework/blazor.webassembly.js
301 GET 9l 28w 319c http://cctv.htb/zm/skins/classic/css => http://cctv.htb/zm/skins/classic/css/
301 GET 9l 28w 321c http://cctv.htb/zm/api/img => http://cctv.htb/zm/api/app/webroot/img/
301 GET 9l 28w 307c http://cctv.htb/zm/skins => http://cctv.htb/zm/skins/
301 GET 9l 28w 308c http://cctv.htb/zm/vendor => http://cctv.htb/zm/vendor/
403 GET 9l 28w -c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
301 GET 9l 28w 309c http://cctv.htb/zm/api/lib => http://cctv.htb/zm/api/lib/
301 GET 9l 28w 317c http://cctv.htb/zm/vendor/composer => http://cctv.htb/zm/vendor/composer/
301 GET 9l 28w 307c http://cctv.htb/zm/views => http://cctv.htb/zm/views/
301 GET 9l 28w 324c http://cctv.htb/zm/skins/classic/graphics => http://cctv.htb/zm/skins/classic/graphics/
301 GET 9l 28w 318c http://cctv.htb/zm/skins/classic/js => http://cctv.htb/zm/skins/classic/js/
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/zm/api/css/cake.generic.css
401 GET 1l 4w 210c http://cctv.htb/zm/api/app/contribute.json
401 GET 2l 7w 309c http://cctv.htb/zm/api/app/crossdomain.xml
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/zm/api/img/cake.power.gif
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/contacts.txt
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/favicon.ico
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/humans.txt
301 GET 9l 28w 321c http://cctv.htb/zm/skins/classic/views => http://cctv.htb/zm/skins/classic/views/
401 GET 1l 4w 204c http://cctv.htb/zm/api/app/jwks.json
401 GET 1l 4w 227c http://cctv.htb/zm/api/app/node_modules/.package-lock.json
401 GET 1l 4w 214c http://cctv.htb/zm/api/app/npm-shrinkwrap.json
401 GET 1l 4w 212c http://cctv.htb/zm/api/app/package-lock.json
401 GET 1l 4w 207c http://cctv.htb/zm/api/app/package.json
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/player.swf
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/robots.txt
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/security.txt
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/sitemap.gz
401 GET 2l 7w 305c http://cctv.htb/zm/api/app/sitemap.xml
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/swfobject.js
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/tar.bz2
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/tar.gz
401 GET 1l 4w 207c http://cctv.htb/zm/api/app/version.json
401 GET 25l 73w 903c http://cctv.htb/zm/api/app/vite.config.js
301 GET 9l 28w 316c http://cctv.htb/zm/api/app/vendor => http://cctv.htb/zm/api/app/vendor/
401 GET 2l 7w 301c http://cctv.htb/zm/api/app/web.xml
401 GET 1l 4w 216c http://cctv.htb/zm/api/app/webpack.manifest.json
301 GET 9l 28w 313c http://cctv.htb/zm/api/app/tmp => http://cctv.htb/zm/api/app/tmp/
[####################] - 3m 104712/104712 0s found:82 errors:8559
[####################] - 40s 4752/4752 119/s http://cctv.htb/
[####################] - 69s 4752/4752 69/s http://cctv.htb/zm/
[####################] - 66s 4752/4752 72/s http://cctv.htb/cgi-bin/
[####################] - 78s 4752/4752 61/s http://cctv.htb/zm/ajax/
[####################] - 2m 4752/4752 41/s http://cctv.htb/zm/api/
[####################] - 79s 4752/4752 60/s http://cctv.htb/zm/cache/
[####################] - 73s 4752/4752 65/s http://cctv.htb/zm/cgi-bin/
[####################] - 2m 4752/4752 49/s http://cctv.htb/zm/css/
[####################] - 69s 4752/4752 69/s http://cctv.htb/javascript/
[####################] - 87s 4752/4752 54/s http://cctv.htb/zm/fonts/
[####################] - 80s 4752/4752 59/s http://cctv.htb/zm/graphics/
[####################] - 81s 4752/4752 59/s http://cctv.htb/zm/includes/
[####################] - 85s 4752/4752 56/s http://cctv.htb/zm/includes/actions/
[####################] - 77s 4752/4752 61/s http://cctv.htb/zm/js/
[####################] - 83s 4752/4752 57/s http://cctv.htb/zm/lang/
[####################] - 2m 4752/4752 50/s http://cctv.htb/zm/skins/classic/
This post is licensed under CC BY 4.0 by the author.