circusmonkey404's Security Site

Recon As always I start with a simple up/down nmap scan on all tcp ports to see what's live # nmap -T4 -p- -oX /root/Desktop/HTB/Access/nmapb.xml 10.10.10.98 I then converted the output to HTML to make it pretty # xsltproc /root/Desktop/HTB/Access/nmapb.xml -o /root/Desktop/HTB/Access/nmapb.html Ports 21,23 and 80 are open let's do our next stage of our scan using the -A switch to finger the OS/Services # nmap -T4 -A -p21,23,80 -oX /root/Desktop/HTB/Access/nmapf.xml 10.10.10.98 Then convert that output to HTML also Alright so we have microsoft FTP running on port 21 with anonymous access. Port 23 is telnet, and port 80 is IIS 7.5 Let's browse to 80 and see what we see Looks like a webcam of a Data Center Just a pretty simple page. Let's see if drib can find anything else interesting here. Dirb http://10.10.10.98 http://10.10.10.98/aspnet_client/ - Which is 403 for us right now http://10.10.10.98/aspnet_client/system_we

Hackthebox.eu - Retired - Active Recon As always  I start with a simple Up/Down scan on TCP ports to see what is open # nmap -T4 -p- -oX /root/Desktop/HTB/Active/nmapb.xml 10.10.10.100 A bunch of open ports… Let's scan again on those ports with -A to see if we can finger OS/Services # nmap -T4 -A -p53,88,135,139,389,445,464,593,636,3268,3269,9389,47001,49152,49153,49154,49155,49157,49158,19469,49170,49180 -oX /root/Desktop/HTB/Active/nmapf.xml 10.10.10.100 Lots of ports open  53 for dns Netbios Ldap Since this is a windows computer with smb let's see what we might find via smb Exploit Let's map the shares Smbmap -H 10.10.10.100 There is only one share that we can connect to so let's see what's there. oot@kali-iMac:~# smbclient // 10.10.10.100/replication Enter WORKGROUP\root's password:  Anonymous login successful Try "help" to get a list of possible commands. smb: \> dir   .