circusmonkey404's Security Site

Hackthebox.eu - Retired - Netmon Recon Starting as always is a simple up/down scan on all TCP ports # nmap -T4 -p- -oX /root/Desktop/HTB/Netmon/nmapb.xml 10.10.10.152 Convert it to HTML # xsltproc /root/Desktop/HTB/Netmon/nmapb.xml -o /root/Desktop/HTB/Netmon/nmapb.html That's a bunch of ports open Let's run -A against those ports for fingering the OS/Services # nmap -T4 -A -p21,135,139,445,5985,47001,49664,49665,49666,19667,49668,49669 -oX /root/Desktop/HTB/Netmon/nmapf.xml 10.10.10.152 Then convert it to HTML xsltproc /root/Desktop/HTB/Netmon/nmapf.xml -o /root/Desktop/HTB/Netmon/nmapf.html Port 21 anonymous FTP, NetBIOS and something running on the 4000 port range… not sure yet Let's take a look at that FTP running Oh My God… They have the entire root directory open on FTP I think we can move to exploit from here. Exploit So we just browse the FTP to users There is the user hash.. dd5****************** So

Hackthebox.eu - Retired - Irked Recon As always I start with staged nmap scans. The first scan is a simple up/down scan on all tcp ports # nmap -T4 -p- -oX /root/Desktop/HTB/irked/nmapb.xml 10.10.10.117 Then I convert it to HTML to make it pretty  xsltproc /root/Desktop/HTB/irked/nmapb.xml -o /root/Desktop/HTB/irked/nmapb.html We found the following TCP ports open to put in our next scan 22,80,111,6697,8067,56314,65534 Next we run with -A to finger the OS/Services # nmap -T4 -A -p22,80,111,6697,8067,56314,65534 -oX /root/Desktop/HTB/irked/nmapf.xml 10.10.10.117 Then convert that to HTML also  xsltproc /root/Desktop/HTB/irked/nmapf.xml -o /root/Desktop/HTB/irked/nmapf.html Here is what we get when browsing to port 80 Dirb got me nothing except some default apache manuals… I don't know what the unrealIRCd is A quick google search https://www.unrealircd.org/ Ok its an IRC  Exploit So a quick search on searchsploit I find  Lets

De-ICE: S1.140 https://www.vulnhub.com/entry/de-ice-s1140,57/ I've been doing a lot of hackthebox.eu boxes, I've decided to take a small break from those and focus on other vuln boxes for a while, A colleague told me about these ICE boxes he did for labs during school. So  I decided to check them out. Recon Since these are live CD's the first thing I need to do is find out the ip address of the live CD VM i'm running. My home network is 192.168.50.0/24 so I started with a small updown nmap scan of my entire subnet to find the target VM nmap -T4 -oX /root/Desktop/ice/nmap.xml 192.168.50.0/24 I then converted the XML output to HTML to make it pretty xsltproc /root/Desktop/ice/nmap.xml -o /root/Desktop/ice/nmap.html Found the target at 192.168.50.176 So now let's rescan the open ports with the -A switch to finger the OS/Services Let's recap what we found Port 21 PROFTPD 1.3.4a Port 22 OPenSSH 5.9p1 Port 80 Apa