Hackthebox.eu - retired- obscurity Recon As is my custom I start with a simple up/down scan on all TCP ports to see what we can find nmap -T4 -p- -oX ./nmapb.xml 10.10.10.168 I then convert the XML to HTML to make it look pretty Xsltproc /root/Desktop/HTB/obscurity/nmapb.xml -o /root/Desktop/HTB/obscurity/nmapb.html So we have port 22 and 8080 open. Let's do another scan with -A to finger os/services nmap -T4 -A -p22,8080 -oX ./nmapf.xml 10.10.10.168 Then I again convert to html with the same Xsltproc cmd Port 33 is OpenSSH 7.6p1 Port 8080 is something named BadHTTPServer, I've never heard of that Let's see what we get when we browse to 8080 We get a web page for a company name obscura. They brag about writing all their own software from scratch so there should be no existing exploits for them. Here they left a message for their Dev's that the source code for the web server is called "SuperSecureServer.py" in t
@circusmonkey404 on the twitters; DM for contact