HacktheBox.eu - Retired - Mango Recon As always I start with a simple up/down scan on all TCP ports nmap -T4 -p- -oX ./nmapb.xml 10.10.10.162 Then I convert that to HTML # xsltproc ./nmapb.xml -o ./nmapb.html Looks like port 22, 80 and 443 are open. Let's scan again with -A to finger os/services # nmap -T4 -A -p 22,80,443 -oX ./nmapf.xml 10.10.10.162 Then convert it to HTML again # xsltproc ./nmapf.xml -o nmapf.html Ok so port 22 is SSH, Port 80 and 443 are Apache 2.4.29 Here is what we see on 443 Dirbuster found this https://mango.htb/analytics.php This is one of the fist boxes I've done that actually required messing with my hosts file So if you look at the certificate for the site I added staging-order.mabgo.htb to my /etc/hosts file and now we see Let's dirbuster this bad boy and see if we can find anything else During the scan it found this folder /vendor/composer/ https://composer.json.jolicode.com/ Which i
@circusmonkey404 on the twitters; DM for contact