circusmonkey404's Security Site

HacktheBox - Retied - Node Recon So I'm starting to use Threader3000 to do my recon scan, so far I really like this tool. It uses python to run threaded scans and then suggests nmap scans to run and outputs the results to xml  I convert the XML to HTML using xslprotc Here is the output from the nmap scan it ran Just two ports open ssh on 22 and a web server on 3000 Here is what is on port 3000 when we browse to it Looks like a social media site. I used owasp zap to run some scans against the site.. I tried dirbuster first but it gave some weird results, including this what looks like "U mad?" in the response it was sending to some of the requests. But zaproxy found this An API with what looks like some leaked creds [{"_id":"59a7368398aa325cc03ee51d","username":"tom","password":"f0e2e750791171b0391b682ec35835bd6a5c3f7c8d1d0191451ec77b4d75f240","is_admin":false}, {"_id":"59a7368e98aa325cc03

HackTheBox.eu - Retired - Sauna Recon As always I start with a simple up/down scan on all TCP ports to see what is open. Nmap -T4 -p- -oX ./nmapb.xml sauna.htb Then I convert it to HTML to make it pretty xsltproc ./nmapb.xml -o ./nmapb.html That is a lot of open ports. Let's rescan with the -A switch on just the open ports to try and finger OS/Services # nmap -A -T4 -p 53,80,88,135,139,389,445,464,593,636,3268,3269,5985,9389,49667,49669,49670,49671,49682,55242 -oX ./nmapf.xml sauna.htb Then we will convert that output to HTML also OK So it looks like a windows box, that has IIS on port 80 and it's a domain joined computer. With RPC,Winrm and SMB SMB allows anonymous access but nothing's there RPC allows me to connect with no password…. But access is denied for my quick testing  Enum4linux gave me some info We will have to try these again when we find some credentials I get this error when trying to add a comment on the "single Page" which looks like a blog with