Hackthebox - Retired - Hawk Recon I've started to use Threader3000 for my inital recon scans. It uses threaded scans to make initial scans much quicker. Then based on the results of those initial scan it will recommend a nmap scan for just open ports, it also outputs all the results for historical purposes. Me Gusta Threader3000 Here is the first scan and the optional nmap scan that we can now run with based on the results. I used to do this manually and scan all TCP ports then run a second more aggressive scan based on the results of the first scan. But now this is automated for me with this tool :) Here is the output xml converted to HTML to make it pretty xsltproc ./hawk.htb.xml -o ./hawk.htb.html OK so we have Port 21 vsftpd version 3.03 Port 22 OpenSSH version 7.6p1 Port 80 Apache version 2.4.29 Port 5435 Something? Port 8082 H2 Database http console Port 9092 XMLpcREGSVC <- whatever that is And according to the results we have anonymous FTP access on port 2
@circusmonkey404 on the twitters; DM for contact