circusmonkey404's Security Site

HackTheBox - Valentine - Retired - Update Recon I've been using threader3000 lately to do my recon scans. It does a staged scan, the first stage is a super quick up/down scan on all TCP ports. Then suggests an nmap scan based on the results of the open ports of the first scan. It also saves all the nmap scans out to a XML file which i like to convert to HTML to make it easy to read. xsltproc ./valentine.htb/valentine.htb.xml -o ./valentine.html Looks like we have just three open ports here. Port Service Version 22 OpenSSH 5.9p1 80 Apache 2.2.22 443 Apache 2.2.22 And nmap thinks its a Ubuntu box. Here is what we see on port 80 That logo is familiar….. But we will get back to that. What about port 443? Same thing but https…. So about that logo…. Not a whole lot of bugs get their own logo, but heartbleed does. https://heartbleed.com/ CVE-2014-0160 " The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected

HacktheBox - bashed - Retired - Update Recon I've been using threader3000 to do my recon scan lately. It does a super fast up/down scan on all TCP ports, then suggests an nmap scan to run based on just the open ports found on the first scan. It also saves the nmap results as a XML, which I then convert to HTML to make it pretty. xsltproc ./bashed.htb/bashed.htb.xml -o ./bashed.html Just one open port, port 80 Nmap says it's Apache 2.4.18, and it's likely an Ubuntu box. Let's see what we is being shown to us when we browse to the site. Phpbash? A quick google search lands us on this github https://github.com/Arrexel/phpbash It's a php webshell, and the author says "I actually developed it on this exact server" And it looks like the author of the github is also the person who made this box. Arrexel I think that means there is a webshell somewhere on this server if we can find it. I tried the name listed in the github to see if I could get to the webshell Bot