Skip to main content

Posts

Showing posts from November, 2020
Hackthebox.eu - Tabby -  Retired Recon I started with my basic start a quick up/down scan on all TCP ports then another scan with -A to run all the scripts against the found ports. nmap -T4 -p- -oX ./nmapb.xml 10.10.10.194 Then converted that to HTML Xslprotc ./nmapb.xml -o ./nmapb.html Then I ran my second scan with just those ports nmap -T4 -A -p22,80,4202,8080,15751,24329,28144,28244,32972,34303,41376,42494,55006,57000,60317,62669,62796,63622 -oX ./nmapf.xml 10.10.10.194  Then converted it to html too xsltproc ./nmapf.xml -o ./nmapf.html Looks like we have openssh 8.2p1 on port 22 and apache 2.4.41 on port 80 and 8080 Let's browse to port 80 and see what we can see Looks like a site for a hosting provider.  I generally just start by poking around the site following all the links to see if anything pops out. Well, it just so happens when I went to the News link at the top it gave a 404 error because it was looking for megahosting.htb and not the IP address of the box So I added t

HacktheBox - DevOops - Retired

HacktheBox - DevOops - Retired Recon Let's use threader3000 for our recon scan. It's a threaded scanner written in python that does a super quick up/down scan on all TCP ports, then suggests a nmap scan based on the results. It will automatically save the nmap scan results as XML, then we can convert it to HTML xsltproc ./devops.htb/devops.htb.xml -o ./devops.html Just two ports open Port Service Version 22 OpenSSH 7.2p2 5000 Gunicorn 19.7.1 What is Gunicorn? https://gunicorn.org/ "Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. It's a pre-fork worker model. The Gunicorn server is broadly compatible with various web frameworks, simply implemented, light on server resources, and fairly speedy" There is just some text at the top and a picture of another website…. Let's brute force this and see if we can find any other interesting things to look at on this web server. dirb http://devops.htb:5