circusmonkey404's Security Site

HackTheBox -Active - Postman Got use and root on this box on 1/3/20. This is just a placeholder until the box is retired and I can upload my full write up. Recon: As always I start with a simple up/down scan on all TCP ports # nmap -T4 -p- -oX /root/Desktop/HTB/postman/nmapb.xml 10.10.10.160 Then I convert the XML to HTML Xsltproc /root/desktop/HTB/postman/nmapb.xml -o /root/Desktop/HTB/postman/nmapb.html

Hackthebox.eu - Retired - Active Recon As always  I start with a simple Up/Down scan on TCP ports to see what is open # nmap -T4 -p- -oX /root/Desktop/HTB/Active/nmapb.xml 10.10.10.100 A bunch of open ports… Let's scan again on those ports with -A to see if we can finger OS/Services # nmap -T4 -A -p53,88,135,139,389,445,464,593,636,3268,3269,9389,47001,49152,49153,49154,49155,49157,49158,19469,49170,49180 -oX /root/Desktop/HTB/Active/nmapf.xml 10.10.10.100 Lots of ports open  53 for dns Netbios Ldap Since this is a windows computer with smb let's see what we might find via smb Exploit Let's map the shares Smbmap -H 10.10.10.100 There is only one share that we can connect to so let's see what's there. oot@kali-iMac:~# smbclient // 10.10.10.100/replication Enter WORKGROUP\root's password:  Anonymous login successful Try "help" to get a list of possible commands. smb: \> dir   .