Hackthebox - Retired - arctic Recon I've been using Threader3000 for my recon scan lately. It's written in python and does a really quick up/down scan on all TCP. Then it will run an nmap scan based on the initial results. It saves all the outputs automatically. I like to convert the xml of the nmap scan to HTML to make it pretty. Just 3 ports 135, 8500 and 49154 135 and 49154 are probably RPC I tried enum4linux to see if we got any info back as anonymous user So what is port 8500? Nmap says its fmtp never heard of it. When I see a port I don't know about I usually try to netcat to it like it as a telnet session or use curl or a web browser just to see if anything shows up. Netcat was nothing….. But There was a response in curl Let's try firefox. What is CFIDE? A quick google search found https://www.petefreitag.com/item/750.cfm Which says it might be a coldfusion. I tried to admin url in the web post. http://arctic.htb:8500/CFIDE/administrator/index.cfm Looks like thi
@circusmonkey404 on the twitters; DM for contact