HackTheBox - Blackfield - Retired Recon I've been using threader3000 to do my initial scan lately. It's a threaded python scanner that scans all tcp ports and then suggests a nmap scan based on live ports. /home/circusmonkey404/. local /bin/threader3000 Threader3000 also drops the output to xml which I then convert to HTML using xsltproc xsltproc blackfield.htb.xml -o blackfield.htm So we have ports 53 DNS 88 Kerberos 135 RPC 389 LDAP 445 593 RPC 3268 LDAP So just starting out here it looks like this is definitely a windows box, and possible a Domain Controller. The fact that LDAP, Kerberos and DNS are present is usually an indicator of a domain controller. We also get a little more info from the nmap scan that doesn't show up in the xml HTML Looks like the domain is blackfield.local and the name of this machine is DC01 Well there is no web server here. So what to look at first? How about smb, let's see if there are any open smb shares with an
@circusmonkey404 on the twitters; DM for contact