Hackthebox - Retired - Optimum Recon I've been using threader 3000 for my recon scan lately, it's a threaded fast up/down scan on all TCP ports written in python, then it suggests a nmap scan based on the results of the first scan. It has really sped up my recon scans on hackthebox. Then I convert the XML output it saves to HTML to make it pretty. xsltproc ./ 10.10.10.8/10.10.10.8.xml -o ./optimum.html Not much here just port 80 open Nmap says its httpd 2.3 Let's pull up the server and see what it's showing us. Looks like a file browsing system with a login.. HttpFileServer 2.3 We could try to brute force the login page, I tried a couple SQLi's and they didn't work. This page seems like the only path forward so let's look around for exploits. Exploit I googled HTTPFileSErver 2.3 and this was among the first results https://www.exploit-db.com/raw/39161 It's a python script that is a Remote Code Execution. There is a little setup involved to get it going.
@circusmonkey404 on the twitters; DM for contact