Hackthebox.eu - Retired - Irked Recon As always I start with staged nmap scans. The first scan is a simple up/down scan on all tcp ports # nmap -T4 -p- -oX /root/Desktop/HTB/irked/nmapb.xml 10.10.10.117 Then I convert it to HTML to make it pretty xsltproc /root/Desktop/HTB/irked/nmapb.xml -o /root/Desktop/HTB/irked/nmapb.html We found the following TCP ports open to put in our next scan 22,80,111,6697,8067,56314,65534 Next we run with -A to finger the OS/Services # nmap -T4 -A -p22,80,111,6697,8067,56314,65534 -oX /root/Desktop/HTB/irked/nmapf.xml 10.10.10.117 Then convert that to HTML also xsltproc /root/Desktop/HTB/irked/nmapf.xml -o /root/Desktop/HTB/irked/nmapf.html Here is what we get when browsing to port 80 Dirb got me nothing except some default apache manuals… I don't know what the unrealIRCd is A quick google search https://www.unrealircd.org/ Ok its an IRC Exploit So a quick search on searchsploit I find Lets
@circusmonkey404 on the twitters; DM for contact