circusmonkey404's Security Site

Hackthebox - Retired - arctic Recon I've been using Threader3000 for my recon scan lately. It's written in python and does a really quick up/down scan on all TCP. Then it will run an nmap scan based on the initial results. It saves all the outputs automatically. I like to convert the xml of the nmap scan to HTML to make it pretty. Just 3 ports 135, 8500 and 49154 135 and 49154 are probably RPC I tried enum4linux to see if we got any info back as anonymous user So what is port 8500? Nmap says its fmtp never heard of it. When I see a port I don't know about I usually try to netcat to it like it as a telnet session or use curl or a web browser just to see if anything shows up. Netcat was nothing…..  But There was a response in curl Let's try firefox. What is CFIDE? A quick google search found https://www.petefreitag.com/item/750.cfm Which says it might be a coldfusion. I tried to admin url in the web post. http://arctic.htb:8500/CFIDE/administrator/index.cfm Looks like thi

HackTheBox - Retired - Beep Recon Recently I've been using Threader3000 for my recon scan, it's a threaded scanner written in python that does a quick up/down scan on all TCP than pipes that open ports into a nmap scan for you, and even saves all the output as xml for you. That is a lot of open ports. Here is the namp scan that it recommends we run I like to convert the xml output of the nmap scan to HTML to make it easier for me to read. xsltproc ./beep.htb/beep.htb.xml -o ./beep.html Wow that is a lot of ports, There are 16 ports that respond here. Nmap found some service names and version for us and we can see that some services use multiple ports Looks like Port 22 OpenSSH 4.3 Port 25 postfix SMTP Port 80 Apache 2.2.3 Port 110,143,993,995,4190 Cyrus Mail Port 111 RPC Port 3306 MySql Port 4559 HylaFax Port 5038 Asterisk Call Manager Port 10000 MiniServ Let's check out the webserver on port 80 It auto r