Hackthebox.eu - Retired - Nibbles Recon As always I start with a simple up/down scan on TCP ports to see what's up. # nmap -T4 -p- 10.10.10.75 -oX /root/Desktop/HTB/Nibbles/nmapb.xml Then convert the output to html # xsltproc /root/Desktop/HTB/Nibbles/nmapb.xml -o /root/Desktop/HTB/Nibbles/nmapb.html We see port 22 and 80 open, let's scan again on just those ports using -A to finger os/services # nmap -T4 -A -p22,80 10.10.10.75 -oX /root/Desktop/HTB/Nibbles/nmapf.xml Then converted the XML to HTML again. Ok so now we see Port 22 OpenSSH 7.2p2 Port 80 Apache httpd 2.4.18 And it's most likely a linux box Let's browse to to port 80 and see what's being served. Just a little page saying hello world. As a point of recon let's check the source code for the page to see if there is anything interesting there. There is a reference here to /nibbleblog/ let's see what's in there We've got a blog here Pok
@circusmonkey404 on the twitters; DM for contact