HackTheBox.eu - Retired - Sauna Recon As always I start with a simple up/down scan on all TCP ports to see what is open. Nmap -T4 -p- -oX ./nmapb.xml sauna.htb Then I convert it to HTML to make it pretty xsltproc ./nmapb.xml -o ./nmapb.html That is a lot of open ports. Let's rescan with the -A switch on just the open ports to try and finger OS/Services # nmap -A -T4 -p 53,80,88,135,139,389,445,464,593,636,3268,3269,5985,9389,49667,49669,49670,49671,49682,55242 -oX ./nmapf.xml sauna.htb Then we will convert that output to HTML also OK So it looks like a windows box, that has IIS on port 80 and it's a domain joined computer. With RPC,Winrm and SMB SMB allows anonymous access but nothing's there RPC allows me to connect with no password…. But access is denied for my quick testing Enum4linux gave me some info We will have to try these again when we find some credentials I get this error when trying to add a comment on the "single Page" which looks like a blog with
@circusmonkey404 on the twitters; DM for contact