Hackthebox - Active - Registry Recon As always I start with a simple Up/Down scan on all open TCP ports to see what is up $ nmap -T4 -p- -oX ./nmapb.xml registry.htb Then Convert that to HTML to make it pretty $ xsltproc ./nmapb.xml -o ./nmapb.html Alright looks like port 22,80 and 443 lets rescan just those ports using the -A switch to run all scripts and try to finger OS/Services $ nmap -T4 -A -p22,80,443 -oX nmapf.xml registry.htb Then I’ll convert that to HTML Also $ xsltproc ./nmapf.xml -o ./nmapf.html Ok so we got OpenSSH 7.6p1 on 22 and nginx on 80 and 443. Let’s see what is on the website Default nginx page. When we see a SSL page it’s always a good idea to take a peek at the certificate installed to see if it give us any more information Looks like its issues to a subdomain or vhost docker.registry.htb I added this to my etc/hosts and tried to browse the site It returns a completely empty page. No source code or anything, but also no error messages. I started up a dirb scan as
@circusmonkey404 on the twitters; DM for contact