circusmonkey404's Security Site

Hackthebox.eu - Retired - Europa Recon As always I start with a simple UP/Down scan on all TCP ports. $ nmap -T4 -p- -oX ./nmapb.xml europa.htb Then I convert that to HTML to make it pretty xsltproc ./nmapb.xml -o ./nmapb.html Ports 22, 80 and 443 open.. Looks like this box is going to be mostly web based Let's run nmap again with the -A switch to run all scripts against these three ports $ nmap -T4 -A -p22,80,443 -oX ./nmapf.xtml europa.htb Then we will convert that output to HTML also xsltproc ./nmapf.xml -o ./nmapf.html Looks like we have an Ubuntu box running a fairly new version of OpenSSH on port 22 and Apache 2.4.18 on 80 and 443 Let's check out those Apache sites Both are just the default Apache install page Got a little bit more info from the certificate on 443 Europacorp.htb should be the box I ran a bunch of scans at these two domains Europa.htb europacorp.htb Tried Dirb and Dirbuster and didn't find anything…

Hackthebox.eu - Retired - Cronos Recon As always I start with a simple UP/Down scan on all TCP ports to see what is open   nmap -T4 -p- -oX /home/circusmonkey/Desktop/HTB/cronos/nmapb.xml cronos.htb Then I convert it to HTML to make it pretty xsltproc /home/circusmonkey/Desktop/HTB/cronos/nmapb.xml -o /home/circusmonkey/Desktop/HTB/cronos/nmapb.html On this box we see three open ports, pretty standard ports 22 SSH, 53 DNS and 80 HTTP Let's scan against those ports with the -A switch to run all the things against them $ nmap -T4  -A -p22,80,53 -oX ./nmapf.xml cronos.htb I'll convert that to HTML too $ xsltproc ./nmapf.xml  -o ./nmapf.html Looks like we have an ubuntu box with openssh 7.2p2 on port 22 ISC BIND 8.10.3-p4 on port 53  Apache 2.4.18 on 80 Here is what we see on port 80 Nothing too interesting in in the source code  A bunch of links to things about something called Laravel? https://laravel.com/ It's a PHP fr