HackTheBox.eu - Sunday - Retired - Update Recon I've been using threader3000 for my recon scans lately. It's a staged scanner that does a super quick up/down scan on all TCP and then based on what is up suggests an nmap scan to run against just the open ports. It automatically save the nmap scan as XML which I then convert to HTML xsltproc ./sunday.htb/sunday.htb.xml -o ./sunday.html That is some strange results Nmap says just port 79, 22022, 59822 are open. It says 79 is finger and has no guess about the other two or what OS might be running here… Not a lot to go on here. So I just googled finger and pentest and it turns out you can maybe enumerate users with finger. Let's try it. At first I used a script from https://raw.githubusercontent.com/pentestmonkey/finger-user-enum/master/finger-user-enum.pl It was running really slow until I saw the switch that lets you change the threads -m perl ./ fingerenum.pl -U ./names.txt -t sunday.htb -m 100 I used the list from /usr/s
@circusmonkey404 on the twitters; DM for contact