Hackthebox.eu - Retired - Nineveh Recon I start with a simple UP/Down scan on all TCP ports. Nmap -T4 -p- -oX ./nmapb.xml nineveh.htb Then I convert the output to HTML to make it easy to ready Xsltproc ./nmapb.xml -o ./nmapb.html Looks like just port 80 and 443 are open. A webserver Let’s run nmap again with the -A switch to run all the scripts against just these two ports Nmap -T4 -p80,443 -A -oX ./nmapf.xml nineveh.htb Then convert that to HTML too Xsltproc ./nmapf.xml -o ./nmapf.html Looks like we have Apache 2.4.18 running on an ubuntu server Let’s browse 80 and 443 to see what it serves up. 80 SSL/ Port 443 Here is the cert info for ssl Not much help there. Let’s start to scan these websites and see if we can find something, We will be searching against both ports since they could have different files being served. I’ll start with Nikto on port 80 Nikto -h http://nineveh.htb Info.php is available which is a default apache page that gives a lot of info on the webserver. It also lo
@circusmonkey404 on the twitters; DM for contact