HackTheBox - Retired - Grandpa - Updated Recon Lately I've been using thread 3000 to do my recon scan on hack the box. It's a threaded scanner written in python that does super quick up/down scans on all TCP ports and then suggests a nmap scan to run based on the results of the first scan. It saves the nmap scan out as an xml which I convert to HTML to make it easier to read. xsltproc ./ 10.10.10.14/10.10.10.14.xml -o grandpa.htb So not much open here just port 80 which nmap says is IIS 6. So since it uses IIS we know it's a windows box. Let's see what is being served on port 80. Just an under construction page. Let's brute force the directory to see if we can find anything else being served on port 80 since it's our only path. I use several tools to do this since each tool has their own quirks and might find things that the others don't. I started with dirb here dirb http://grandpa.htb So not much here to go on, no login pages, no admin panels. Exploit
@circusmonkey404 on the twitters; DM for contact