Hackthebox.eu - Retired - Netmon Recon Starting as always is a simple up/down scan on all TCP ports # nmap -T4 -p- -oX /root/Desktop/HTB/Netmon/nmapb.xml 10.10.10.152 Convert it to HTML # xsltproc /root/Desktop/HTB/Netmon/nmapb.xml -o /root/Desktop/HTB/Netmon/nmapb.html That's a bunch of ports open Let's run -A against those ports for fingering the OS/Services # nmap -T4 -A -p21,135,139,445,5985,47001,49664,49665,49666,19667,49668,49669 -oX /root/Desktop/HTB/Netmon/nmapf.xml 10.10.10.152 Then convert it to HTML xsltproc /root/Desktop/HTB/Netmon/nmapf.xml -o /root/Desktop/HTB/Netmon/nmapf.html Port 21 anonymous FTP, NetBIOS and something running on the 4000 port range… not sure yet Let's take a look at that FTP running Oh My God… They have the entire root directory open on FTP I think we can move to exploit from here. Exploit So we just browse the FTP to users There is the user hash.. dd5****************** So
@circusmonkey404 on the twitters; DM for contact