HackTheBox - Lame - Retired Recon I've been using threader3000 to do my recon scans. It's a threaded scanner written in python. It does a super quick up/down scan all TCP ports then suggests an nmap scan to run against just the ports it found open. It saves all outputs so it's easy to keep a record. Then I convert the output to HTML to make it pretty. xsltproc ./lame.htb/lame.htb.xml -o ./lame.html So we have ports 21,22, 139, 445 and 3632 open. Nmap thinks it's an ubuntu box. Port 21 vsftpd 2.3.4 Port 22 OpenSSH 4.7p1 Port 139 SMB Port 445 SMB Port 3632 distccd 1 We know about a lot of those ports as pretty generic ports for computers but what is distccd? Interesting, Let's check out low hanging fruit first. Port 21 FTP Well it is open to anonymous access but no thing is being served here. Ports 139 & 445 smb No dice there either… Ok what about that compiler thing we found distcc I google for an exploit
@circusmonkey404 on the twitters; DM for contact