circusmonkey404's Security Site

HackTheBox.eu - Sunday - Retired - Update Recon I've been using threader3000 for my recon scans lately. It's a staged scanner that does a super quick up/down scan on all TCP and then based on what is up suggests an nmap scan to run against just the open ports. It automatically save the nmap scan as XML which I then convert to HTML xsltproc ./sunday.htb/sunday.htb.xml -o ./sunday.html That is some strange results Nmap says just port 79, 22022, 59822 are open. It says 79 is finger and has no guess about the other two or what OS might be running here… Not a lot to go on here. So I just googled finger and pentest and it turns out you can maybe enumerate users with finger. Let's try it. At first I used a script from https://raw.githubusercontent.com/pentestmonkey/finger-user-enum/master/finger-user-enum.pl   It was running really slow until I saw the switch that lets you change the threads -m perl ./ fingerenum.pl -U ./names.txt -t sunday.htb -m 100 I used the list from /usr/s

HackTheBox - Valentine - Retired - Update Recon I've been using threader3000 lately to do my recon scans. It does a staged scan, the first stage is a super quick up/down scan on all TCP ports. Then suggests an nmap scan based on the results of the open ports of the first scan. It also saves all the nmap scans out to a XML file which i like to convert to HTML to make it easy to read. xsltproc ./valentine.htb/valentine.htb.xml -o ./valentine.html Looks like we have just three open ports here. Port Service Version 22 OpenSSH 5.9p1 80 Apache 2.2.22 443 Apache 2.2.22 And nmap thinks its a Ubuntu box. Here is what we see on port 80 That logo is familiar….. But we will get back to that. What about port 443? Same thing but https…. So about that logo…. Not a whole lot of bugs get their own logo, but heartbleed does. https://heartbleed.com/ CVE-2014-0160 " The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected