HacktheBox - Kotarak - Retried Recon Let's use threader3000 for our recon scan. It's a threaded scanner written in python that does a super quick up/down scan on all TCP ports, then suggests a nmap scan based on the results. It will automatically save the nmap scan results as XML, then we can convert it to HTML xsltproc ./kotarak.htb/kotarak.htb.xml -o kotarak.html Looks like we have a few ports open Port Service Version 22 OpenSSH 7.2p2 8009 Apache Jserv 1.3 8080 Apache tomcat 8.5.5 60000 Apache HTTPD 2.4.18 Let's check out port 8080 first. Just a 404, let's see if we can find anything else with dirb Dirb http://kotarak.htb:8080 We didn't find a lot here. GENERATED WORDS: 4612 ---- Scanning URL: http://kotarak.htb:8080/ ---- + http://kotarak.htb:8080/docs (CODE:302|SIZE:0)
@circusmonkey404 on the twitters; DM for contact