HacktheBox - Shocker - Retired Recon I've been using threader3000 for my recon scan lately. It does a super quick threaded up/down scan on all TCP ports then recommends a nmap scan based on those results. It saves the nmap scan as an xml file for you too. I like to convert the XML to HTML to make it easy to read. xsltproc ./shocker.htb/shocker.htb.xml -o ./shocker.html Just two ports open, nmap says it's an ubuntu box. Port 80 Apache 2.4.18 Port 2222 OpenSSH 7.2p2 That's a non-standard port for SSH usually we see it on the default port of 22. Let's see what apache is serving us. Weird. The source code doesn't give us much to go on either. Let's try a brute force scan on port 80 to see if we can find some other pages or directories that might give us more. dirb http://shocker.htb We didn't get much back from dirb except two things that we don't have access to So this image got me thinking, I'm sur
@circusmonkey404 on the twitters; DM for contact