circusmonkey404's Security Site

HackTHeBox - Bank - Retired - Update Recon I've been using threader3000  to run my recon scans lately. It does a super fast up/down scan on all TCP ports then suggests and NMAP scan based only on the ports that were up in the first scan. It also automatically saves the nmap results out to an XML file, that I then convert to HTML to make it pretty. xsltproc ./bank.htb/bank.htb.xml -o ./bank.html Looks like we have just three open ports… 22,53 and 80 Nmap thinks the box is ubuntu Port Product Version 22 OpenSSH 6.6.1p1 53 BIND 9.9.5-3 80 Apache           2.4.7 Let's start with port 80 and see what is might be serving us. A login form for HTB Bank is what we see when we browse to the server. Let's brute force the directories to see if we can find any other pages being served. I used dirbuster and the  /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt Wordlist. Eventually I saw this directory it found /balance-transfer/ When

HacktheBox - Retired - Popcorn Recon I've been using threader 3000 for my recon scans lately. It's a threaded python scanner that does a quick up/down scan on all tcp ports. After the initial scan it suggests a nmap scan to run based on only the open ports found in the initial scan. I like it alot  I then convert the XML the tool generates into HTML to make it pretty. xsltproc ./popcorn.htb/popcorn.htb.xml -o ./popcorn.html Port 22 OpenSSH 5.1p1 Port 80 Apache 2.2.12 Just two porst, a very old version of OpenSSH on port 22 and a very old version of Apache 2.2.12 Let's see what we can see on port 80 Just a page that says it's working. So as part of web recon, we now can see what they want us to see, but how about other things that aren't part of this index.html that the web server is hosting? For this we will do a directory/file brute force on the web server to see if it is indeed serving up anything other than just this index.html dirb http://popcorn.htb GEN