HackTheBox - Mirai - Retired Recon I've been using threader3000 lately for my recon scans. It does a staged scan the first scan is a simple fast up/down scan on all TCP ports. Then it suggests a nmap scan based on just the ports found open in the initial scan, it automatically saves the nmap scan as XML. threader3000 I then convert the XML to HTML to make it easier to read. xsltproc ./mirai.htb/mirai.htb.xml -o ./mirai.html Let's see what we learn from this Nmap thinks its a debian based box. Port 22 OpenSSH 6.7p1 Port 53 dnsmasq 2.76 Port 80 lighttpd 1.4.35 Port 1121 Platinum UPnp 1.0.5.13 Port 32400 Plex Port 32469 Platinum UpnP 1.0.5.13 Looks like we have DNS running, SSH and some media server software. Let's take a look at the webserver and see what we can find. Website blocked by pi-hole? If you are running a pi-hole on your network ( like yours truly) this is super confusing. I thought my pi-hole was
@circusmonkey404 on the twitters; DM for contact