HacktheBox - Retired - Popcorn Recon I've been using threader 3000 for my recon scans lately. It's a threaded python scanner that does a quick up/down scan on all tcp ports. After the initial scan it suggests a nmap scan to run based on only the open ports found in the initial scan. I like it alot I then convert the XML the tool generates into HTML to make it pretty. xsltproc ./popcorn.htb/popcorn.htb.xml -o ./popcorn.html Port 22 OpenSSH 5.1p1 Port 80 Apache 2.2.12 Just two porst, a very old version of OpenSSH on port 22 and a very old version of Apache 2.2.12 Let's see what we can see on port 80 Just a page that says it's working. So as part of web recon, we now can see what they want us to see, but how about other things that aren't part of this index.html that the web server is hosting? For this we will do a directory/file brute force on the web server to see if it is indeed serving up anything other than just this index.html dirb http://popcorn.htb GEN
@circusmonkey404 on the twitters; DM for contact