Hackthebox.eu - Retired - Bastion Recon As always I start with just a simple up/down scan on all TCP ports to see what is open. $ nmap -T4 -p- -oX ./nmapb.xml bastion.htb Then I convert that to HTML to make it pretty That is a lot of open ports lets scan again with the -A switch on just the open ports $ nmap -T4 -A -p22,135,139,445,5985,47001,49664,49665,49666,49667,49668,49669,49670 -oX ./nmapf.xml bastion.htb Then I convert that to HTML too $ xsltproc ./nmapf.xml -o ./nmapf.html So Let's look. Looks like we have a windows box with openssh on port 22 netbios/smb on139/445 and winRM on the rest of the open ports No website to attack.. That's different. Lets see what shares are on $ smbclient -L \\bastion.htb Cool we can see some shares with an anonymous connection $ smbclient -L \\bastion.htb Let's see if we can connect to any of them. Backups sounds tasty let's try that first Cool We get a nice note
@circusmonkey404 on the twitters; DM for contact