HackTheBox - Retired - Granny - updated Recon I used the exact same steps I used for Grandpa for Granny.... so not much new here if you already checked out my writeup on Grandpa. I've been using threader 3000 for my recon scans lately. It's a threaded scanner written in python that does a super quick up/down scan on all TCP ports. Then it suggests a nmap scan based on the results of the initial scan. It also saves the nmap scan as an xml file. Like I said, this automatically generates and xml out this nmap output. I like to convert that to HTML to make it easier to read. xsltproc ./granny.htb/granny.htb.xml -o ./granny.html Only port 80 is open, nmap thinks its IIS 6.0… so windows Let's try to browse to it, to see what the server is showing us. An under construction page. Let's use dirb to see if we can find any other things on the server via brute force. dirb http://granny.htb Some directories we have access to but not much to help us get our foothold. Let's try s
@circusmonkey404 on the twitters; DM for contact