HacktheBox - Tally - Retired Recon Let's use threader3000 for our recon scan. It's a threaded scanner written in python that does a super quick up/down scan on all TCP ports, then suggests a nmap scan based on the results. It will automatically save the nmap scan results as XML, then we can convert it to HTML xsltproc tally.htb/tally.htb.xml -o ./tally.html There are a lot of open ports on this box 21,80,81,445,808,1433,5985,15567,32843,32844,32846,47001,49664,49665,49666,49667,49668,49669,49670 Looks like this is a windows box with smb, SQL, http and a bunch of RPC ports. Let's start with checking out smb to see if we can get any info out it. smbclient -L 10.10.10.59 Nope nothing open to anonymous users. What about the ftp? Same story nothing to anonymous users. According to our nmap output it looks like port 80 is a sharepoint site, let's check it out next. It does look like a sharepoint site. The only thing we can do is a login Let's try just admin/admin Didn'
@circusmonkey404 on the twitters; DM for contact