circusmonkey404's Security Site

HacktheBox - Shocker - Retired  Recon I've been using threader3000 for my recon scan lately. It does a super quick threaded up/down scan on all TCP ports then recommends a nmap scan based on those results. It saves the nmap scan as an xml file for you too. I like to convert the XML to HTML to make it easy to read. xsltproc ./shocker.htb/shocker.htb.xml -o ./shocker.html Just two ports open, nmap says it's an ubuntu box. Port 80           Apache           2.4.18 Port           2222 OpenSSH 7.2p2 That's a non-standard port for SSH usually we see it on the default port of 22. Let's see what apache is serving us. Weird. The source code doesn't give us much to go on either. Let's try a brute force scan on port 80 to see if we can find some other pages or directories that might give us more. dirb http://shocker.htb We didn't get much back from dirb except two things that we don't have access to So this image got me thinking, I'm sur

HackTheBox - Mirai - Retired Recon I've been using threader3000 lately for my recon scans. It does a staged scan the first scan is a simple fast up/down scan on all TCP ports. Then it suggests a nmap scan based on just the ports found open in the initial scan, it automatically saves the nmap scan as XML. threader3000 I then convert the XML to HTML to make it easier to read. xsltproc ./mirai.htb/mirai.htb.xml -o ./mirai.html Let's see what we learn from this  Nmap thinks its a debian based box. Port 22 OpenSSH 6.7p1 Port 53 dnsmasq 2.76 Port 80 lighttpd 1.4.35 Port 1121 Platinum UPnp 1.0.5.13 Port 32400 Plex Port 32469 Platinum UpnP 1.0.5.13 Looks like we have DNS running, SSH and some media server software. Let's take a look at the webserver and see what we can find. Website blocked by pi-hole? If you are running a pi-hole on your network ( like yours truly) this is super confusing. I thought my pi-hole was