circusmonkey404's Security Site

HacktheBox - Retired - Blocky - Update Recon I'm using threader3000 to do my recon scan. IT first does an up/down scan on all TCP ports then suggests a nmap scan based on the results of the first scan. It automatically saves the output from nmap to an XML for you. I then convert the XML to HTML to make it easier to read. xsltproc ./blocky.htb/blocky.htb.xml -o blocky.html So it looks like a linux box 4 ports are open Port 21 FTP           Proftpd 1.3.5 Port 22 SSH           OpenSSH 7.2p2 Port 80 HTTP Apache 2.4.18 Port 25565 minecraft           1.11.2 Interesting seeing minecraft on there… let's start with our normal enumeration. Port 21 let's see if it allows anonymous connections. Nope. We'll skip over ssh for right now, that usually is not the path on a HacktheBox machine. What is it serving on port 80? Scrolling down we see a link that says login. Don't mind if we do. Let's check it out. A wordpress login portal... Poking around i

HackTheBox - Retired  - Granny - updated Recon I used the exact same steps I used for Grandpa for Granny.... so not much new here if you already checked out my writeup on Grandpa. I've been using threader 3000 for my recon scans lately. It's a threaded scanner written in python that does a super quick up/down scan on all TCP ports. Then it suggests a nmap scan based on the results of the initial scan. It also saves the nmap scan as an xml file. Like I said, this automatically generates and xml out this nmap output. I like to convert that to HTML to make it easier to read. xsltproc ./granny.htb/granny.htb.xml -o ./granny.html Only port 80 is open, nmap thinks its IIS 6.0… so windows Let's try to browse to it, to see what the server is showing us. An under construction page. Let's use dirb to see if we can find any other things on the server via brute force. dirb http://granny.htb Some directories we have access to but not much to help us get our foothold. Let's try s