circusmonkey404's Security Site

Hackthebox.eu - Retired - Forrest Recon As always  I start with a simple up/down scan on all TCP ports to see what we can find. nmap -T4 -p- -oX /root/Desktop/HTB/Forest/nmapb.xml Then I convert that to HTML to make it pretty :) xsltproc /root/Desktop/HTB/Forest/nmapb.xml -o /root/Desktop/HTB/Forest/nmapb.html That's a whole lot of open ports. Now let's do the next part of our staged scan. I'm going to scan just those ports with the -A switch to finger os/services nmap -T4 -p 53,88,135,139,389,445,464,593,636,3268,3269,5985,9389,47001,49664,49665,49666,49667,49671,49676,49677,49684,49698,49717 -oX ./nmapf.xml -A 10.10.10.161 Then convert that to HTML too xsltproc /root/Desktop/HTB/Forest/nmapf.xml -o /root/Desktop/HTB/Forest/nmapf.html Looks like we got a windows machine with AD services, winrm, dns Let's poke around and see what we see, I added forest.htb to my hosts file here too. Let's start with smb Anon

HackTheBox -Retired - Postman Recon: As always I start with a simple up/down scan on all TCP ports # nmap -T4 -p- -oX /root/Desktop/HTB/postman/nmapb.xml 10.10.10.160 Then I convert the XML to HTML Xsltproc /root/desktop/HTB/postman/nmapb.xml -o /root/Desktop/HTB/postman/nmapb.html Ok we see port 22,80,6379 and 1000 Lets scan just those ports with the -A to finger os/services Nmap -T4 -p 22,80, 6379,10000 -oX /root/Desktop/HTB/postman/nmapf.xml Convert that to html too Xsltproc /root/Desktop/HTB/postman/nmapf.xml -o /root/Desktop/HTB/postman/nmpaf.html Ok we got SSH (Openssh 7.6p1) on port 22 HTTP ( Apache 2.4.29) on port 80 REDIS ( 4.0.9) on 6379 WEBMIN (1.910) on 10000 Let's see what's running on port 80 Just a generic page with not much to poke at Let's run dirb at port 80 and see what we see It found some directories to poke around in /css /fonts /images /js and  /Uploads I really like finding dir's that are calle