circusmonkey404's Security Site

HackTHeBox - Bank - Retired - Update Recon I've been using threader3000  to run my recon scans lately. It does a super fast up/down scan on all TCP ports then suggests and NMAP scan based only on the ports that were up in the first scan. It also automatically saves the nmap results out to an XML file, that I then convert to HTML to make it pretty. xsltproc ./bank.htb/bank.htb.xml -o ./bank.html Looks like we have just three open ports… 22,53 and 80 Nmap thinks the box is ubuntu Port Product Version 22 OpenSSH 6.6.1p1 53 BIND 9.9.5-3 80 Apache           2.4.7 Let's start with port 80 and see what is might be serving us. A login form for HTB Bank is what we see when we browse to the server. Let's brute force the directories to see if we can find any other pages being served. I used dirbuster and the  /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt Wordlist. Eventually I saw this directory it found /balance-transfer/ When

Hackthebox.eu - Sense - Retired - Updated Recon I've been using threader3000 for my recon scan on HTB. It does a staged scan, first it does a super quick up/down scan on all TCP ports then it takes the results of that scan and pipes it into a nmap scan. It automatically saves the results of the nmap scan as XML, which I then convert to HTML to make it pretty. xsltproc ./ 10.10.10.60/10.10.10.60.xml -o ./sense.html Just two ports open 80 & 443. It looks like 80 is lighttpd 1.4.35 When I try to browse using the dns name I added in my /etc/hosts I get this message. Weird. First it redirects me to HTTPS, then I get this error message If I try it by ip address. We get redirected to https again and this time we get a login page for pfsense. Which is an open source firewall project. https://www.pfsense.org/ A quick google search shows the default credentials for this should be Username: admin Password: pfsense But that doesn't work. Not much to go on now, let's see if the