HacktheBox - Bart - Retired Recon I've been using threader3000 for a while to do my initial scanning on HTB, I've recently started to use a variant named threader3000 which can automatically run the nmap scan on the resulting open ports found. Only port 80 open. It is an IIS server, it also shows a redirect to http://for urm.bart.htb. Since it is IIS we can pretty safely assume this is a windows box. Let's check it out. Nothing… This might just be a DNS resolution issue let's add forum.bart.htb to our /etc/hosts to see if that fixes this We can use VI to add 10.10.10.81 forum.bart.htb Now let's try this again. Not much to go on here, just a list of employee names ( we will file that away for the future) Let's run a directory brute force against the server and see if we can find anything interesting. dirb http://bart.htb One of the results of the dirb attack is http://bart.htb/monitor/ Let's check that out. A server monitor page, but it looks like it req
@circusmonkey404 on the twitters; DM for contact