One of the neat things about HTB is that it exposes Windows concepts unlike any CTF I’d come across before it. Forest is a great example of that. — I’ve been on the journey to achieve CRTP examnination. Therefore, Active Directory pentesting is my interest at present moment. IP Address: 10.10.10.161 Enumeration Reconnaisance with usual nmap tool: nmap -sV -sC -n -A -p- -vvv 10.10.10.161 -T4 Scan results:

Lame is a beginner level machine and was the first machine published on Hack The Box, often the first machine for new users prior to its retirement. — Enumeration In the beginning, let’s start with Nmap scanner. nmap -sV -n -vv -Pn -T4 -p- -A 10.10.10.3 --open PORT STATE SERVICE REASON VERSION 21/tcp open ftp syn-ack ttl 63 vsftpd 2.3.4 |_ftp-anon: Anonymous FTP login allowed (FTP code 230) 22/tcp open ssh syn-ack ttl 63 OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) 139/tcp open netbios-ssn…

Relatively easy for the beginners. This box would be retired soon. — As soon as I connected to the VPN, let’s launch the Nmap scanner to fight against this box. nmap -sV -n -vv -Pn -T4 -p- -A 10.10.11.100 --open PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux…

This box is relevant to CVE-2019–18818, CVE-2019–19609, CVE-2021–3129. — Enumeration Let’s start with Nmap powerful scanner. nmap -sV -n -vv -Pn -T4 -p- -A 10.10.11.105 --open PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 nginx 1.14.0 (Ubuntu) There are only 2 ports for…

First time to hit the real machine in HTB. It seems to be easier than series of boxes in Starting Point. — Enumeration As usual, I start scanning this box with Nmap: sudo nmap -sV -n -vv -Pn -T4 -p- -A 10.10.10.245 --open PORT STATE SERVICE REASON VERSION 21/tcp open ftp syn-ack ttl 63 vsftpd 3.0.3 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)

Trying to exploit the box manually w/o using Metasploit or other automated exploit tools, then learn lots of new things. We exactly do the same in OSCP exam. — Enumeration As a routine, I use Nmap for port scanning and reconnaisance at the beginning. For explanation about nmap syntax and its parameter, visit this site: https://explainshell.com/ nmap -sV -n -vv -Pn -T4 -p- -A 10.10.10.29 --open The nmap scanning result is very brief, not as my imagination. There’re only 2…

This box has several problems with connectivity, but still very juicy 😊 Enumeration As the previous boxes, I use simple Nmap command to start port scanning and reconnaisance. Maybe most of the boxes in "Starting Point" don’t need deep enumeration but Nmap. For explanation about nmap syntax and its parameter, I…

It is considered a “Very easy” Box on HTB but causes troubles for me. — Enumeration As a routine, I use Nmap for port scanning and reconnaisance at the beginning. For explanation about nmap syntax and its parameter, visit this site: https://explainshell.com/ nmap -sV -n -vv -Pn -T4 -p- -A 10.10.10.28 --open The nmap scanning result is very brief, not as my imagination. There’re only 2…

This is the 1st box in my journey to OSCP exam. — Enumeration Normally, I used Nmap to begin my port scanning and reconnaisance. For explanation about nmap syntax and its parameter, visit this site: https://explainshell.com/ nmap -sV -n -vv -Pn -T4 -p- -A 10.10.10.27 --open PORT STATE SERVICE REASON VERSION 135/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC 139/tcp…