Step 1. Reconnaissance & Enumeration Let’s start with the nmap scan nmap -Pn -n -p- obscurity.htb --min-rate=1000 | grep "open" | cut -d '/' -f 1 | sort -n > port_scan.txt cat port_scan.txt | tr '\n' ',' | sed s/,$// > port_scan.txt Version scan reports following information. ▶ nmap -Pn -n -sC -sV -p `cat port_scan.txt` obscurity.htb -oA version_scan PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2....
Step 1. Reconnaissance & Enumeration Let’s start with the nmap scan nmap -Pn -n -p- control.htb --min-rate=1000 | tee port_scan.txt cat port_scan.txt | grep "open" | tr '/' ' ' > port_scan.txt cat port_scan.txt | cut -d ' ' -f 1 | sort -n > port_scan.txt cat port_scan.txt | tr '\n' ',' | sed s/,$// > port_scan.txt Version scan reports following information. ▶ nmap -Pn -n -sC -sV -p `cat port_scan....
Step 1. Reconnaissance & Enumeration nmap -Pn -n -p- -g 53 mango.htb --min-rate 1000 -oA port_scan cat port_scan.nmap | grep "open" | cut -d '/' -f 1 > port_scan.txt cat port_scan.txt | tr '\n' ',' | sed s/,$// > port_scan.txt nmap -Pn -n -sC -sV -p `cat port_scan.txt` mango.htb -oA version_scan PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 a8:8f:d9:6f:a6:e4:ee:56:e3:ef:54:54:6d:56:0c:f5 (RSA) | 256 6a:1c:ba:89:1e:b0:57:2f:fe:63:e1:61:72:89:b4:cf (ECDSA) |_ 256 90:70:fb:6f:38:ae:dc:3b:0b:31:68:64:b0:4e:7d:c9 (ED25519) 80/tcp open http Apache httpd 2....
Step 1. Reconnaissance & Enumeration nmap -Pn -n -p- -g 53 traverxec.htb --min-rate 1000 -oA port_scan cat port_scan.nmap | grep "open" | cut -d '/' -f 1 > port_scan.txt cat port_scan.txt | tr '\n' ',' | sed s/,$// > port_scan.txt nmap -Pn -n -sC -sV -p `cat port_scan.txt` traverxec.htb -oA version_scan PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u1 (protocol 2.0) | ssh-hostkey: | 2048 aa:99:a8:16:68💿41:cc:f9:6c:84:01:c7:59:09:5c (RSA) | 256 93:dd:1a:23:ee:d7:1f:08:6b:58:47:09:73:a3:88:cc (ECDSA) |_ 256 9d:d6:62:1e:7a:fb:8f:56:92:e6:37:f1:10:db:9b:ce (ED25519) 80/tcp open http nostromo 1....
Step 1. Reconnaissance & Enumerati It was found that nmap is taking long time. Therefore used masscan to scan all ports of forest machine. nmap -Pn -n -p- -g 53 registry.htb --min-rate 1000 -oA port_scan cat port_scan.nmap | grep "open" | cut -d '/' -f 1 > port_scan.txt cat port_scan.txt | tr '\n' ',' | sed s/,$// > port_scan.txt nmap -Pn -n -sC -sV -p `cat port_scan.txt` registry.htb -oA version_scan PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7....
Step 1. Reconnaissance & Enumeration It was found that nmap is taking long time. Therefore used masscan to scan all ports of forest machine. masscan -e tun0 -p1-65535,U:1-65535 10.10.10.161 --rate=1000 nmap -Pn -n -sC -sV -p<port numbers></port> 10.10.10.151 -oA version_scan Host script results: |_clock-skew: mean: 2h29m01s, deviation: 4h02m30s, median: 9m01s | smb-os-discovery: | OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3) | Computer name: FOREST | NetBIOS computer name: FOREST\x00 | Domain name: htb....