Skip to content

Instantly share code, notes, and snippets.

@jeremypruitt
Last active August 3, 2019 23:04
Show Gist options
  • Save jeremypruitt/5ee4180efbdf88aa92f0268f446fb104 to your computer and use it in GitHub Desktop.
Save jeremypruitt/5ee4180efbdf88aa92f0268f446fb104 to your computer and use it in GitHub Desktop.
Hack The Box - Fortune

Techniques

Tools

  • nmap

Setup

  1. Add fortune.htb to the hosts file so we can refer to the host by name
    $ echo "10.10.10.127 fortune.htb" >> /etc/hosts

Port Scan

  1. Scan for ports and services

    # Use nmap to find available TCP ports quickly
    $ fortune_tcp_ports=$( \
        nmap fortune.htb \
             -p- \
             --min-rate=1000 \
             --max-retries=2 \
             -T4 \
             -Pn \
             -oA nmap-tcp-allports \
        | grep ^[0-9] \
        | cut -d '/' -f 1 \
        | tr '\n' ',' \
        | sed s/,$// \
      )
    
    # Scan found ports for services
    $ nmap fortune.htb \
           -p ${fortune_tcp_ports} \
           -sV \
           -sC \
           -T4 \
           -Pn \
           -oA nmap-tcp-foundports
  2. Check found ports against the Vulners db/nse script

    $ nmap fortune.htb \
           -p ${fortune_tcp_ports} \
           --script=vulners \
           -Pn \
           -A \
           -T4 \
           -oA nmap-tcp-foundports-vulners

Web Enumeration: fortune.htb:80

  1. ________

    Let's start by looking for interesting URL paths:

    $ 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment