- nmap
- Add
ypuffy.htb
to the hosts file so we can refer to the host by name$ echo "10.10.10.121 help.htb" >> /etc/hosts
-
Scan for ports and services
# Use nmap to find available TCP ports quickly $ help_tcp_ports=$( \ nmap help.htb \ -p- \ --min-rate=1000 \ --max-retries=2 \ -T4 \ -Pn \ -oA nmap-tcp-allports \ | grep ^[0-9] \ | cut -d '/' -f 1 \ | tr '\n' ',' \ | sed s/,$// \ ) # Scan found ports for services $ nmap help.htb \ -p ${help_tcp_ports} \ -sV \ -sC \ -T4 \ -Pn \ -oA nmap-tcp-foundports
-
Check found ports against the Vulners db/nse script
$ nmap help.htb \ -p ${help_tcp_ports} \ --script=vulners \ -Pn \ -A \ -T4 \ -oA nmap-tcp-foundports-vulners
- Enumerate Web
$