This is the first blog out of a series of blogs I will be publishing on retired HTB machines in preparation for the OSCP. The full list of OSCP like machines compiled by TJnull can be found here.
Let’s get started!
First thing first, we run a quick initial nmap scan to see which ports are open and which services are running on those ports.
nmap -sC -sV -O -oA nmap/initial 10.10.10.68
- -sC: run default nmap scripts
- -sV: detect service version
- -O: detect OS
- -oA: output all formats and store in file nmap/initial
We get back the following result showing that port 80 is open with Apache HTTP Server running on it.
Before we start investigating port 80, let’s run more comprehensive nmap scans in the background to make sure we cover all bases.
Let’s run an nmap scan that covers all ports.
nmap -sC -sV -O -p1–65535 -oA nmap/full 10.10.10.68
We get back the following result. Now we’re sure that port 80 is the only port that is open.
Similarly, we run an nmap scan with the -sU flag enabled to run a UDP scan.
nmap -sU -O -oA nmap/udp 10.10.10.68
We get back the following result. As can be seen, the top 1000 ports are closed.
Our only avenue of attack is port 80, so let’s check it out.
Head over to http://10.10.10.68 (defaults to port 80).
The arrow on the first page leads us to http://10.10.10.68/single.html. There, you can find a link to…