Hack The Box — Forest Writeup w/o Metasploit

Rana Khalil
15 min readMar 22, 2020

This is the 47th blog out of a series of blogs I will be publishing on retired HTB machines in preparation for the OSCP. The full list of OSCP like machines compiled by TJ_Null can be found here.

Let’s get started!


Run the nmapAutomator script to enumerate open ports and services running on those ports.

nmapAutomator.sh All
  • All: Runs all the scans consecutively.

We get back the following result.

Running all scans on is likely running Windows
---------------------Starting Nmap Quick Scan---------------------Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-13 21:50 EDT
Warning: giving up on port because retransmission cap hit (1).
Nmap scan report for
Host is up (0.092s latency).
Not shown: 940 closed ports, 49 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
Nmap done: 1 IP address (1 host up) scanned in 13.34 seconds

---------------------Starting Nmap Basic Scan…