Hack The Box — SolidState Writeup w/o Metasploit

This is the 19th blog out of a series of blogs I will be publishing on retired HTB machines in preparation for the OSCP. The full list of OSCP like machines compiled by TJ_Null can be found here.

Let’s get started!

Reconnaissance

First thing first, we run a quick initial nmap scan to see which ports are open and which services are running on those ports.

nmap -sC -sV -O -oA initial 10.10.10.51

• -sC: run default nmap scripts
• -sV: detect service version
• -O: detect OS
• -oA: output all formats and store in file initial

We get back the following result showing that 5 ports are open:

• Port 22: running OpenSSH 7.4p1
• Port 25: running JAMES smtpd 2.3.2
• Port 80: running httpd 2.4.25
• Port 110: running JAMES pop3d 2.3.2
• Port 119: running JAMES nntpd

Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-29 17:22 EST
Nmap scan report for 10.10.10.51
Host is up (0.039s latency).
Not shown: 995 closed ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0)
| ssh-hostkey: 
|…