Hack The Box — Tabby Writeup w/o Metasploit

Rana Khalil
13 min readNov 7, 2020

I presented this box at the Hack The Box Ottawa August Meetup. The presentation has been recorded and posted on YouTube.

Let’s get started!


Run AutoRecon to enumerate open ports and services running on those ports.

sudo autorecon.py

View the full TCP port scan results.

root@kali:~/# cat _full_tcp_nmap.txt
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu))
|_http-favicon: Unknown favicon MD5: 338ABBB5EA8D80B9869555ECA253D49D
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Mega Hosting
8080/tcp open http syn-ack ttl 63 Apache Tomcat
| http-methods:
|_ Supported Methods: OPTIONS GET HEAD POST
|_http-open-proxy: Proxy might be redirecting requests…