Last active
August 3, 2019 23:04
-
-
Save jeremypruitt/5ee4180efbdf88aa92f0268f446fb104 to your computer and use it in GitHub Desktop.
Revisions
-
jeremypruitt revised this gist
Aug 3, 2019 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -41,8 +41,8 @@ 1) **Check found ports against the Vulners db/nse script** ```bash $ nmap fortune.htb \ -p ${fortune_tcp_ports} \ --script=vulners \ -Pn \ -A \ -
Aug 3, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,62 @@ ## Techniques ## Tools * nmap ## Setup 1) **Add `fortune.htb` to the hosts file so we can refer to the host by name** ```bash $ echo "10.10.10.127 fortune.htb" >> /etc/hosts ``` ## Port Scan 1) **Scan for ports and services** ```bash # Use nmap to find available TCP ports quickly $ fortune_tcp_ports=$( \ nmap fortune.htb \ -p- \ --min-rate=1000 \ --max-retries=2 \ -T4 \ -Pn \ -oA nmap-tcp-allports \ | grep ^[0-9] \ | cut -d '/' -f 1 \ | tr '\n' ',' \ | sed s/,$// \ ) # Scan found ports for services $ nmap fortune.htb \ -p ${fortune_tcp_ports} \ -sV \ -sC \ -T4 \ -Pn \ -oA nmap-tcp-foundports ``` 1) **Check found ports against the Vulners db/nse script** ```bash $ nmap help.htb \ -p ${lacasadepapel_tcp_ports} \ --script=vulners \ -Pn \ -A \ -T4 \ -oA nmap-tcp-foundports-vulners ``` ### Web Enumeration: fortune.htb:80 1) **________** Let's start by looking for interesting URL paths: ```bash $ ```