technoctf

RECONNAISSANCE From a reconnaissance point of view there isn't much to do excepting noting down the IP address of the machine. You can also download this room as a virtual disk file and run it upon an instance of VirtualBox or VMware. Another thing that you must be mindful of is that the machine takes some time to boot so try pinging it before moving on with a nmap scan. SCANNING AND ENUMERATION I went ahead with a aggressive scan while also utiltizing the nmap's scripting engine to fire up the scripts in vuln category. The command being nmap -n -Pn -T5 -A --script=vuln <IP_Address> wherein the arugments are -n: To turn off DNS resolution -Pn: To not ping the IP address and directly go ahead with scanning it as I knew if was alive -T5: To increase the timing speed to maximum -A: To perform an aggressive scan which is a combination of custom scripts, OS fingerprinting and service detection of the ports --script=vuln: This is a group of nmap scripts which are used to scan t

HackTheBox - Vaccine Writeup Reconnaissance The recon part has nothing much to offer other than providing us with the IP address of the machine which in my case was 10.129.225.240 Scanning & Enumeration The next step is to scan the given IP address for open ports and the services running upon them. For this we can go with an aggressive scan. The command used is nmap -n -Pn -T5 -A 10.129.225.240 where -n is used to switch off DNS lookup -Pn is used to treat the system as online -T5 is used for increasing the timing to insane for a quicker scan -A is used for an aggressive scan Another scan that we can do here is by using the NSE scripts under vuln category however in this case it didn't come out to be of use. The command for that would be nmap -n -Pn -T5 --script=vuln 10.129.225.240 This result shows us that the machine has 3 open ports namely 21(ftp), 22(ssh) and 80(http). One thing to note here is that the ftp server can be logged in with anonymous credentials and backup.zip c