HackTheBox: Previse

Manipulating Server Logic to Obtain a Foothold, Password Cracking, and Basic Search Order Hijacking for Root

Foothold

Nmap

I always begin my enumeration with a full port scan using Nmap:

nmap -Pn -n --open -p- --min-rate 2500 --max-retries 0 -vv -oA recon/nmap/all-ports previse

A full port scan informs us that only two TCP ports are open on this machine: 22 and 80. I then ran a service fingerprinting scan with the following command to extract more information regarding the two ports that were open to see if I can enumerate some exact service versions or other details:

nmap -Pn -n -p22,80 -sV -sC -oA recon/nmap/services-ident previse

From this scan, we identify the machine is running OpenSSH 7.6p1 on port 22, and Apache httpd 2.4.29 on port 80. We also learn that this machine is likely running the Ubuntu OS.