A quick nmap scan reveals ports 80, 445, and 50000 open. Port 80 upon inspection hosts Jeeves which is not particularily vulnerable to anything. A quick directory fuzzing, however reveals an interesting page /ask-jeeves/ on port 50000.

We’ll start with an nmap scan nmap -Pn -sVC --min-rate 10000 -p- <ip-addr> -oN nmap.txt which reveals SSH and HTTP as open. I’ll map the IP address to usage.htb and admin.usage.htb to my /etc/hosts folder echo "<ip-addr> usage.htb" admin.usage.htb | sudo -tee -a /etc/hosts

First official blog post (outside of HTB writeups) since I created this site and what a better way than to start it off with a review of the Pratical Network Penetration Tester (PNPT) certification! This certification is the third one I’ve obtained, and the second related to cybersecurity. Out of the three, or I guess two, this one has to be the best I’ve obtained, both in testing my skillset and overall fun.

I’ll start off with an Nmap scan which reveals ports 22 and 80, none of these are legacy-based software so the vulnerability has to lie on the webserver itself. Typing in the IP address in the URL redirects to http://capiclean.htb so we’ll add that to our /etc/hosts

I’ll start with a port scan using nmap, which reveals SSH and a webserver running OpenPLC on port 8080.

I’ll run an nmap scan which reveals various ports such as DNS, kerberos, LDAP. We are dealing with a domain controller.