I’ll start with an nmap scan, which reveals ports 22 and 80 are open.

I’ll begin with an nmap scan to identify open ports and services. I notice SMB is open and enumerating it using enum4linux reveals that it allows null sessions. It’s also important to note that the IP address resolves to authority.htb, so I added that to my /etc/hosts folder. On http://authority.htb:8443 is a webserver hosting pwm, I’ll need credentials to access this.

I’ll start with an nmap scan on the box to identify the available services. It seems to be running an Apache web server on port 80.

RFlag provides us with .cf32 file containing an SDR signal. We use the tool rrt_443 to decode the signal which gives us the flag in hexadecimal format. I’ll pass this through Cyberchef and got the flag.

I’ll start off with an nmap scan, which reveals port 80 is open. The IP address of the machines resolves to crafty.htb.

I’ll start with enumerating the system using nmap to discover any open ports. The nmap output reveals I am dealing with a Domain Controller. I’ll also add the domain name to my /etc/hosts

I’ll start with an nmap scan of the system, multiple ports are open such as LDAP, and kerberos. This signifies I’m dealing with a domain controller

I’ll start enumeration by conducting an Nmap scan on the machine. It reveals ports 22, 80 and 443 resolving to nunchucks.htb