这篇文章描述了在HackTheBox Writeup机器中查找用户和root flags的过程。因此,一如既往地从Nmap扫描开始,以发现正在运行的服务。
# Nmap 7.70 scan initiated Tue Jun 25 12:42:32 2019 as: nmap -p- -O -sV -oN scan.txt 10.10.10.138
Nmap scan report for ip-10-10-10-138.eu-west-2.compute.internal (10.10.10.138)
Host is up (0.016s latency).
Not shown: 65533 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0)
80/tcp open http Apache httpd 2.4.25 ((Debian))
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.12 (92%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 3.16 (92%), Linux 3.16 - 4.6 (92%), Linux 3.18 (92%), Linux 3.2 - 4.9 (92%), Linux 3.8 - 3.11