January 24, 2024
This walkthrough coincides with Academy Hack The Box and their Penetration Tester Path and its getting started knowledge check.
The IP Address to the target is already known. The section instructions alludes to this box being a web app by saying “if you identify the website URL, add it to the /etc/host file”. Regardless, a port scan will be a good place to start to identify services running on this host. If the scenario was different (lab environment or real penetration test) the test would likely require starting with passive reconnaissance, which would involve the use of other tools before scanning the target with nmap.
nmap -Pn --open -p- <ip> -oN ports.txt
Open ports are known, now to scan for the services behind these ports.
nmap -Pn -sV -sC <ip> -p22,80 -oN services.txt
In this scenario, it can be a good idea to kick of a directory scan using a tool like feroxbuster and then probe the server manually to better understand what type of application might be running on the server. Feroxbuster is a great tool because it recursively searches directories, provides simple methods to exclude/include response types, and the the documentation is superb.