Recon Starting with an nmap scan: nmap -A 10.10.10.191 -o nmap Starting Nmap 7.80 ( https:*//nmap.org ) at 2020-05-31 17:45 +0545* Nmap scan report for 10.10.10.191 Host is up (0.38s latency). Not shown: 998 filtered ports PORT STATE SERVICE VERSION 21/

Recon Starting off with an nmap scan. Let's see what's open. export $ipaddress=10.10.10.187 ports=$(nmap -p- --min-rate=1000 -T4 $ipaddress | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//); nmap -A -p$ports $ipaddress -o nmap # Nmap 7.80 scan

Enumeration Let's start! First let's create a directory for this box. mkdir ~/hackthebox/cascade cd ~/hackthebox/cascade Now, to find out what's going on in the box, let's run nmap. nmap -A 10.10.10.182 -o nmap # Nmap 7.80 scan initiated Sun Mar 29 21:47:34 2020

Enumeration export $ipaddress=10.10.10.185 ports=$(nmap -p- --min-rate=1000 -T4 $ipaddress | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//); nmap -A -p$ports $ipaddress -o nmap Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-21 17:54 +0545 Nmap scan

Enumerationvi /etc/hosts 10.10.10.181 traceback nmap -A 10.10.10.181 -o traceback/nmap ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 httpd Apache httpd 2.4.29 Google for the comment, some of the best web shells that you might need http://traceback/smevk.php `->

Enumerationnmap -A 10.10.10.175 -o nmap Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-22 23:19 +0545 Nmap scan report for 10.10.10.175 Host is up (0.38s latency). Not shown: 988 filtered ports PORT STATE SERVICE VERSION 53/tcp open domain? | fingerprint-strings: | DNSVersionBindReqTCP: | version

As always, let's start with an nmap scan: ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.184 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//); nmap -A -p$ports 10.10.10.184 -o nmap We see quite a few ports open.