{"id":471,"date":"2023-01-24T16:54:19","date_gmt":"2023-01-24T16:54:19","guid":{"rendered":"https:\/\/certcent.io\/?p=471"},"modified":"2023-01-24T16:54:19","modified_gmt":"2023-01-24T16:54:19","slug":"basic-enumeration-on-htb-the-first-5-minutes","status":"publish","type":"post","link":"https:\/\/certcent.io\/index.php\/2023\/01\/24\/basic-enumeration-on-htb-the-first-5-minutes\/","title":{"rendered":"Basic Enumeration on HTB &#8211; the first 5 minutes."},"content":{"rendered":"\n<p>The title of this article is the first 5 minutes, so this method is likely not to work for all, but for some it could be a quick way to gain a foothold. <\/p>\n\n\n\n<p>This information is gathered from capturing several flags on HTB and following walkthroughs and writeups of mostly Easy boxes.  The enumeration steps are almost identical to start enumeration to gain a foothold to pivot to privilege escalation. <br><br>Use this approach and see how much loot you can gather.  If you don&#8217;t get enough for initial access, turn up the volume.  <\/p>\n\n\n\n<p>The quiet approach of knocking on only a few common ports to start.  This approach was adopted since almost all these boxes that are Linux start with port 80. <\/p>\n\n\n\n<p>Add hosts to your \/etc\/hosts file: <\/p>\n\n\n\n<p>10.129.10.10 host host.htb<\/p>\n\n\n\n<p>Since most of the HTB boxes use their hostname, you can start enumeration with that information for gobuster and ffuf:<br>gobuster dns -d host -w wordlist<br>gobuster dns -d host.htb -w wordlist<\/p>\n\n\n\n<p>gobuster vhost -u http:\/\/host -w wordlist<br>gobuster vhost -u http:\/\/host.htb -w wordlist<\/p>\n\n\n\n<p>ffuf -u http:\/\/host\/FUZZ -w wordlist<br><br>This list is small and limited, but a good start. <br>nmap -p 21,22,23,25,80,443,8000,8080<br><br>Using -v will printer the headers.<br>curl -v http:\/\/host <\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The title of this article is the first 5 minutes, so this method is likely not to work for all, but for some it could be a quick way to gain a foothold. This information is gathered from capturing several flags on HTB and following walkthroughs and writeups of mostly Easy boxes. The enumeration steps&hellip; <a class=\"more-link\" href=\"https:\/\/certcent.io\/index.php\/2023\/01\/24\/basic-enumeration-on-htb-the-first-5-minutes\/\">Continue reading <span class=\"screen-reader-text\">Basic Enumeration on HTB &#8211; the first 5 minutes.<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/471"}],"collection":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/comments?post=471"}],"version-history":[{"count":1,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/471\/revisions"}],"predecessor-version":[{"id":472,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/471\/revisions\/472"}],"wp:attachment":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/media?parent=471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/categories?post=471"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/tags?post=471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}