Hack The Box Write-Up: Bizness

Reconnaissance:

Target Information: IP Address:

10.10.11.252

Connectivity Test:

• Performed a ping test to confirm the existence of the target.

• Noted latency and packet loss information.

Nmap Scan Results:

Nmap Scan Summary:

    Discovered open ports:
        22/tcp (SSH)
        80/tcp (HTTP)
        443/tcp (HTTPS)
  Identified filtered ports:
        9102/tcp (JetDirect)
        20222/tcp (iPulse ICS)

Enumeration:

SSH (Port 22):

• Identified an open SSH port (22/tcp).
• Further enumeration of the SSH service is pending.

HTTP (Port 80):

• Checked the HTTP service on port 80.
• Browsed to http://bizness.htb to explore the web application.
• No notable findings observed.

HTTPS (Port 443):

• Checked the HTTPS service on port 443.
• Browsed to https://bizness.htb to explore the secure web application.
• Initial observation reveals a standard web page.

Filtered Ports:

JetDirect (Port 9102):

• Identified a filtered port (9102/tcp).
• Further investigation is needed to determine the nature of the service.

iPulse ICS (Port 20222):

• Identified a filtered port (20222/tcp).
• Further investigation is needed to determine the nature of the service.

Host Configuration: Host Entry in /etc/hosts:

10.10.11.252    bizness.htb

Site

Directory Brute-Forcing with Dirb: Tool Used: Dirb Command Executed:

dirb https://bizness.htb

Dirb Scan Output:

Discovered an interesting directory: /accounting/

• URL: https://bizness.htb/accounting/
• Observation: Hosting a login page.

After failing multiple times at brute force..