Skip to main content

Starting the box

Link to the box: https://app.hackthebox.com/machines/Interpreter

Port Scan

We start off the box by running a port scan on the provided IP.
Attacker Linux
rustscan --ulimit 5000 -a 10.129.2.114 -r 1-65535 -- -A -vvv -oN Interpreter
Output of Rustscan:
Terminal Output
Open 10.129.2.114:22
Open 10.129.2.114:80
Open 10.129.2.114:443
Open 10.129.2.114:6661
Output of Nmap:
Terminal Output
PORT     STATE SERVICE REASON         VERSION
22/tcp   open  ssh     syn-ack ttl 63 OpenSSH 9.2p1 Debian 2+deb12u7 (protocol 2.0)
| ssh-hostkey:
|   256 07:eb:d1:b1:61:9a:6f:38:08:e0:1e:3e:5b:61:03:b9 (ECDSA)
|   256 fc:d5:7a:ca:8c:4f:c1:bd:c7:2f:3a:ef:e1:5e:99:0f (ED25519)
80/tcp   open  http    syn-ack ttl 63 Jetty
|_http-title: Mirth Connect Administrator
443/tcp  open  ssl/http syn-ack ttl 63 Jetty
|_http-title: Mirth Connect Administrator
| ssl-cert: Subject: commonName=mirth-connect
| Issuer: commonName=Mirth Connect Certificate Authority
6661/tcp open  unknown syn-ack ttl 63
A few key notes:
  • Port 22 (SSH) is open running OpenSSH 9.2p1 — nothing useful without credentials.
  • Port 80/443 (HTTP/HTTPS) are both running Jetty, with the page title “Mirth Connect Administrator” — a healthcare integration platform login page.
  • Port 6661 is open but fingerprinted as unknown — likely an internal Mirth Connect service port.
  • OS is Linux (Debian), as noted in the SSH banner (Debian 2+deb12u7).

Edit the Hosts file

As always, we edit the /etc/hosts file to add the hostname:
Attacker Linux
sudo nano /etc/hosts
/etc/hosts:
/etc/hosts
10.129.2.114 interpreter.htb

Active Box

This box is currently still active on Hack the Box - Full writeup will be available when the box is retired. Feel free to reach out to me on LinkedIn or Discord for nudges & sanity checks.
Last modified on March 6, 2026