MonitorsFour (Easy) - HTB - Hack with Mike

Starting the box

Link to the box: https://app.hackthebox.com/machines/MonitorsFour

Port Scan

We start off the box by running a port scan on the provided IP.

Attacker Linux

rustscan --ulimit 5000 -a 10.129.229.128 -r 1-65535 -- -A -vvv -oN MonitorsFour

Output of Rustscan:

Terminal Output

Open 10.129.229.128:80
Open 10.129.229.128:5985

Output of Nmap:

Terminal Output

PORT     STATE SERVICE REASON          VERSION
80/tcp   open  http    syn-ack ttl 127 nginx
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Did not follow redirect to http://monitorsfour.htb/
5985/tcp open  http    syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2022|2012|2016 (88%)
OS CPE: cpe:/o:microsoft:windows_server_2022 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

A few key notes:

Port 80 is open, redirecting to http://monitorsfour.htb/
Port 5985 is open, which is the usual port for WinRM.

Edit the Hosts file

As always, we edit the /etc/hosts file to add the hostname:

Attacker Linux

sudo nano /etc/hosts

/etc/hosts

Nano Interface

10.129.229.128 monitorsfour.htb

Active Box

This box is currently still active on Hack the Box - Full writeup will be available when the box is retired. Feel free to reach out to me on LinkedIn or Discord for nudges & sanity checks.

Introduction

Active

Windows

Linux

​Starting the box

​Port Scan

​Edit the Hosts file

​Active Box

Starting the box

Port Scan

Edit the Hosts file

Active Box