Documentation Index
Fetch the complete documentation index at: https://hackwithmike.com/llms.txt
Use this file to discover all available pages before exploring further.
Starting the box
Link to the box: https://app.hackthebox.com/machines/Pterodactyl
Port Scan
We start off the box by running a port scan on the provided IP.
rustscan --ulimit 5000 -a 10.129.16.216 -r 1-65535 -- -A -vvv -oN Pterodactyl
Open 10.129.16.216:22
Open 10.129.16.216:80
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 9.6 (protocol 2.0)
| ssh-hostkey:
| 256 a3:74:1e:a3:ad:02:14:01:00:e6:ab:b4:18:84:16:e0 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOouXDOkVrDkob+tyXJOHu3twWDqor3xlKgyYmLIrPasaNjhBW/xkGT2otP1zmnkTUyGfzEWZGkZB2Jkaivmjgc=
| 256 65:c8:33:17:7a:d6:52:3d:63:c3:e4:a9:60:64:2d:cc (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTXNuX5oJaGQJfvbga+jM+14w5ndyb0DN0jWJHQCDd9
80/tcp open http syn-ack ttl 63 nginx 1.21.5
|_http-server-header: nginx/1.21.5
|_http-title: Did not follow redirect to http://pterodactyl.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
- Port 22 (SSH) - Only accepts ECDSA and ED25519 keys, no password authentication visible yet.
- Port 80 (HTTP) - Redirects to
http://pterodactyl.htb/. Running Nginx 1.21.5.
Edit the Hosts file
As always, we edit the /etc/hosts file to add the hostname:
/etc/hosts
10.129.16.216 pterodactyl.htb
Active Box
This box is currently still active on Hack the Box - Full writeup will be available when the box is retired. Feel free to reach out to me on
LinkedIn or
Discord for nudges & sanity checks.
