Enumeration Starting with a comprehensive nmap scan to discover all open ports and services:
sudo nmap -sS -sC -A 10.10.11.202 -T4 -oN first.scan -p- -Pn Key Findings The scan reveals a Windows Domain Controller running multiple services:
Port 53: DNS Port 88: Kerberos Port 389/636: LDAP (Domain: sequel.htb) Port 445: SMB Port 1433: Microsoft SQL Server 2019 Port 5985: WinRM Domain identified: sequel.htb with hostname dc.sequel.htb
SMB Enumeration Checking SMB shares as a guest user:
Enumeration Starting with a comprehensive nmap scan:
sudo nmap -sS -sC -A 10.10.11.14 -T4 -oN first.scan -p- Key Findings The scan reveals a Windows server running hMailServer with multiple mail-related services:
Port 25/587: SMTP (hMailServer) Port 80: HTTP (Microsoft IIS 10.0) - redirects to mailing.htb Port 110: POP3 (hMailServer) Port 143/993: IMAP (hMailServer) Port 445: SMB Port 465: SSL/SMTP Port 5985: WinRM Domain identified: mailing.htb
Web Enumeration Local File Inclusion Discovery When downloading a PDF from the website, the URL structure reveals a potential LFI vulnerability:
Enumeration Nmap Scan Initial reconnaissance revealed the following services:
nmap -sC -sV -p- 10.10.11.136 Key findings:
Port 22: SSH (OpenSSH 8.9p1) Port 80: HTTP (Apache 2.4.52) Port 161: SNMP (UDP) Web Enumeration The main website at port 80 appeared to be a basic company page. Technology profiling suggested WordPress, but further investigation proved otherwise.
Crawling & Fuzzing Attempted various enumeration techniques:
Directory fuzzing with ffuf Vhost enumeration Content crawling with ReconSpider All paths led nowhere, suggesting the need to pivot to other services.