Hello,
2 years ago I created this Bash script for my own (professional) needs:
https://github.com/choupit0/MassVulScan.git
I was looking for a way to quickly and efficiently identify all the ports available on different remote sites connected to the Internet. And I wanted to make sure, at the same time, there was no host that exposed a service with known vulnerabilities (CVE).
Maybe it could help someone on this forum 😉 and it's fully compatible with Pwnbox from HTB.
Script strength
* Automatic installation of all the prerequisites (Debian OS family)
* 2 modes: automatic and Interactive
* Interactive mode: ports to scan, rate level and nmap script
* Extremely fast identification of open TCP/UDP ports (masscan)
* The output is sorted to gather all ports to be scanned by host
* Identification of services and vulnerabilities (nmap + vulners.nse)
* Multiple sessions in parallel, one session per host
* 2 generated reports: a global HTML and a TXT (vulnerable hosts)
Very interesting box until now!! I'm near the user flag, and without IDE for the Java part :) Not so Insane for the moment for me compare to MulltiMaster but nevertheless I am sweating...
It may get tough after certainly... :'(
Edit: lol the Boxes…
I got the user (thanks for the nudge @gverre about the s*rial...).
NSE vulners could help you to identify the right security issue...
After, Google to find an interesting article... but before you have to try different things to find the right pat…
You can launch the connection like this:
openvpn technicalBitch.ovpn > /dev/null 2>&1
CTRL + Z
bg
disown -h
Your VPN will still UP all the time even after shutting down the shell.
For those who use Pwnbox and want to speed up the reconnaissance phase, I created a variant of the Bash script:
https://github.com/choupit0/MassVulScan4HTB
It quickly and efficiently identify all the ports/services (TCP/UDP) available for a box, a…
Another interesting VM from @egre55 Thanks for your imagination and work :wink:
Initial Foothold
Credentials are not always necessary... Try to identify the right OS version.
After, Google can help you to find your new friend and don't be afraid b…
Tip: if you get the message "The system cannot execute the specified program." each time you try to get a rev shell... you have to take the right version of nc64.exe (and think to try all the options of the script found). I lost a lot of t…
Argghhh! This box makes me crazy...The root part is a HELL for me! 🤦♂️ The box is slow, very slow, very very slow.... and at the end I have the same message:
Prepare job - Failed 🙄
I am going mad 🤪
Edit: Same thing yesterday night after resettin…
Type your comment> @rholas said:
(Quote)
I'm using Chromium + VIP US Server and it's functioning correctly for me. Strange what problems people run into or so I am lucky :)