Member-only story
THM — Grep
Recon squat move out!
Published in
10 min readApr 11, 2024
Starting we will look for any open ports on the machine with nmap, and while that’s running we will take a look at the web application developed by the SuperSecure Corp.
root@ip-10-10-106-116:~# nmap -sT -sC -sV -T 4 -p- 10.10.54.141
Starting Nmap 7.60 ( <https://nmap.org> ) at 2024-03-29 20:54 GMT
Nmap scan report for ip-10-10-54-141.eu-west-1.compute.internal (10.10.54.141)
Host is up (0.036s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
443/tcp open ssl/http Apache httpd 2.4.41
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: 400 Bad Request
| ssl-cert: Subject: commonName=grep.thm/organizationName=SearchME/stateOrProvinceName=Some-State/countryName=US
| Not valid before: 2023-06-14T13:03:09
|_Not valid after: 2024-06-13T13:03:09
51337/tcp open ssl/http Apache httpd 2.4.41
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: 400 Bad Request
| ssl-cert: Subject: commonName=leakchecker.grep.thm/organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=AU
| Not valid before: 2023-06-14T12:58:31
|_Not valid after: 2024-06-13T12:58:31
MAC Address…
