[Hackthebox Writeup] Registry

Recon 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 ➜ ~ ./nmapAutomator.sh 10.10.10.159 all Running a all scan on 10.10.10.159 Host is likely running Linux ---------------------Starting Nmap Quick Scan--------------------- Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-10 15:50 +07 Nmap scan report for 10.10.10.159 Host is up (0.20s latency). Not shown: 905 closed ports, 92 filtered ports Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 5.22 seconds ---------------------Starting Nmap Basic Scan--------------------- Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-10 15:50 +07 Nmap scan report for 10.10.10.159 Host is up (0.19s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 72:d4:8d:da:ff:9b:94:2a:ee:55:0c:04:30:71:88:93 (RSA) | 256 c7:40:d0:0e:e4:97:4a:4f:f9:fb:b2:0b:33:99:48:6d (ECDSA) |_ 256 78:34:80:14:a1:3d:56:12:b4:0a:98:1f:e6:b4:e8:93 (ED25519) 80/tcp open http nginx 1.14.0 (Ubuntu) |_http-server-header: nginx/1.14.0 (Ubuntu) |_http-title: Site doesn't have a title. 443/tcp open ssl/http nginx 1.14.0 (Ubuntu) |_http-server-header: nginx/1.14.0 (Ubuntu) |_http-title: Site doesn't have a title. | ssl-cert: Subject: commonName=docker.registry.htb | Not valid before: 2019-05-06T21:14:35 |_Not valid after: 2029-05-03T21:14:35 Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up)![](https://images.viblo.asia/02cf4944-af7d-41c1-9dce-edb0c4fa6983.png) scanned in 28.38 seconds Mình thấy cert có thông tin ...

May 1, 2020 · 9 min · minhtuanact