Starting out with a full TCP Nmap scan of the box, I find that ports 25, 53, 22, and 80 are open:

Full TCP Nmap scan reveals port 22 and 80 are open: Initiating SYN Stealth Scan at 16:06 Scanning 10.10.11.177 [65535 ports] Discovered open port 80/tcp on 10.10.11.177 Discovered open port 22/tcp on 10.10.11.177 Port 22 and 80 confirm the victim is running Ubuntu and Apache version 2.4.41 …

Full Nmap Scan of the host reveals ports 22, 80, and 9093 open.Attempting to go to website http://10.129.48.81 redirects to shoppy.htb so I add the hostname to /etc/hosts file:

Similar to other TryHackMe challenges, the user must interact with the IP of the virtual machine either through an openvpn connection or by using the THM’s Attack Machine. I opted for the former option and fired up openvpn:

Performing a full Nmap TCP scan, I identify several ports open including 53, 135, 139, 445, 5985, 3268, 3269, 9389, 636 and others:

Full TCP Nmap scan of host shows three ports open: Scanning 192.168.150.48 [65535 ports] Discovered open port 22/tcp on 192.168.150.48 Discovered open port 80/tcp on 192.168.150.48 Discovered open port 1898/tcp on 192.168.150.48 SSH Version : : OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0) Port 1898: Apache httpd 2.4.7 (Ubuntu)…

Full TCP Nmap scan reveals ports 80 and 443 are open:

Performing a full tcp Nmap scan on the box, I identify two ports open of 22 and 8080:

Performing an Nmap full tcp scan, I find that ports 22,80 and 3000 are open: