Hack The Box — Cronos Writeup w/o Metasploit

This is the 10th blog out of a series of blogs I will be publishing on retired HTB machines in preparation for the OSCP. The full list of OSCP like machines compiled by TJnull can be found here.

Let’s get started!

Reconnaissance

First thing first, we run a quick initial nmap scan to see which ports are open and which services are running on those ports.

nmap -sC -sV -O -oA initial 10.10.10.13

• -sC: run default nmap scripts
• -sV: detect service version
• -O: detect OS
• -oA: output all formats and store in file nmap/initial

We get back the following result showing that 3 ports are open:

• Port 80: running Apache httpd 2.4.18
• Port 22: running OpenSSH 7.2p2
• Port 53: running ISC BIND 9.10.3-P4 (DNS)

Before we start investigating these ports, let’s run more comprehensive nmap scans in the background to make sure we cover all bases.