Posts

Showing posts from July, 2021

HTB Business CTF 2021 - Theta

Image
Hack The Box (HTB) hosted its very first "corporate only" CTF this past weekend and called it  HTB Business CTF 2021 . Participants had to create new accounts directly linked to their employer, teams were capped at 10, and the challenges were mostly intermediate to hard on the difficulty scale.  HTB Business CTF 2021 Sadly, I was alone on my team and only had the first day of the event to devote. So, I decided to focus only on the cloud challenges and I was able to solve the first one. So without further ado... Let's get into it. Theta We're in the practice of open source cloud services and thinks that the deployment is secure so far. As a part of a pentest engagement, can you test and report the vulnerabilities? I began this challenge with a port scan: nmap -p- -sV -Pn --open -iL target.txt -oA nmap-theta_full --stats-every 120s Nmap scan report for 10.129.171.200 Host is up (0.043s latency). Not shown: 65533 closed ports PORT     STATE SERVICE VERSION 22/tcp   open