HTB - CodePartTwo
August 29, 2025
Overview
DifficultyEasy
OSLinux
Release Date16 August 2025
StatusActive
Walkthrough
Enumeration
Reconnaissance
βββ(k1tγΏred)-[~/Documents/boxes/htb/codetwo]
ββ$ nmap -sC -sV -v -T4 10.10.11.82
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 a0:47:b4:0c:69:67:93:3a:f9:b4:5d:b3:2f:bc:9e:23 (RSA)
| 256 7d:44:3f:f1:b1:e2:bb:3d:91:d5:da:58:0f:51:e5:ad (ECDSA)
|_ 256 f1:6b:1d:36:18:06:7a:05:3f:07:57:e1:ef:86:b4:85 (ED25519)
8000/tcp open http Gunicorn 20.0.4
| http-methods:
|_ Supported Methods: HEAD GET OPTIONS
|_http-title: Welcome to CodeTwo
|_http-server-header: gunicorn/20.0.4
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernelInitial Port Scan
LOW SEVERITY
Reconnaissance Methodology:
Initial port scanning using Nmap with service detection and version enumeration to identify open ports and running services on the target host.
Key Findings:
- SSH Service: OpenSSH 8.2p1 Ubuntu 4ubuntu0.13 running on port 22
- Web Server: Gunicorn 20.0.4 running on port 8000
- HTTP Methods: HEAD, GET, OPTIONS supported
- Operating System: Ubuntu Linux
- Web Application: "Welcome to CodeTwo" application
- SSH Hostkeys: RSA (3072-bit), ECDSA (256-bit), ED25519 (256-bit)
Next Steps:
- Web enumeration on port 8000 (Gunicorn application)
- Directory discovery using supported HTTP methods (HEAD, GET, OPTIONS)
- Application analysis of "Welcome to CodeTwo" web interface
- SSH service investigation and potential key-based authentication
MITRE ATT&CK: T1590 - Gather Victim Host Information
This walkthrough content has been hidden in accordance with HTB policy.