Menu

HTB - Previous

August 30, 2025
by Kieran Jessup

Overview

DifficultyMedium
OSLinux
Release Date23 August 2025
StatusActive

Walkthrough

Enumeration

Reconnaissance
β”Œβ”€β”€(htb)─(k1tγ‰Ώred)-[~/Documents/boxes/htb/previous]
└─$ nmap -sC -sV -v -T4 $target
Starting Nmap 7.95 ( https://nmap.org ) at 2025-09-02 06:37 EDT
<truncated>
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA)
|_  256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519)
80/tcp open  http    nginx 1.18.0 (Ubuntu)
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://previous.htb/
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Initial Port Scan

LOW SEVERITY
Reconnaissance Methodology:

Initial port scanning using Nmap with service detection and version enumeration to identify open ports and running services on the target host.

Key Findings:
  • SSH Service: OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 running on port 22
  • Web Server: nginx 1.18.0 (Ubuntu) running on port 80
  • HTTP Methods: GET, HEAD, POST, OPTIONS supported
  • Operating System: Ubuntu Linux
  • Web Application: Redirects to http://previous.htb/
  • SSH Hostkeys: ECDSA (256-bit), ED25519 (256-bit)
Next Steps:
  • Web enumeration on port 80 (nginx application)
  • Directory discovery using supported HTTP methods (GET, HEAD, POST, OPTIONS)
  • Application analysis of the "previous.htb" web interface
  • SSH service investigation and potential key-based authentication
  • DNS enumeration for the "previous.htb" domain
MITRE ATT&CK: T1590 - Gather Victim Host Information

This walkthrough has been hidden in accordance with HTB policy.