Reconnaissance
First, I added the new host to my known ones:
sudo echo "10.10.11.34 trickster.htb" | sudo tee -a /etc/hostsThen I performed a Nmap scan:
nmap -sC -T4 -p- trickster.htb > sC.txt
[redacted]
PORT STATE SERVICE
22/tcp open ssh
| ssh-hostkey:
| 256 8c:01:0e:7b:b4:da:b7:2f:bb:2f:d3:a3:8c:a6:6d:87 (ECDSA)
|_ 256 90:c6:f3:d8:3f:96:99:94:69:fe:d3:72:cb:fe:6c:c5 (ED25519)
80/tcp open http
|_http-title: 403 ForbiddenSo I decided to take a look at the website:
I took a look at the source code of the website, and found the subdomain shop.trickter.htb, so I added to my known hosts:
It seems that the web uses Prestashop e-commerce solution:
