Takeaways from the Bike HackTheBox Machine

Noting down my learning from the Bike Lab. Each section has different concepts I learned.

nmap -sC -sV -v {target IP}

The -sC option in nmap is used to enable the default script scan. When you run nmap -sC, it activates a set of default NSE (Nmap Scripting Engine) scripts to gather additional information about the target.

Key Features of sC:

• Default Scripts: Executes a pre-selected set of scripts from the Nmap Scripting Engine.
• Safe to Use: Focuses on scripts categorized as “safe” and non-intrusive, meaning they are unlikely to disrupt services or systems.
• Enhanced Information: Can detect service banners, vulnerabilities, misconfigurations, SSL details, HTTP info, etc.

Typical Output of nmap -sC:

PORT   STATE SERVICE
80/tcp open  http
| http-title: Example Domain
| http-server-header: Apache/2.4.18 (Ubuntu)
443/tcp open  https
| ssl-cert: Subject: commonName=example.com
|_ssl-date: 2024-11-10T10:00:00+00:00; +2s from local time.

Types of Information Gathered:

1. HTTP Services: Titles, headers, SSL certificate details.
2. FTP: Anonymous login availability.
3. SMB: Shares and configurations.
4. DNS: Zone transfer vulnerabilities.
5. SSL/TLS: Certificate validity and details.