This is the write-up for the box Doctor on HackTheBox which is created by egotisticalSW It is an easy rated box, so without any further ado, let's get started. Foothold and Recon:- So let's get started with our nmap scanning and gather some information on our target. I like to use a tool called rustscan , which is basically nmap on steroids. It is a really really fast portscanning tool. rustscan <IP> -- -sC -sV -oN nmapscan -sC= for default script scan -sV= for version scan -oN= to output the nmap result in normal format # Nmap 7.80 scan initiated Tue Nov 17 04:06:03 2020 as: nmap -sC -sV -oN nmapscans 10.10.10.209 Nmap scan report for doctor.htb ( 10.10.10.209 ) Host is up ( 0.28s latency ) . Not shown: 997 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 ( Ubuntu Linux; protocol 2.0 ) 80/tcp open http Apache httpd 2.4.41 (( Ubuntu )) |_http-server-header: Apache/2.4.41 ( Ubuntu ) |_http-title: Doctor 80