HTB AD Track: Cascade Walkthrough
Hello Everyone! Here’s my writeup for the machine Cascade.
Let’s start scanning and enumeration of the target machine using Nmap.
Command: sudo nmap -sS -T4 -A -p- -oA <output_file> <target-ip>
-sS: TCP SYN Scan
-T4: Faster scan time
-A: Enables OS and version detection, scans ports using common nmap scripts for specific vulnerabilities and performs traceroute.
-p-: Scan all 65535 ports
-oA: Save scan in 3 file formats (.nmap, .xml, .gnmap)
<output_file>: Replace with a file name of your choice
<target-ip>: Replace with the given IP address of the target machine
Following are the ports and services discovered along with result of some default Nmap scripts.
Port-by-port enumeration reveals the following:
Port 135 — Obtained a list of users on the target using rpcclient.
Command: rpcclient -U ‘’ -N <target-ip>
