Skip to main content


As usual, we start off with a basic nmap scan to discover open ports and services.

Nmap Scan results

~/Desktop/HTB/retired ❯ sudo nmap -sS -Pn -sV -sC
Starting Nmap 7.92 ( ) at 2022-06-11 20:58 +08
Nmap scan report for
Host is up (0.0074s latency).
Not shown: 998 closed tcp ports (reset)
22/tcp open ssh OpenSSH 8.4p1 Debian 5 (protocol 2.0)
| ssh-hostkey:
| 3072 77:b2:16:57:c2:3c:10:bf:20:f1:62:76:ea:81:e4:69 (RSA)
| 256 cb:09:2a:1b:b9:b9:65:75:94:9d:dd:ba:11:28:5b:d2 (ECDSA)
|_ 256 0d:40:f0:f5:a8:4b:63:29:ae:08:a1:66:c1:26:cd:6b (ED25519)
80/tcp open http nginx
| http-title: Agency - Start Bootstrap Theme
|_Requested resource was /index.php?page=default.html
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 13.95 seconds

Evidently, nmap is telling us that it is a Debian machine (Linux-based) and SSH is open on port 22 and there is a web server running on port 80.

Agency website

Visiting the IP address redirects us to this page:

Website landing

Rather interesting to see that there are some mention of OSTRICH and EMUEMU. We will keep that in mind for now.