22,80,389,443,5667

monitored.htb
nagios.monitored.htb
found in ports 443 by gobuster
<https://nagios.monitored.htb/nagiosxi/terminal/>
<https://nagios.monitored.htb/nagiosxi/login.php>

from udp scan:

Untitled

161,162,10161,10162/udp - Pentesting SNMP

sudo nmap -sU -sC -sV -T4 --min-rate=500 monitored.htb -p161,162

found credentials from snmp (result from nmap scan port 161)

Untitled

svc:XjH7VCehowpR1xZB

the credential is not valid for login page we gained from previous stages

let’s see if there is any other login page

try

https://nagios.monitored.htb/nagios/

Untitled

with creds, then we get

Untitled