HTB : Openkeys Initial Recon sudo nmap -sS -sV -sC 10.10.10.199 > rec_ini The ssh port is open The http port 80 is open, which is running OpenBSD http Do the all ports scan just to make sure : sudo nmap -p- -T5 10.10.10.199 > all_ports Same outcome. So we have to go for the web page. Testing the Login page Gobuster shows a directory called includes/, which has two files, auth.