Net Sec Challenge — TryHackme Room Simple Writeup | 2023
2023-5-8 01:31:36 Author: infosecwriteups.com(查看原文) 阅读量:28 收藏

Basic Reconnaissance: (nmap)

It is not necessary to scan all ports, but it is useful in some cases.
Below is the nmap command to scan all Ports in a manner.

nmap -sC -sV -p- 10.10.85.107
nmap -sC -sV -p- 10.10.85.107

Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-04 17:33 IST

Nmap scan report for 10.10.85.107 (10.10.85.107)
Host is up (0.19s latency).
Not shown: 65529 closed tcp ports (conn-refused)
_____________________________________________________________________________
PORT STATE SERVICE VERSION
_____________________________________________________________________________
22/tcp open ssh (protocol 2.0)
| ssh-hostkey:
| 3072 da5f69e2111f7c6680896154e87b16f3 (RSA)
| 256 3f8c0946ab1cdfd73583cf6d6e177e1c (ECDSA)
|_ 256 eda93aaa4c6b16e60d437546fb33b229 (ED25519)
| fingerprint-strings:
| NULL:
|_ SSH-2.0-OpenSSH_8.2p1 THM{946219583339}
_____________________________________________________________________________
80/tcp open http lighttpd
|_http-server-header: lighttpd THM{web_server_25352}
|_http-title: Hello, world!
_____________________________________________________________________________
139/tcp open netbios-ssn Samba smbd 4.6.2
_____________________________________________________________________________
445/tcp open netbios-ssn Samba smbd 4.6.2
_____________________________________________________________________________
8080/tcp open http Node.js (Express middleware)
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
_____________________________________________________________________________
10021/tcp open ftp vsftpd 3.0.3
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port22-TCP:V=7.93%I=7%D=5/4%Time=6453A483%P=x86_64-pc-linux-gnu%r(NULL,
SF:29,"SSH-2\.0-OpenSSH_8\.2p1\x20THM{946219583339}\r\n");
Service Info: OS: Unix
_____________________________________________________________________________
Host script results:
| smb2-time:
| date: 2023-05-04T12:26:50
|_ start_date: N/A
|_nbstat: NetBIOS name: NETSEC-CHALLENG, NetBIOS user: <unknown>, NetBIOS MAC: 000000000000 (Xerox)
| smb2-security-mode:
| 311:
|_ Message signing enabled but not required

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1404.23 seconds

Task 2 — Challenge Questions

1. What is the highest port number being open less than 10,000?

Ans: 8080

2. There is an open port outside the common 1000 ports; it is above 10,000. What is it?

For this, we have to perform an nmap scan to scan ports above 10000

Ans: 10021

3. How many TCP ports are open?

Ans: 6

4. What is the flag hidden in the HTTP server header?

Ans: THM{web_server_25352}

5. What is the flag hidden in the SSH server header?

Ans: THM{946219583339}

6. We have an FTP server listening on a nonstandard port. What is the version of the FTP server?

Ans: vsftpd 3.0.3

7. We learned two usernames using social engineering: eddie and quinn. What is the flag hidden in one of these two account files and accessible via FTP?

We have to Bruteforce the password of these 2 Usernames using Hydra

Username: Eddie 
Password: jordan
Username: quinn
Password: andrea

Let’s Login with the Credentials using Telnet

1. ftp <MACHINE-IP> <PORT-NUMBER>
2. eddie
3. jordan
4. ls

We found a file which has the flag, so let’s open the file using the command fget ftp_flag.txt

Ans: Answer is below the filezilla method

文章来源: https://infosecwriteups.com/net-sec-challenge-tryhackme-room-simple-writeup-2023-f0595157594d?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh