- Purpose: Document my experience and share knowledge on the Cyber Defense challenges
- Scope: Learn the fundamental components of detecting and responding to threats in a corporate environment
- Environment: Kali Linux via VirtualBox
- Accounts and Access: Created a TryHackMe account and accessed the room via OpenVPN
- Objective: Access an FTP server and capture the flag by enumerating information then exploiting its vulnerabilities to exfiltrate sensitive data and gain access to the server and capture the flag
- Initial Scanning:
-
Tools and Commands:
- Port Scanning & ftp server enumeration:
nmap -A 10.10.40.220
-vnmap -Pn 10.10.40.220
-v
- Enter
ftp 10.10.40.220
to connect to the ftp server - Log in user as
anonymous
password press enter - Enter
ls
thenget PUBLIC_NOTICE.txt
to download the file to your local folder - Enter
cat PUBLIC_NOTICE.txt
in cli to open file to read contents
- Port Scanning & ftp server enumeration:
-
Findings:
- Open port HTTP running on 80/tcp
- Open port FTP running on 21/tcp
- There's a file called PUBLIC_NOTICE.txt
- There's a variant ftp version vsFTPd 3.0.3
- FTP login as Anonymous is allowed
- A possible username called, Mike
-
-
Vulnerability Identification: CVE-2017-7494
- Techniques Used: exploiting anonymous SMB share access- a common misconfiguration allowing us to gain information that will lead to a shell.
-
Exploitation Process: - Enter
hydra -t 4 -l mike -P /usr/share/wordlists/rockyou.txt.gz -vV 10.10.185.60 ftp
to brute force the password of mike using hydra - Syntax breakdown:
- Challenges Faced: This challenge was fairly easy compared to SMB and Telnet exploitation
- Learnings: I learned FTP's vulnerabilities like ARP-poisoning and that it sends clear text so it's not secured unlike its more secured alternative protocols like SFTP and FTPS
- Improvements: Do more hands-on activities like this to have practical skills while gaining theoretical knowledge
- Summary: Successfully learned target credentials and exfiltrated data and captured the flag