I decided to go with the latter service as a point of entry. The former is running the remote desktop protocol service (as indicated by the Microsoft Terminal Services banner also see Liang et al., 2021), whilst the latter is running the ThinVNC service ( Cybele et al., n.d.) - as noted by the following snippet from the nmap results: ticate: Digest realm="ThinVNC", qop="aut. 1998).įurther inspection of the nmap results shows what the services on port 33 are running respectively. It should also be noted that a tcpwrapped service is different from firewall -something that is discussed in (c.a. Note that the service on 7680 has been tcpwrappped, which means that whatever is running it is referencing the /etc/hosts.allow and /etc/ny files and grants (or denies) access based on their configurations ( Red Hat Customer Portal, n.d). The scan also identified the operating system as “AVtech Room Alert 26W environmental monitor”. There are two ports open: one TCP-driven service on 3389 and another TCP-driven service on port 8080. 1 shows an excerpt of the xsltproc output - specifically the open ports on the target system: I have taken the liberty of converting the raw XML output into a readable HTML format with the xsltproc utility: └─$ xsltproc tcp_scan.1.xml -o tcp_scan.htmlįig. The -oX tcp_scan.1.xml flag instructs nmap to store its results in a XML format. The room notes that the target machine is running Windows, so the -Pn flag will need to be used to ignore the fact that Windows does not respond to ICMP requests and proceed to launch a port scan regardless. Starting Nmap 7.92 ( ) at EDT NSE: Loaded 155 scripts for scanning. All addresses will be marked 'up' and scan times may be slower. To “get the ball rolling,” I started with an nmap (n.d.) scan of the target machine: └─$ sudo nmap -sT -A -v -Pn -p-O -sC -oX tcp_scan.1.xml atlas.thm Host discovery disabled (-Pn). I then clicked on the green-coloured “start machine” button that is on the top-right corner of the first task and proceeded to probe the machine. It would be better to record a pseudo-domain name as opposed to a dynamic IP address, so that every time I boot up the target VM, I can just edit the /etc/hosts file with the new target IP address. I did this because I know that I will not finish the room in one sitting and that the IP address of a TryHackMe boot2root machine will change for each new session. Base image: Cunningham and Goodwin (2015) Procedureīefore I start, I edited the /etc/hosts file on my AttackBox and added the following line: atlas.thm
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |