Computer Networking > EXAM > Hack The Box: Attacking Enterprise Networks Module 163 . (All)

Hack The Box: Attacking Enterprise Networks Module 163 .

Document Content and Description Below

Attacking Enterprise Networks: Link to challenge: https://academy.hackthebox.com/module/163 (log in required) Class: Tier II | Medium | Offensive Before we begin: throughout the module we will need to configure our pwnbox /etc/hosts File by adding the line: [target machine IP] [required vhosts] To link the vhost to the target IP address. For example: It can be done with the command sudo nano /etc/hosts then pasting the configuration modification, and save and exit with ctrl+x. Throughout the module this process would be called ‘initial configuration’ External Testing External Information Gathering: Question: Perform a banner grab of the services listening on the target host and find a non-standard service banner. Submit the name as your answer (format: word_word_word) Answer: 1337_HTB_DNS Method: First, we will need do initial configuration on vhost ‘inlanefreight.local’ and the target IP. Now lets run nmap to check for any non-standard services, we will use the command: sudo nmap --open inlanefreight.local -p 1-10000 where our target of course is ‘inlanefreight.local’ (which we linked to the target machine IP), scanning for the first 1000 ports, displaying what of them are open: Lets inspect it further with the command: sudo nmap inlanefreight.local --open -p 1-10000 -A -oA inlanefreight_ept_tcp_all_svc saving the output in an output file called ‘inlanefreight_ept_tcp_all_svc’, as the output result is way way too much long and noicy, here is a small sample of it: Running ls we have those 3 formats of the output file Lets inspect further the ‘gnmap’ ( ) We will use the command: egrep -v "^#|Status: Up" inlanefreight_ept_tcp_all_svc.gnmap | cut -d ' ' -f4- | tr ',' '\n' | sed -e 's/^[ \t]*//' | awk -F '/' '{print $7}' | grep -v "^$" | sort | uniq -c | sort - k 1 -nr And we have the answer here as ‘unknown banner’. Question: Perform a DNS Zone Transfer against the target and find a flag. Submit the flag value as your answer (flag format: HTB{ }). Answer: HTB{DNs_ZOn3_Tr@nsf3r} Method: we will run zone transfer on the domain using the command: dig axfr inlanefreight.local @inlanefreight.local We can see the flag under the subdomain ‘flag.inlanefreight.local’ Question: What is the FQDN of the associated subdomain? Answer: flag.inlanefreight.local Method: see above. Question: Perform vhost discovery. What additional vhost exists? (one word) Answer: monitoring Method: we will run the command ffuf -w /usr/share/seclists/Discovery/DNS/namelist.txt:FUZZ -u http://inlanefreight.local/ -H 'Host:FUZZ.inlanefreight.local' -fs 15157 to use ‘ffuf’ tool to brute force subdomains, using the wordlist namelist.txt which is built in, in the box in the path ‘/usr/share/seclists/Discovery/DNS/namelist.txt’: The subdomain that was found and is not detected in the zone transfer is ‘monitoring’. Service Enumeration & Exploitation: Question: Enumerate the accessible services and find a flag. Submit the flag value as your answer (flag format: HTB{ }). Answer: HTB{0eb0ab788df18c3115ac43b1c06ae6c4} Method: we will check the ftp service, we will run the command: ftp and on the credentials we will enter ‘anonymous’ for username and blank password: Running ‘ls’ we can see there is flag.txt, lets download it to the pwnbox machine with the command: get flag.txt Lets exit the ftp server, and cat the flag we had just downloaded: Web Enumeration & Exploitation: Question: Use the IDOR vulnerability to find a flag. Submit the flag value as your answer (flag format: HTB{}). Answer: HTB{8f40ecf17f681612246fa5728c159e46} Method: First, we will need do initial configuration on vhost ‘careers.inlanefreight.local’ and the target IP. When its done, lets enter in the pwnbox browser the URL: ‘http://careers.inlanefreight.local’ lets create an account: Then lets login to it

[Show More]

Last updated: 1 week ago

Preview 10 out of 109 pages

Get Access

Instant download after payment

Card Payments

₿ Crypto Accepted

Instant download