Day 4 of Advent of Cyber introduces us to port scanning, and in the exercise part we’ll get to do some nmap port scanning ourselves with the AttackBox, so let’s get started.
What is the name of the HTTP server running on the remote host?
Firing up the target host and AttackBox and then using nmap -sV $IP to scan the target host for the services running on it we can find the information of the HTTP server on port 80, giving us the correct answer to the first question.
What is the name of the service running on port 22 on the QA server?
This is a port number that you should know, or at least learn by heart in the future, but we can look at the prior scan results to see what service runs on port 22.
What flag can you find after successfully accessing the Samba service?
Next we’ll be logging into the SMB share, and this can easily be done on the AttackBox by just using the GUI and accessing smb://$IP, and then using the credentials we found on Day 3 (or just by looking them up on the THM task page). After logging in we’ll navigate to /admins to find twp text files, one which contains the flag we’re looking for.
What is the password for the username santahr?
As you might guess, the other file we find on the share contains usernames and passwords, so we just have to look up the username santahr to see the password, which works as the answer to this question.
And we’re done for today. A simple room that introduced us to nmap and Nikto, and guided us through to connecting to SMB share which contains further credentials by utilizing the credentials we yesterday found in a public repository with simple OSINT skills. Scary, huh?