📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
Powered by GitBook
On this page
  • SMB: Server Message Block
  • Understanding SMB
  • Enumerating SMB
  • Exploiting SMB
  • Telnet
  • Understanding Telnet
  • Enumeration Telnet
  • Exploiting Telnet
  • FTP: File Transfer Protocol
  • Understanding FTP
  • Enumerating FTP
  • Exploiting FTP

Was this helpful?

  1. TryHackMe
  2. Walkthroughs: Easy

Network Services

PreviousNetwork Services 2NextThe Hacker Methodology

Last updated 3 years ago

Was this helpful?

SMB: Server Message Block

Understanding SMB

SMB - Server Message Block Protocol - is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network. Servers make file systems and other resources (printers, named pipes, APIs) available to clients on the network.

The SMB protocol is known as a response-request protocol, meaning that it transmits multiple messages between the client and server to establish a connection. Clients connect to servers using TCP/IP, NetBEUI or IPX/SPX.

What runs SMB?

Microsoft Windows operating systems since Windows 95 have included client and server SMB protocol support. Samba, an open source server that supports the SMB protocol, was released for Unix systems.

Enumerating SMB

Lets check how many ports are open

We have 2 open ports

Lets run a detailed scan

SMB is running on ports 139 and 445

Lets use enum4linux to enumerate SMB

The name of the Workgroup is WORKGROUP

POLOSMB is the name of the machine and the OS version is 6.1

This share is interesting

Exploiting SMB

Lets use smbclient to connect to the share.

We are logged in.

Lets transfer the Information.txt file onto our machine and read it.

We can assume that this folder belongs to "John Cactus".

Reading the file, we can see that ssh has been enabled for employees to work from home, so we can also check out the .ssh folder on the smb share as it has ssh file that we can use to login to the machine using ssh.

Lets change directories into the .ssh folder and list the files.

To most useful file to us is the id_rsa file as we can use that to login through ssh.

Lets do this.

The username is cactus, lets login and read the file

Telnet

Understanding Telnet

Enumeration Telnet

Lets start enumerating by running a nmap scan to see what port are open on the machine

Exploiting Telnet

Lets login through telnet

Lets create the payload and start a listener

Lets run the exploit

We should get a reverse shell

Lets read the flag

FTP: File Transfer Protocol

Understanding FTP

Enumerating FTP

Lets start scanning

Lets login through FTP

Lets get this file on our machine and read it

We can see that Mike is a possible username

Exploiting FTP

Lets crack the password using hydra

Now lets login and get the ftp.txt file on our machine and read it