# Network Services 2

![](/files/-McfbqqfMlgFBuUh4WYb)

## NFS: Network File System

### Understanding NFS

![](/files/-McfcUH1V1Etq1nSC1JU)

![](/files/-McfcgnMZhvEqdS1Xgf5)

![](/files/-McfdtffoXR4DRfBLatK)

### Enumerating NFS

![](/files/-McfeRvvG2lQzHrQoWm0)

![](/files/-McfeXdRZcv8_nSycK8t)

Lets run nmap scans to get information on the machine

![](/files/-Mcff-ENrx2Lo5bh-51i)

![](/files/-McfhR7Pcj7DpNkk6p8N)

![](/files/-Mcff2Wj2TPRHC_MfpsT)

![](/files/-Mcff54jku0yiYIDPzhI)

Lets mount the file

![](/files/-Mcffc0V3eOyni0fAYGO)

![](/files/-McffhJCoH_hM6ufdB0E)

![](/files/-McfgQSKv2k8ijjh6ybv)

![](/files/-McfgSc6EToKZs5B_FNJ)

![](/files/-McfgWm8DrX2W4iS_LAt)

![](/files/-Mcfga6PIi72AIFoA-pc)

![](/files/-McfgcxvrH8kbRC6NxRd)

### Exploiting NFS&#x20;

![](/files/-Mcfgx_uuw_LIznAzdZk)

![](/files/-Mcfh-PfJ_mGob76EImO)

Lets follow these steps

![](/files/-Mcjs_NnIja6giPpXZHN)

Now login through ssh and run the command "bash -p" in the home directory

![](/files/-Mcjsm-fbe4zwNYAVogN)

We are root

![](/files/-Mcjsu1GjjOEpLpYJ9Y_)

Lets read the flag

![](/files/-Mcjt1KdUaujF01NRDFx)

## SMTP: Simple Mail Transfer Protocol

### Understanding SMTP

![](/files/-Mcjtv3suraFUsObnFAF)

![](/files/-Mcju0_GmRcF-n2EbBpI)

![](/files/-Mcju42eCiRrwVSzNfzY)

![](/files/-McjvAHqKXAzKDGq7yrl)

### Enumerating SMTP

![](/files/-Mcjve4KRaQV5US_ow-S)

Lets run nmap scans to get information about the open ports on the machine

![](/files/-Mcjw1vAE97zWg1wwOL3)

![](/files/-McjwDzWp-yQfpMRP9gH)

![](/files/-Mcjw4NMwzi9EC7nlDg6)

Lets start Metasploit and look for the module they mentioned and then set the options

![](/files/-McjwXoW86bcrZSZ6gx4)

![](/files/-McjwcF9AVfs9_FAJT5U)

![](/files/-Mcjwfi62Nb2S68K2wXq)

![](/files/-Mcjwoz__JNxhhQx2kwJ)

![](/files/-McjxBDhSkAU8i43dxyM)

![](/files/-McjxE2jJaxNMQqaUqDp)

Lets search for what MTA is running the SMTP server

![](/files/-McjxRWWi7OclUB5mbgx)

This can also be seen in the output after we ran the enumeration module

![](/files/-McjxbEENGr-Kx5Z7go9)

Lets do the next steps

![](/files/-McjyBYqifwMK_9eUcE1)

![](/files/-McjyHL1evphd5wDKSMu)

Lets run the exploit

![](/files/-Mcjyyr-RiwOyL3rE_dm)

![](/files/-Mcjz13lS7SFQrQGuTtE)

### Exploiting SMTP

![](/files/-McjzHyYVZEFjZT8f9ie)

![](/files/-McjzPd0or7gTEkYnTKT)

Lets use hydra to crack the password

![](/files/-Mck-0fJiIkDiqz3ixjG)

![](/files/-Mck-3BAlgjc4-7PBn7R)

Lets login through ssh and read the flag

![](/files/-Mck-GDSPNMKS7FF3giR)

## MySQL: Structured Query Language

### Understanding MySQL

![](/files/-Mck1R6VGKR-fDg6eH8u)

![](/files/-Mck1U3T_Z8c3YOGXeFA)

![](/files/-Mck1zkBPeGW9rTna2FE)

### Enumerating MySQL

![](/files/-Mck2E1XLBFhKKpid6_v)

Lets run a nmap port scan

![](/files/-Mck2uIAMDl0W_-ApUHI)

![](/files/-Mck2y-pBDG-1TslZfpU)

![](/files/-Mck3NRiN1YwqEV3F-eN)

Lets login into MySQL as root

![](/files/-Mck4j6m2Ep_YMAZhuyK)

![](/files/-Mck4oZ7wMXZ0Vz5nfa1)

Lets launch Metasploit and search for the module and look at what options we have to set

![](/files/-Mck5-ObqGvEOaur_GvE)

![](/files/-Mck59FRyTX5_GHUa95I)

Lets set the options

![](/files/-Mck5CVk9nrKpLwmPX65)

Now lets run the module

![](/files/-Mck5KCmRwR1GUyHBoDW)

![](/files/-Mck5eJWuM89TYez5YWY)

Lets set the SQL parameter to show databases and run the exploit

![](/files/-Mck5oaZ5NwG-7WIz3lc)

![](/files/-Mck5saiwHdUUE_IqSgd)

### Exploiting MySQL

![](/files/-Mck62tzRr3cAFlyLSfo)

Lets follow the steps they have given&#x20;

![](/files/-Mck6dHuCwBs85S7Q5Z1)

![](/files/-Mck7K-Sh12xDCvuJLu_)

![The last table returned](/files/-Mck6qdyyuM_N7P-O33B)

![](/files/-Mck6x2YWsWwfAJlx-Qe)

Lets do the next step

![](/files/-Mck7AfdolirJwTbCh7e)

![](/files/-Mck7ZwdsiDmr60n-Py_)

![](/files/-Mck7DePg1zX9j2ek6wt)

![](/files/-Mck7m9TBGZvdiPnUjYk)

Lets save the username and hash into a file called hash.txt&#x20;

![](/files/-Mck7xbivMS8wkVhirbe)

Now lets crack it with John The Ripper

![](/files/-Mck88Y91fKTxiw_5EEa)

![](/files/-Mck8DFTIUt30CnzIArc)

Lets now login through ssh and get the flag

![](/files/-Mck8Ov4nMb3_929H_LE)

&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://writeups.adityadindi.com/tryhackme/walkthroughs-easy/network-services-2.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.