Network services
Learn about, then enumerate and exploit a variety of network services and misconfigurations.
This room from tryHackMe introduces some good concept on network service security. Here, I have included some necessary concept from THM and other sources as a note. I also included task answers. Hope this will help readers.
Task 2: Understanding SMB
How SMB works -
Unix system uses 'Samba' - which supports SMB. This is also available in Windows.
Task 3: Enumerating SMB
A very good tool for enumeration is : enum4linux
In this post, you will find an awesome checklist for SMB enumeration, created by 0xdf: Link here
Task 4: Exploiting SMB
Methodology for exploiting is
Get any misconfiguration
Get SMB share info
To remotely access the SMB share, we can use smbclient tool : smbclient //[IP]/[SHARE]
Task 5: Understanding Telnet
Telnet -
A protocol to connect and execute command to a remote server
Communicates in a plain text, no encryption
Command -
telnet [IP] [port]
Task 6: Enumerating Telnet
Sometime only nmap scan is enough to enumerate.
Task 7: Exploiting Telnet
Two very good sites to search Exploit:
Task 8: Understanding FTP
File Transfer Protocol (FTP) -
This allows to transfer file over network
FTP operates using two channels
Command channel for transmitting command
Data channel to transfer data
This has two types of connections
Active FTP connection - client opens a port and listen, server connects to it
Passive FTP connection - server opens a port and listen passively, clients connect to it
Task 9: Enumerating FTP
Nmap scan can reveal good info about FTP running on a server.
Task 10: Exploiting FTP
2 ways to exploit -
MITM: as the FTP communication is unencrypted, attacker can read the plain text info
Brute force: the password can be weak often. So brute forcing it can give us access
Hydra command to brute force password:
hydra -t 4 -l [user] -P [wordlist location] -vV [IP] ftp
Last updated
Was this helpful?