Network services 2

Enumerating and Exploiting More Common Network Services & Misconfigurations

This room from tryHackMe describes a few more common Network Service vulnerabilities and misconfigurations.

Task 2: Understanding NFS

NFS -

  • NFS = Network File System

  • It is used to share file and directories using network

  • Working method: client will request to mount directory. If client has permission, it will send 'file handle'

Task 3: Enumerating NFS

Method for enum -

  • Scan with nmap

  • Create mount point (directory) in the attacker machine

  • Command to connect with mount: mount -t nfs IP:share /tmp/mount/ -nolock

    • mount: Execute the mount command

    • -t nfs: type of device to mount. Here it is nfs

    • IP:share : the ip of the target and the share we want to mount

    • -nolock: not to use NLM locking

Task 4: Exploiting NFS

NFS pentest cheat sheet: hackTricks

Example method for exploiting -

  • Get NFS access

  • Gain low privilege access

  • Upload bash executable to NFS share

  • Get a reverse shell / Enumerate for ssh key / Escalate privilege

Task 5: Understanding SMTP

SMTP -

  • Stands for - simple mail transfer protocol

  • It's verifies and sends outgoing mail

  • Works with POP/IMAP

    • POP (post office protocol) : simply downloads the inbox from mail server

    • IMAP (internet message access protocol) : this is to synchronize the current inbox

Task 6: Enumerating SMTP

Two internal commands for SMTP -

  • VRFY: confirm the name of valid users

  • EXPN: this reveals the actual address of user and list of email

Task 7: Exploiting SMTP

Hydra brute force gave the solution here: hydra -t 16 -l [USERNAME] -P [rockyou.txt location] -vV [Machine IP Addres] ssh

Task 8: Understanding MySQL

Task 9: Enumerating MySQL

MySQL is not going to initial attack point. After getting initial access, it will help.

Task 10: Exploiting MySQL

PreviousNetwork servicesNextWhat the Shell?

Last updated

Was this helpful?