Network services 2

Enumerating and Exploiting More Common Network Services & Misconfigurations

This room from tryHackMe describes a few more common Network Service vulnerabilities and misconfigurations.

Task 2: Understanding NFS

NFS -

• NFS = Network File System

• It is used to share file and directories using network

• Working method: client will request to mount directory. If client has permission, it will send 'file handle'

Task 3: Enumerating NFS

Method for enum -

• Scan with nmap

• Create mount point (directory) in the attacker machine

• Command to connect with mount: mount -t nfs IP:share /tmp/mount/ -nolock

  • mount: Execute the mount command

  • -t nfs: type of device to mount. Here it is nfs

  • IP:share : the ip of the target and the share we want to mount

  • -nolock: not to use NLM locking

Task 4: Exploiting NFS

NFS pentest cheat sheet: hackTricks

Example method for exploiting -

• Get NFS access

• Gain low privilege access

• Upload bash executable to NFS share

• Get a reverse shell / Enumerate for ssh key / Escalate privilege

Task 5: Understanding SMTP

SMTP -

• Stands for - simple mail transfer protocol

• It's verifies and sends outgoing mail

• Works with POP/IMAP

  • POP (post office protocol) : simply downloads the inbox from mail server

  • IMAP (internet message access protocol) : this is to synchronize the current inbox

Task 6: Enumerating SMTP

Two internal commands for SMTP -

• VRFY: confirm the name of valid users

• EXPN: this reveals the actual address of user and list of email

Task 7: Exploiting SMTP

Hydra brute force gave the solution here: hydra -t 16 -l [USERNAME] -P [rockyou.txt location] -vV [Machine IP Addres] ssh

Task 8: Understanding MySQL

Task 9: Enumerating MySQL

MySQL is not going to initial attack point. After getting initial access, it will help.

Task 10: Exploiting MySQL