Sunday, November 6, 2022

 This week I am tasked with completing the following room at TryHackMe:

Active Reconnaissance

This is the second room in their Network Security Module, so I decided to do the first one in the module first.

Passive Reconnaissance

I had to do quite a bit of work to figure out how to connect via OpenVPN. There are a large number of tutorials on YouTube, telling you how to connect and confirm your connection, but they all neglect to mention how you actually use it after connecting. In the time it took to do the research, my attackbox expired. I will try again.

I completed the Active room before returning to this one. And again this website frustrates me. Despite following numerous steps to set up the network. The terminal on the AttackBox can't ping google, and I can't run # whois tryhackme.com; I receive the following error:

connect: Network is unreachable

If I was more misanthropic, I would assume they are trying to frustrate me into paying for a subscription. I'm not wasting any more time on this today.

Active Reconnaissance

After a brief introduction and a list of tools used this room begins with a description of ports used by web browsers. A brief explanation of how to inspect elements of a website using Developers Tools was followed by a list of browser extensions to help with pen testing. A question about an element of another website was easy to suss out using the Developers Toolkit and some poking around.

Then we went over the ping command. The questions required me to break out the man page. Until now I've only ever used ping to test if my system can connect to the world wide web on a new, minimal Linux installation.

Next we are introduced to tracerout and a much-needed refresher on TTL. Using my connection between the AttackBox and a target machine I ran traceroute on the target machine to find how many licks it takes to get to the tootsie-roll-center of a tootsie-pop.

Next I probed the target machine's port 80 with telnet. The instructions for this section are clear enough to execute, but there is a lot of information in just a few sentences (almost as dense as my networking textbook). When I'm not neck deep in schoolwork, I'm going to come back and work through this whole module.

Then I used netcat to probe port 21 on the target machine. EverythingISaidAboutTheLastSection = 1

EverythingISaidAboutTheLastSection * 2 

The room wrapped up with a summary and some links to tools and resources.

 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)