Posts

Showing posts from October, 2015

Tango Down (CTF4) : Capture The Flag (CTF) 4 Lamp Security Challenge

Image
Lab Environment :

Victim Host : https://www.vulnhub.com/entry/lampsecurity-ctf4,83/  on VirtualBox (MacOS) Attacking Host : KALI (On Virtual Box)
Network : Host-Only (VirtualBox)
Tools : As mentioned in the walkthrough below


Discovery :

- Search the IP, start the VM, select the network to Host Only network, now we are aware the subnet used by host only, just run an nmapscan to identify the network IP.

We got the below IP and services :

Nmapscan report for 192.168.56.101
Host is up (0.00043s latency).
Not shown: 96 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
631/tcpclosed ipp
MAC Address: 08:00:27:37:40:F6 (CadmusComputer Systems)


To confirm, Telnet on 25 port
root@kali:~# telnet 192.168.56.101 25

Trying 192.168.56.101...
Connected to 192.168.56.101.
Escape character is '^]'.
220 ctf4.sas.upenn.eduESMTPSendmail8.13.5/8.13.5; Sat, 24 Oct 2015 00:05:52 -0400
HELO
501 5.0.0 HELOrequires domain address
VRYroot
500 5.5.1 Command unrecognized: "VRY…

Common TCP/IP Ports For Penetration Testers

Some of the ports of interests for penetration testers are :

Port NumberUsageProtocolSome Enumeration Commands and Tools21FTPTCPNmap NSE,22SSHTCP,UDPTBD23TelnetTCPTBD25SMTPTCPNmap NSE53DNSTCP,UDPNmap NSE, dnsrecon, nslookup80HTTPTCP,UDPNmap NSE, nikto, dirbuster123NTPTCPTBD135Microsoft RPCTCP,UDPNmap NSE, 137NetBIOS Name ServiceTCP,UDPNmap NSE, 139NetBIOS Session Service,
Samba (SMB,CIFS)TCP,UDPNmap NSE, smbclient161SNMPTCP,UDPsnmpwalk, onesixtyone162SNMP TrapTCP,UDPsnmpwalk, onesixtyone389LDAPTCP,UDPTBD443HTTPSTCP,UDPNmap NSE, nikto, dirbuster445Microsoft-dsTCPNmap NSE, PsExec, nbtstat3306MySQLTCPNmap NSE, sqlmap3368Global CatalogueTCPTBD3389RDPTCPTBD List of Ports and usage


If you have any suggestions, please leave your comments below to add some here..