Open in app

Sign in

Write

Sign in

TryHackMe Advent of Cyber 4→ DAY 4 — Scanning through the snow

Amol Rangari
3 min readDec 5, 2022

--

During the investigation of the downloaded GitHub repo (OSINT task), elf Recon McRed identified a URL qa.santagift.shop that is probably used by all the elves with admin privileges to add or delete gifts on the Santa website. The website has been pulled down for maintenance, and now Recon McRed is scanning the server to see how it's been compromised. Can you help McRed scan the network and find the reason for the website compromise?

Objectives of DAY-4

  • What is Scanning?
  • Scanning types
  • Scanning techniques
  • Scanning tools

The topic for day 4 of AOC 2022 is scanning.

What is Scanning?

Scanning is a set of procedures for identifying live hosts, ports, and services, discovering the operating system of the target system, and identifying vulnerabilities and threats in the network. These scans are typically automated and give an insight into what could be exploited. Scanning reveals parts of the attack surface for attackers and allows launching targeted attacks to exploit the system.

There are mainly 2 types of scanning :-

  1. Passive Scanning :- This method involves scanning a network without directly interacting with the target device. This is done to obtain basic information about the device or the network that is being scanned.
  2. Active Scanning :- Active scanning is a scanning method whereby you scan individual endpoints in an IT network to retrieve more detailed information

More information about scanning can be found on the AOC Day-4 Page.

Let us get to the task for DAY-4!

Q1 What is the name of the HTTP server running on the remote host?

When we run the “nmap” tool with the follwoing command, we can see all the open ports, the services running on them as well as their versions!

nmap -sV -sC <MACHINE_IP>

Q2 What is the name of the service running on port 22 on the QA server?

port 22 always has the ssh service running on it and we can see it in the above screenshot that it is the same.

Q3 What flag can you find after successfully accessing the Samba service?

Now, to access the samba service we need to use the smb service to get into that machine.

Once we enter the following command

smb://<MACHINE_IP>

in the file explorer, we get a prompt to login to that user. We can login to it using the secret credentials we found in the DAY-3 task in the config.php file.

username :- ubuntu

password:- S@nta2022

After we login, we can see 2 files present flag.txt and userlist.txt.

When we open the flag.txt file we find the answer flag for our question!

{THM_SANTA_SMB_SERVER}

Q4 What is the password for the username santahr?

We can that there is a userlist.txt file right there which has all credentials

And there we go! DAY -4 is done!!!

We are going to cover the full Advent of Cyber event again just like last year!

Follow me: https://linktr.ee/alexhack

Cyber Security Awareness
Advent Of Cyber 4
Information Security
Cybersecurity

--

--

Amol Rangari

Written by Amol Rangari

130 Followers

I am Cyber Security Expert, Security Researcher and bug hunter

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams