Footprinting Lab Easy
Initial Reconnaissance with nmap
Using the following nmap command, we began our initial reconnaissance:
nmap -sV -T4 -p- -A 10.129.202.41
The results showed various services and ports open:
NFS Services Exploration
From the nmap scan, we identified NFS services. To explore further:
- Created a directory for mount:
sudo mkdir /mnt/TechSupport
- Mounted the remote directory:
sudo mount -t nfs 10.129.202.41:/TechSupport TechSupport
Contents inside the 'TechSupport' directory:
Try to cat one of the flie is empty then I use ls -la
to see the detial
We can see ticket4238791283782.txt has something
cat ticket4238791283782.txt
we get the conversation below
Started on November 10, 2021 at 01:27 PM London time GMT (GMT+0200)
01:27 PM | Operator: Hello,.
So what brings you here today?
01:27 PM | alex: hello
01:27 PM | Operator: Hey alex!
What do you need help with?
01:36 PM | alex: I run into an issue with the web config file on the system for the smtp server. do you mind to take a look at the config?
01:38 PM | Operator: Of course
01:42 PM | alex: here it is:
smtp { host=smtp.web.dev.inlanefreight.htb #port=25 ssl=true user="alex" password="lol123!mD" from="alex.g@web.dev.inlanefreight.htb" } securesocial { onLoginGoTo=/ onLogoutGoTo=/login ssl=false userpass { withUserNameSupport=false sendWelcomeEmail=true enableGravatarSupport=true signupSkipLogin=true tokenDuration=60 tokenDeleteInterval=5 minimumPasswordLength=8 enableTokenJob=true hasher=bcrypt } cookie { # name=id # path=/login # domain="10.129.2.59:9500" httpOnly=true makeTransient=false absoluteTimeoutInMinutes=1440 idleTimeoutInMinutes=1440 } }
Remote Desktop Connection
With the obtained credentials, an attempt was made to access the system using Remote Desktop:
- Installed necessary tools:
sudo apt-get install rdesktop
- Initiated connection:
rdesktop 10.129.202.41
Try login Microsoft sql server not success
search the computer file see what we can get then we get a important.txt
Use the credentials
Try the credentials on sql server still not works
xfreerdp /v:10.129.202.41 /u:Administrator /p:'87N1ns@slls83’
Try to run the Microsoft sql server as a Administrator it works
Search the database get the result