📞
Contrxl
External Links
Theoretical Learning
Theoretical Learning
  • 🏡Home
  • 📰News & Information
  • Systems Administration
    • ⌨️Cisco
      • Networking Basics
        • Communication in a Connected World
        • Network Components, Types and Connections
        • Wireless and Mobile Networks
        • Home Networking Technologies
        • Communication Protocols
        • Network Media
        • The Access Layer
        • The Internet Protocol
        • IPv4 and Network Segmentation
    • 🎓Learning Links
    • 💻Microsoft
      • AZ-900
        • 1. Cloud Concepts
          • 1.1 Describe Cloud Computing
            • 1.1.1 Introduction - Cloud Computing
            • 1.1.2 What is Cloud Computing?
            • 1.1.3 The Shared Responsibility Model
            • 1.1.4 Define Cloud Models
            • 1.1.5 Define the Consumption based Model
            • 1.1.6 Summary - Cloud Computing
          • 1.2 Describe the Benefits of Cloud Services
            • 1.2.1 Introduction - Cloud Services
            • 1.2.2 Benefits of High Availability and Scalability
            • 1.2.3 Benefits of Reliability and Predictability
            • 1.2.4 Benefits of Security and Governance
            • 1.2.5 Manageability in the Cloud
            • 1.2.6 Summary - Cloud Services
          • 1.3 Describe Cloud Service Types
            • 1.3.1 Introduction - Cloud Service Types
            • 1.3.2 Describe Infrastructure as a Service
            • 1.3.3 Describe Platform as a Service
            • 1.3.4 Describe Software as a Service
            • 1.3.5 Summary - Cloud Service Types
        • 2. Architecture
          • 2.1 Core Architectural Components
            • 2.1.1 Introduction - Core Architectural Components
            • 2.1.2 What is Microsoft Azure
            • 2.1.3 Get Started with Azure Accounts
            • 2.1.4 Explore the Learn Sandbox
            • 2.1.5 Describe Azure Physical Infrastructure
            • 2.1.6 Describe Azure Management Infrastructure
            • 2.1.7 Create an Azure Resource
            • 2.1.8 Summary
          • 2.2 Compute and Networking
            • 2.2.1 Introduction - Compute and Networking
            • 2.2.2 Describe Azure VMs
            • 2.2.3 Create an Azure VM
            • 2.2.4 Describe Azure Virtual Desktop
            • 2.2.5 Describe Azure Containers
            • 2.2.6 Describe Azure Functions
            • 2.2.7 Describe Application Hosting Options
            • 2.2.8 Describe Azure Virtual Networking
            • 2.2.9 Configure Network Access
            • 2.2.10 Describe Azure VPNs
            • 2.2.11 Describe Azure ExpressRoute
            • 2.2.12 Describe Azure DNS
            • 2.2.13 Summary - Compute and Networking
          • 2.3 Azure Storage Services
            • 2.3.1 Introduction - Storage Services
            • 2.3.2 Describe Azure Storage Accounts
            • 2.3.3 Describe Azure Storage Redundancy
            • 2.3.4 Describe Azure Storage Services
            • 2.3.5 Create a Storage Blob
            • 2.3.6 Identify Azure Data Migration Options
            • 2.3.7 Identify Azure File Movement Options
            • 2.3.8 Summary - Storage Services
        • 3. Management and Governance
          • 3.1 Cost Management
            • 3.1.1 Introduction - Cost Management
            • 3.1.2 Describe Factors that can Affect Costs in Azure
            • 3.1.3 Compare Pricing and TCO Calculators
            • 3.1.4 Estimate Workload Costs
            • 3.1.5 Compare Workload Costs with TCO
            • 3.1.6 Describe the Microsoft Cost Management Tool
            • 3.1.7 Describe the Purpose of Tags
            • 3.1.8 Summary - Cost Management
          • 3.2 Governance and Compliance
            • 3.2.1 Introduction - Compliance and Governance
            • 3.2.2 Describe the Purpose of Microsoft Purview
            • 3.2.3 Describe the Purpose of Azure Policy
            • 3.2.4 Describe the Purpose of Resource Locks
            • 3.2.5 Configure a Resource Lock
            • 3.2.6 Describe the Purpose of the Service Trust Portal
            • 3.2.7 Summary - Compliance and Governance
          • 3.3 Tools for Managing Azure Resources
            • 3.3.1 Introduction - Tools for Managing Azure Resources
            • 3.3.2 Describe Tools for Interacting with Azure
            • 3.3.3 Describe the Purpose of Azure Arc
            • 3.3.4 Describe ARM and Azure ARM Templates
            • 3.3.5 Summary - Tools for Managing Azure Resources
          • 3.4 Monitoring Tools
            • 3.4.1 Introduction - Monitoring Tools
            • 3.4.2 Describe the Purpose of Azure Advisor
            • 3.4.3 Describe Azure Service Health
            • 3.4.4 Describe Azure Monitor
    • 📘Microsoft Portal Links
  • Cybersecurity
    • ❓Anonymity Tools
    • 💡OSINT
      • IP & Domain OSINT
      • Email & Username OSINT
      • Vulnerability OSINT
    • 📚Projects
      • ‼️A Simulation Study of DDoS
  • 🦈Hacking
    • ☁️Cloud Attack Vectors
      • Credential Harvesting
      • Privilege Escalation
      • Account Takeover
      • Metadata Service Attacks
      • Misconfigured Cloud Assets
      • Resource Exhaustion and DoS
      • Cloud Malware Injection Attacks
      • Side-Channel Attacks
    • Maintaining Persistence
      • Reverse and Bind Shells
      • Command and Control (C2) Utilities
      • Scheduled Jobs, Tasks and Custom Daemons
    • 💻Network-Based Vulnerabilities
      • Windows Name Resolution and SMB
      • DNS Cache Poisoning
      • SNMP
      • SMTP
      • FTP
      • Pass-the-Hash
      • Kerberos and LDAP-Based Attacks
      • On-Path
      • Route Manipulation
      • DoS and DDoS
      • NAC Bypass
      • VLAN Hopping
      • DHCP Starvation/Rogue DHCP Server
    • Pivoting
      • Post-Exploitation Scanning
      • Legitimate Utilities and LotL
      • Privilege Escalation
    • Specialised System Vulnerabilities
      • Mobile Devices
      • Internet of Things Devices
      • Virtual Machines
      • Containerised Workloads
    • ⚒️Tools
      • Burp Suite
        • Repeater
        • Intruder
        • Other Modules
      • GoPhish
      • Hydra
      • John the Ripper
      • Metasploit
        • Exploitation
        • Meterpreter
      • NMAP
      • Wireshark
    • 🖥️TryHackMe
      • Complete Beginner
        • 1. Complete Beginner Intro
        • 2. Linux Fundamentals
        • 3. Introductory Networking
        • 3.1 Network Exploitation Basics
        • 4. OWASP Top 10 Exploits
        • 5. Upload Vulnerabilities
        • 5.1 An Example Methodology
        • 6. Cryptography - Hashing
        • 7. Cryptography - Encryption
        • 8. Active Directory Basics
        • 9. What the Shell?
        • 10. Linux Privesc
        • 11. More Linux Privesc
      • Jr Penetration Tester
        • Walking an Application
        • Content Discovery
        • Subdomain Enumeration
        • Authentication Bypass
        • IDOR
        • File Inclusion
        • SSRF
        • XSS (Cross-site Scripting)
        • Command Injection
        • SQL Injection
        • Passive Reconnaissance
        • Active Reconnaissance
        • Protocols and Servers
        • Protocol and Server Attacks
        • Vulnerabilities
        • Exploiting Vulnerabilities
        • Linux Privilege Escalation
        • Windows Privilege Escalation
      • CompTIA Pentest+
        • Planning and Scoping
          • Pentesting Fundamentals
          • Red Team Engagements
          • Governance and Regulation
        • Tools and Code Analysis
          • Metasploit: Introduction
          • Wireshark: The Basics
          • Burp Suite: The Basics
          • Hydra
          • Python Basics
        • Attacks and Exploits
          • Phishing
          • Windows Local Persistence
          • Breaching Active Directory
          • Lateral Movement & Pivoting
    • Web Application Vulnerabilities
      • The HTTP Protocol
      • Business Logic Flaws
      • Injection-Based Vulnerabilities
      • Authentication-Based Vulnerabilities
      • Authorisation-Based Vulnerabilities
      • Cross-Site Scripting (XSS)
      • Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery (SSRF)
      • Clickjacking
      • Security Misconfigurations
      • File Inclusion Vulnerabilities
      • Insecure Coding Practices
    • Wireless Vulnerabilities
      • Rogue Access Point/Evil Twin
      • Disassociation/Deauthentication
      • Preferred Network List Attack
      • Wireless Signal Jamming
      • War Driving
      • Initialization Vector (IV) and Insecure Wireless Protocol
      • KARMA
      • Fragmentation Attacks
      • Credential Harvesting
      • Bluejacking and Bluesnarfing
      • RFID Attacks
Powered by GitBook
On this page
  • SMB (Server Message Block)
  • TELNET
  • FTP (File Transfer Protocol)
  • NFS (Network File System)
  • SMTP (Simple Mail Transfer Protocol)
  • MySQL
  1. Hacking
  2. TryHackMe
  3. Complete Beginner

3.1 Network Exploitation Basics

Third section in Complete Beginner learning path.

Last updated 4 months ago

An exploration of common network service vulnerabilities and misconfigurations.

SMB (Server Message Block)

SMB is a client-server communication protocol for sharing access to files, printers, serial ports and other resources. This is known as a response-request protocol, it transmits multiple messages between client and server to establish a connection. Clients connect to servers using TCP/IP, NetBEUI or IPX/SPX.

Once a connection is established, they can then send commands which allow acces to shares etc. Windows OS since Windows 95 includes support for SMB, Samba supports SMB on Unix systems.

Enum4Linux is a tool often used to enumerate SMB shares on Windows/Linux. This is installed by default on Parrot & Kali, or can be downloaded . The syntax is as follows:

enum4linux [options] IP_ADDR

Options that can be used are:

-U: get userlist -M: get machine list -N: get namelist dump -S: get sharelist -P: get password policy info -G: get group and member list -a: perform all of the above

Syntax for making connections to SMB is:

smbclient //IP_ADDR/SHARE_NAME -U USERNAME -p PORT

TELNET

Telnet is an application protocol. Telnet is a remote connection tool which sends all messages in clear text, Telnet has now been replaced with SSH. Telnet connects to the server using the syntax:

telnet IP_ADDR PORT

Always remember to check for uncommon ports that Telnet may be running on.

FTP (File Transfer Protocol)

FTP allows the remote transfer of files over network. Typically, FTP uses a command and a data channel. The command channel is for transmitting commands and the data channel is for transferring data. FTP operates using a client-server protocol. While the FTP session is open it may execute FTP commands on the server.

FTP server may support active, passive or both connections. In active FTP, the client opens a port and listens. The server is required to actively connect. In passive FTP, the server opens a port and passively listens, the client must connect to it.

Both command and data channels are unencrypted with default FTP, making it vulnerable to man-in-the-middle attacks.

NFS (Network File System)

Allows a system to share directories and files with others over a network. NFS allows access to remote files as if they were local, this is achieved by mounting the file system on a server.

The client will request to mount a directory from a remote host on a local directory the same way it does a physical device. The mount service then connects to the relevant mount daemon using RPC. The server will check if the user has correct permissions to mount the requested directory and return a file handled which identifies each file & directory on the server.

To access a file, an NFS, an RPC called is placed to NFSD (the NFS daemon) on the server. The call takes parameters such as:

  • The file handle

  • The name of the file to be accessed

  • The user's, user ID

  • The user's group ID

By default, NFS shares have root squashing enabled, this prevents anyone connecting from having root access to the NFS volume. Remote users are assigned the "nfsnobody" user. If this is turned off it can allow the creation of SUID bit files, allowing root access.

An SUID bit means a file or files can be run with the permissions of the file owner/group. The following command will set the SUID bit:

sudo chmod +s FILE

SMTP (Simple Mail Transfer Protocol)

SMTP is used to handle the sending of emails. To support email services, a protocol pair is required, comprising of SMP & POP/IMAP. SMTP servers allow three basic functions:

  • Verifies who is sending emails via SMTP

  • Sends outgoing mail

  • If outgoing mail can't be delivered, returns it to sender

POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) are protocols responsible for transfer of email between client and mail server. POP downloads the inbox from the mail server to the client, whereas IMAP synchronises the current inbox with new mail on the server, downloading anything new. This means that any changes made on one computer, over IMAP, will persist when the inbox is synchronised from another computer.

SMTP works as follows:

  1. The mail user agent connects to your domain's SMTP server e.g. smtp.google.com. This begins the SMTP handshake, usually over port 25. Once this is established and validated, the session starts.

  2. The process of sending can now begin, the client submits the sender and recipient email address, the body of the email and any attachments to the server.

  3. The SMTP server checks if the sending and receiving domain names are the same.

  4. The SMTP server of the sender connects to the recipients SMTP server, if this can't be accessed, the mail is put into an SMTP queue.

  5. The receiving SMTP server verifies the incoming email by checking if the domain and user name have been recognised. The server then forwards the email to the POP or IMAP server.

  6. The email appears in the recipients inbox.

Poorly configured SMTP servers can provide footholds into networks. The SMTP service has two internal commands that allow enumeration of users: VRFY (confirm names of valid users) and EXPN (shows address of user's aliases and lists of e-mail).

MySQL

Relational Database Management System (RDBMS) based on Structured Query Language (SQL).

A database is a persistent, organised collection of structured data. RDBMS is a software used to create and manage databases on a relational model. Every table relates to another tables "primary key" or other "key factors". MySQL is a brand name for a popular RDBMS software implementation. Other products also exist like PostgreSQL and MicrosoftSQL, this signifies their use of SQL.

MySQL is made up of the server and utility programs that help administer MySQL databases. The server handles all database instructions like creating, editing and accessing data. The process can be broken down into:

  1. MySQL creates a database for storing and manipulating data, defining the relationship of each table.

  2. Clients make requests using specific statements in SQL.

  3. The server responds with the requested information.

MySQL runs on platforms like Linux and Windows. It is commonly the backend database for websites and forms an essential component of the LAMP stack: Linux, Apache, MySQL and PHP.

🦈
🖥️
here