☎️
Contrxl
  • 🏡Home
  • ❓Anonymity Tools
  • ⌨️Cisco
    • Networking Basics
      • Communication in a Connected World
      • Network Components, Types and Connections
      • Wireless and Mobile Networks
      • Home Networking Technologies
      • Communication Protocols
      • Network Media
      • The Access Layer
      • The Internet Protocol
      • IPv4 and Network Segmentation
  • 💾Intune
    • ADMX Configuration
    • App Deployment
    • App Updating/Patching
    • File Deployment
    • Remediations
  • 🎓Learning Links
  • 💻Microsoft
    • 📘Microsoft Portal Links
    • Configure SIEM Security Operations using Microsoft Sentinel
      • Create and Manage Microsoft Sentinel Workspaces
        • Introduction
        • Plan for the Microsoft Sentinel Workspace
        • Create a Microsoft Sentinel Workspace
        • Manage Workspaces Across Tenants Using Azure Lighthouse
        • Understand Microsoft Sentinel Permissions and Roles
        • Manage Microsoft Sentinel Settings
        • Configure Logs
  • 📰News & Information
  • 💡OSINT
    • IP & Domain OSINT
    • Email & Username OSINT
    • Vulnerability OSINT
  • 📚Projects
    • ‼️A Simulation Study of DDoS
  • ⚒️Tools
    • Burp Suite
      • Repeater
      • Intruder
      • Other Modules
    • GoPhish
    • Hydra
    • John the Ripper
    • Metasploit
      • Exploitation
      • Meterpreter
    • NMAP
    • Wireshark
  • 🖥️TryHackMe
    • Learning Paths
      • Complete Beginner
        • 1. Complete Beginner Intro
        • 2. Linux Fundamentals
        • 3. Introductory Networking
        • 3.1 Network Exploitation Basics
        • 4. OWASP Top 10 Exploits
        • 5. Upload Vulnerabilities
        • 5.1 An Example Methodology
        • 6. Cryptography - Hashing
        • 7. Cryptography - Encryption
        • 8. Active Directory Basics
        • 9. What the Shell?
        • 10. Linux Privesc
        • 11. More Linux Privesc
      • Jr Penetration Tester
        • Walking an Application
        • Content Discovery
        • Subdomain Enumeration
        • Authentication Bypass
        • IDOR
        • File Inclusion
        • SSRF
        • XSS (Cross-site Scripting)
        • Command Injection
        • SQL Injection
        • Passive Reconnaissance
        • Active Reconnaissance
        • Protocols and Servers
        • Protocol and Server Attacks
        • Vulnerabilities
        • Exploiting Vulnerabilities
        • Linux Privilege Escalation
        • Windows Privilege Escalation
      • CompTIA Pentest+
        • Planning and Scoping
          • Pentesting Fundamentals
          • Red Team Engagements
          • Governance and Regulation
        • Tools and Code Analysis
          • Metasploit: Introduction
          • Wireshark: The Basics
          • Burp Suite: The Basics
          • Hydra
          • Python Basics
        • Attacks and Exploits
          • Phishing
          • Windows Local Persistence
          • Breaching Active Directory
          • Lateral Movement & Pivoting
Powered by GitBook
On this page
  1. TryHackMe
  2. Learning Paths
  3. Complete Beginner

3.1 Network Exploitation Basics

Third section in Complete Beginner learning path.

An exploration of common network service vulnerabilities and misconfigurations.

SMB (Server Message Block)

SMB is a client-server communication protocol for sharing access to files, printers, serial ports and other resources. This is known as a response-request protocol, it transmits multiple messages between client and server to establish a connection. Clients connect to servers using TCP/IP, NetBEUI or IPX/SPX.

Once a connection is established, they can then send commands which allow acces to shares etc. Windows OS since Windows 95 includes support for SMB, Samba supports SMB on Unix systems.

Enum4Linux is a tool often used to enumerate SMB shares on Windows/Linux. This is installed by default on Parrot & Kali, or can be downloaded here. The syntax is as follows:

enum4linux [options] IP_ADDR

Options that can be used are:

-U : get userlist -M : get machine list -N : get namelist dump -S : get sharelist -P : get password policy info -G : get group and member list -a : perform all of the above

Syntax for making connections to SMB is:

smbclient //IP_ADDR/SHARE_NAME -U USERNAME -p PORT

TELNET

Telnet is an application protocol. Telnet is a remote connection tool which sends all messages in clear text, Telnet has now been replaced with SSH. Telnet connects to the server using the syntax:

telnet IP_ADDR PORT

Always remember to check for uncommon ports that Telnet may be running on.

FTP (File Transfer Protocol)

FTP allows the remote transfer of files over network. Typically, FTP uses a command and a data channel. The command channel is for transmitting commands and the data channel is for transferring data. FTP operates using a client-server protocol. While the FTP session is open it may execute FTP commands on the server.

FTP server may support active, passive or both connections. In active FTP, the client opens a port and listens. The server is required to actively connect. In passive FTP, the server opens a port and passively listens, the client must connect to it.

Both command and data channels are unencrypted with default FTP, making it vulnerable to man-in-the-middle attacks.

NFS (Network File System)

Allows a system to share directories and files with others over a network. NFS allows access to remote files as if they were local, this is achieved by mounting the file system on a server.

The client will request to mount a directory from a remote host on a local directory the same way it does a physical device. The mount service then connects to the relevant mount daemon using RPC. The server will check if the user has correct permissions to mount the requested directory and return a file handled which identifies each file & directory on the server.

To access a file, an NFS, an RPC called is placed to NFSD (the NFS daemon) on the server. The call takes parameters such as:

  • The file handle

  • The name of the file to be accessed

  • The user's, user ID

  • The user's group ID

By default, NFS shares have root squashing enabled, this prevents anyone connecting from having root access to the NFS volume. Remote users are assigned the "nfsnobody" user. If this is turned off it can allow the creation of SUID bit files, allowing root access.

An SUID bit means a file or files can be run with the permissions of the file owner/group. The following command will set the SUID bit:

sudo chmod +s FILE

SMTP (Simple Mail Transfer Protocol)

SMTP is used to handle the sending of emails. To support email services, a protocol pair is required, comprising of SMP & POP/IMAP. SMTP servers allow three basic functions:

  • Verifies who is sending emails via SMTP

  • Sends outgoing mail

  • If outgoing mail can't be delivered, returns it to sender

POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) are protocols responsible for transfer of email between client and mail server. POP downloads the inbox from the mail server to the client, whereas IMAP synchronises the current inbox with new mail on the server, downloading anything new. This means that any changes made on one computer, over IMAP, will persist when the inbox is synchronised from another computer.

SMTP works as follows:

  1. The mail user agent connects to your domain's SMTP server e.g. smtp.google.com. This begins the SMTP handshake, usually over port 25. Once this is established and validated, the session starts.

  2. The process of sending can now begin, the client submits the sender and recipient email address, the body of the email and any attachments to the server.

  3. The SMTP server checks if the sending and receiving domain names are the same.

  4. The SMTP server of the sender connects to the recipients SMTP server, if this can't be accessed, the mail is put into an SMTP queue.

  5. The receiving SMTP server verifies the incoming email by checking if the domain and user name have been recognised. The server then forwards the email to the POP or IMAP server.

  6. The email appears in the recipients inbox.

Poorly configured SMTP servers can provide footholds into networks. The SMTP service has two internal commands that allow enumeration of users: VRFY (confirm names of valid users) and EXPN (shows address of user's aliases and lists of e-mail).

MySQL

Relational Database Management System (RDBMS) based on Structured Query Language (SQL).

A database is a persistent, organised collection of structured data. RDBMS is a software used to create and manage databases on a relational model. Every table relates to another tables "primary key" or other "key factors". MySQL is a brand name for a popular RDBMS software implementation. Other products also exist like PostgreSQL and MicrosoftSQL, this signifies their use of SQL.

MySQL is made up of the server and utility programs that help administer MySQL databases. The server handles all database instructions like creating, editing and accessing data. The process can be broken down into:

  1. MySQL creates a database for storing and manipulating data, defining the relationship of each table.

  2. Clients make requests using specific statements in SQL.

  3. The server responds with the requested information.

MySQL runs on platforms like Linux and Windows. It is commonly the backend database for websites and forms an essential component of the LAMP stack: Linux, Apache, MySQL and PHP.

Last updated 11 months ago

🖥️
  • SMB (Server Message Block)
  • TELNET
  • FTP (File Transfer Protocol)
  • NFS (Network File System)
  • SMTP (Simple Mail Transfer Protocol)
  • MySQL