Skip to content

Network Security Banner

Network Security Logo

Network Security

This guide contains the answer and steps necessary to get to them for the Network Security room.

Table of contents

Introduction

  1. What type of firewall is Windows Defender Firewall?

As the Windows Defender Firewall is a software tool, it is a host firewall as the text suggests.

Click for answerHost firewall

Methodology

  1. During which step of the Cyber Kill Chain does the attacker gather information about the target?

This would be during the first step. The name can be found in the text.

Click for answerRecon

Practical Example of Network Security

In this task, we will look at a practical example of the Cyber Kill Chain.

  1. What is the password in the secret.txt file?

After an nmap scan with nmap -sV 10.10.39.25, we find various services that are open.

Nmap

One of them is FTP. We can try to log in with anonymous credentials.

ftp anonymous@10.10.39.25

FTP Login

Looks like anonymous login was indeed enabled. We can now download the file we find using get. However, downloading multiple files can be down easier.

wget *.*

FTP Download

The txt and epub files didn't contain anything interesting for us. The secret.txt file, however, seems to have a passwordt.

Secret Files

Click for answerABC789xyz123

  1. What is the content of the flag.txt in the /root directory?

Maybe the password we found belongs to the root user. We can try and login through SSH.

ssh root@10.10.39.25

SSH Root

Success! Now lets find the flag in the root folder.

Root Flag

Click for answerTHM{FTP_SERVER_OWNED}

  1. What is the content of the flag.txt in the /home/librarian directory?

Eventhough we known the username, we can look up the available accounts using ls -lh /home. Then we can navigate to that account and find the flag.

User Flag

Click for answerTHM{LIBRARIAN_ACCOUNT_COMPROMISED}