Network Security
This guide contains the answer and steps necessary to get to them for the Network Security room.
Table of contents
Introduction
- What type of firewall is Windows Defender Firewall?
As the Windows Defender Firewall is a software tool, it is a host firewall as the text suggests.
Click for answer
Host firewall
Methodology
- During which step of the Cyber Kill Chain does the attacker gather information about the target?
This would be during the first step. The name can be found in the text.
Click for answer
Recon
Practical Example of Network Security
In this task, we will look at a practical example of the Cyber Kill Chain.
- What is the password in the secret.txt file?
After an nmap scan with nmap -sV 10.10.39.25
, we find various services that are open.
One of them is FTP. We can try to log in with anonymous credentials.
Looks like anonymous login was indeed enabled. We can now download the file we find using get
. However, downloading multiple files can be down easier.
The txt and epub files didn't contain anything interesting for us. The secret.txt file, however, seems to have a passwordt.
Click for answer
ABC789xyz123
- What is the content of the flag.txt in the /root directory?
Maybe the password we found belongs to the root user. We can try and login through SSH.
Success! Now lets find the flag in the root folder.
Click for answer
THM{FTP_SERVER_OWNED}
- What is the content of the flag.txt in the /home/librarian directory?
Eventhough we known the username, we can look up the available accounts using ls -lh /home
. Then we can navigate to that account and find the flag.
Click for answer
THM{LIBRARIAN_ACCOUNT_COMPROMISED}