28 Dec 2022
AoC is over once again. Prizes were not won, but at least fun was had, several new things were learned, and the dust was shaken off a few older things. I took a super easy question yesterday to keep the streak alive, and now I need to figure out where to go. Now that I’m a subscriber, I can go further in a learning path than I have before. The problem is I dodn’t remember what I started. I thought I hit the paywall and had pivoted to another learning path, but I’m not entirely sure now. At the moment, I’m on the comlete beginner path getting into the Network Services Room. I guess I’ll finish that and see where I end up.
SMB - Server Message Block protocol. Client-server comm protocol used for sharing access to files, printers, serial ports, and other reseources on a netwrok. Response-request protocol so multiple messages between client and server to establish connection. Uses NetBIOS over TCP/IP, NetBEUI, or IPX/SPX.
Windows post 95 includes SMB support, and Samba server provides support to Unix.
Already used my notes, and corrected some typos while doing so.
Enumeration - Process of gathering information on a target in order to find potential attack vectors and aid in exploitation. Essential for successful attacks, cuts down/eliminates wasted time on exploits that don’t match vulns or cause crashes. Also can gather usernames, passwords, network information, hostnames, application data, services, etc.
Use tool like nmap to to find out as much information as possible about services, applications, structure, and operating system of target.
Can use tools like Enum4Linux. E4L enumerates SMB shares on Windows and Linux systems. Installs from GitHub, but installed by default in Parrot and Kali. Syntax: enum4linux [options] ip.
| Options | |
|---|---|
| TAG | FUNCTION |
| -U | get userlist |
| -M | get machine list |
| -N | get namelist dump (different from -UI and -M) |
| -S | get sharelist |
| -P | get password policy information |
| -G | get group and member list |
| -a | get all above (full basic enumeration) |
Carry out enumeration process on task VM. Tried using THM’s Kali webmachine. E4L didn’t return certain information needed, but the Attackbox didn’t have any problems with the same scan. Not sure how to approach getting it looked into.