CAS Cybersecurity

Start
Reconnaissance
- Opensource Intelligence
Docker basics and Images
Scanning and Enumeration
Vulnerability Scanning and Analysis
Exploitation
Man in the Middle
- ARP Cache poisoning
- RDP MitM Exercise
Windows Hacking
- Throwback Network
- WinAttack LAB
Web Application Security
- Burp Proxy Introduction
- DVWA
CTF and Crypto Exercises
Threat Intelligence
Forensic Exercises
Malware Analysis
Android Malware
Forensic Readiness
Live Response

Powered by GitBook

On this page

Was this helpful?

Windows Hacking

Throwback Network

Entering the breach

Exploring systems and services

PreviousThrowback Network NextExploring the caverns

Last updated 3 years ago

Was this helpful?

Entering the breach

Your attack team has run initial reconnaissance on the target: Throwback Hacks Security. They find that there are 3 machines that are publicly facing: THROWBACK-PROD, THROWBACK-FW01, and THROWBACK-MAIL. Your team has informed you that these assets are publicly accessible, it is your job to perform additional reconnaissance on these machines and find the way in. To accomplish this, we'll be learning to use the tool nmap.

Actual NW Range: 10.200.136.0 /24

Nmap Command:

nmap -sV -sC -p- -v -oA full_scan 10.200.136.0/24 --min-rate 5000

xsltproc full_scan.xml -o full_scan.html

Identifying Assets and finding the attack surface

Enumerating THROWBACK-PROD Scans

When enumerating the nmap scan we find many open ports as well as a leaked domain name.

We also find that port 80 is running an IIS server this is good to note to visit and enumerate later.

Enumerating THROWBACK-MAIL Scans

We find that THROWBACK-MAIL is a Linux box running an Apache server on port 80 running a login page.

Enumerating THROWBACK-FW01 Scans

When looking at the scans we see that the box is more than likely running a pfSense firewall with a public pfSense login.

Questions

Entering the breach
Identifying Assets and finding the attack surface
Questions