【TryHackMe】Active Reconnaissance：Walkthrough

概要

TryHackMe「Active Reconnaissance」のWalkthroughです。

Task2

Q1.Browse to the following website and ensure that you have opened your Developer Tools on AttackBox Firefox, or the browser on your computer. Using the Developer Tools, figure out the total number of questions.

Hint.Locate the JavaScript file script.js. Inspect the file and figure out the total number of questions.

下記サイトへアクセスします。

開発者モードのNetworkタブからscript.jsの読み込みを確認できたのでソースコードを確認します。

script.js

let questions = {
    1   :   {
        'speaking'  :  'alice',
        'answer_1'  :  'SYN : Can you hear me Bob?',
        'answer_2'  :  'FIN : Goodbye',
        'answer_3'  :  'ACK : Erm... What?',
        'answer'    :   1
    },
    2   :   {
        'speaking'  :  'bob',
        'answer_1'  :  'RST : Cya Later',
        'answer_2'  :  'PING : 77',
        'answer_3'  :  'SYN/ACK : Yes, I can hear you!',
        'answer'    :   3
    },
    3   :   {
        'speaking'  :  'alice',
        'answer_1'  :  'FAIL : SEGMENTATION FAULT',
        'answer_2'  :  'ACK : Okay Great',
        'answer_3'  :  'SYN : x = 3?',
        'answer'    :   2
    },
    4   :   {
        'speaking'  :  'alice',
        'answer_1'  :  'ICMP : 99',
        'answer_2'  :  'SYN : Yes, I can hear you!',
        'answer_3'  :  'DATA : Cheesecake is on sale!',
        'answer'    :   3
    },
    5   :   {
        'speaking'  :  'bob',
        'answer_1'  :  'ACK : I Hear ya!',
        'answer_2'  :  'REPEAT : What?',
        'answer_3'  :  'RESET : Help!',
        'answer'    :   1
    },
    6   :   {
        'speaking'  :  'alice',
        'answer_1'  :  'ACK : OK',
        'answer_2'  :  'FIN/ACK : I\'m all done',
        'answer_3'  :  'ECHO : Retry',
        'answer'    :   2
    },
    7   :   {
        'speaking'  :  'bob',
        'answer_1'  :  'SYN : Received',
        'answer_2'  :  'WIRE : Reset Connection',
        'answer_3'  :  'FIN/ACK : Yeah Me Too',
        'answer'    :   3
    },
    8   :   {
        'speaking'  :  'alice',
        'answer_1'  :  'SYN : Connected',
        'answer_2'  :  'ACK : Okay, Goodbye',
        'answer_3'  :  'SYN/ACK : Not Received',
        'answer'    :   2
    }
}

A.8

Task3

Q1.Which option would you use to set the size of the data carried by the ICMP echo request?

Hint.Use the "man ping" command to consult ping's manual pages.

man pingでオプションを確認します。

A.-s

Q2.What is the size of the ICMP header in bytes?

Hint.Use the "man ping" command to consult ping's manual pages.

man pingで確認すると、ICMP header dataが8 bytesだと分かりました。

A.8

Q3.Does MS Windows Firewall block ping by default? (Y/N)

A.Y

Q4.Deploy the VM for this task and using the AttackBox terminal, issue the command ping -c 10 MACHINE_IP. How many ping replies did you get back?

ターゲットマシンにICMPパケットを10回送信し、10回返ってきました。

# ping -c 10 10.10.175.178
PING 10.10.175.178 (10.10.175.178) 56(84) bytes of data.
64 bytes from 10.10.175.178: icmp_seq=1 ttl=64 time=0.819 ms
64 bytes from 10.10.175.178: icmp_seq=2 ttl=64 time=0.904 ms
64 bytes from 10.10.175.178: icmp_seq=3 ttl=64 time=0.544 ms
64 bytes from 10.10.175.178: icmp_seq=4 ttl=64 time=0.817 ms
64 bytes from 10.10.175.178: icmp_seq=5 ttl=64 time=0.574 ms
64 bytes from 10.10.175.178: icmp_seq=6 ttl=64 time=0.704 ms
64 bytes from 10.10.175.178: icmp_seq=7 ttl=64 time=0.847 ms
64 bytes from 10.10.175.178: icmp_seq=8 ttl=64 time=0.696 ms
64 bytes from 10.10.175.178: icmp_seq=9 ttl=64 time=0.860 ms
64 bytes from 10.10.175.178: icmp_seq=10 ttl=64 time=0.837 ms

--- 10.10.175.178 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9217ms
rtt min/avg/max/mdev = 0.544/0.760/0.904/0.119 ms

A.10

Task4

Q1.In Traceroute A, what is the IP address of the last router/hop before reaching tryhackme.com?

Hint.If there is more than one IP address, provide the first one that responded.

A.172.67.69.208

Q2.In Traceroute B, what is the IP address of the last router/hop before reaching tryhackme.com?

Hint.If there is more than one IP address, provide the first one that responded.

A.104.26.11.229

Q3.In Traceroute B, how many routers are between the two systems?

A.26

Q4.Start the attached VM from Task 3 if it is not already started. On the AttackBox, run traceroute 10.10.127.143. Check how many routers/hops are there between the AttackBox and the target VM.

Hint.If traceroute is not installed, you can install it with apt install traceroute.

AttackBoxからのホップ数は1でした。

# traceroute 10.10.127.143
traceroute to 10.10.127.143 (10.10.127.143), 30 hops max, 60 byte packets
 1  ip-10-10-127-143.eu-west-1.compute.internal (10.10.127.143)  1.379 ms *  1.338 ms

Task5

Q1.Start the attached VM from Task 3 if it is not already started. On the AttackBox, open the terminal and use the telnet client to connect to the VM on port 80. What is the name of the running server?

Telnetで80番ポートに接続すると、レスポンスからサーバーが分かりました。

# telnet 10.10.127.143 80
Trying 10.10.127.143...
Connected to 10.10.127.143.
Escape character is '^]'.
GET / HTTP/1.1
host: telnet 

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 12:48:30 GMT
Server: Apache/2.4.61 (Debian)
Last-Modified: Mon, 30 Aug 2021 12:09:24 GMT
ETag: "15-5cac5b436ddfa"
Accept-Ranges: bytes
Content-Length: 21
Content-Type: text/html

A.Apache

Q2.What is the version of the running server (on port 80 of the VM)?

A.2.4.61

Task6

Q1.Start the VM and open the AttackBox. Once the AttackBox loads, use Netcat to connect to the VM port 21. What is the version of the running server?

Netcatでターゲットサーバーの21番ポートに接続するとバージョンが分かりました。

$ nc 10.10.234.119 21                     
220 ip-10-10-234-119.eu-west-1.compute.internal FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready.

A.0.17