THM - Advent of Cyber [Day 10]

Today’s task involves a good review of some basic concepts such as IP addressing, network protocols, and common network ports. In my opinion, you can never have enough review of the basics. I’m a firm believer in repetition being the mother of all learning.

This task also deals with nmap, which is a network scanning tool that can help you figure out ports are open on a server and what services are on those ports. Typically this is one of the first steps taken in an active enumeration phase of a real world penetration test. Personally I’m a big fan of a tool called threader3000 that’s a multithreaded port scanner written in python. If anybody wants to give it a shot, you can download it on kali/parrot with pip3 install threader3000.

Here’s the results of the scan:

nmap -sT 10.10.242.160
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-10 11:04 EST
Nmap scan report for 10.10.242.160
Host is up (0.19s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 19.26 seconds

So we have two ports open, 80 and 22 running http and ssh respectively. The room wants us to run a couple of different nmap scans to compare to this one, and then research for a vulnerability in one of the services.

The task then gives us a link that we can do a little recon on to find out what CVE got patched in the 2.4.51 version of Apache. That’s pretty much it for the task today! Good information on using nmap.