Footprinting Lab - Hack The Box - Easy

 

The first lab from Foot-printing module has the following description:

We were commissioned by the company Inlanefreight Ltd to test three different servers in their internal network. The company uses many different services, and the IT security department felt that a penetration test was necessary to gain insight into their overall security posture.

The first server is an internal DNS server that needs to be investigated. In particular, our client wants to know what information we can get out of these services and how this information could be used against its infrastructure. Our goal is to gather as much information as possible about the server and find ways to use that information against the company. However, our client has made it clear that it is forbidden to attack the services aggressively using exploits, as these services are in production.

Additionally, our teammates have found the following credentials "ceil:qwer1234", and they pointed out that some of the company's employees were talking about SSH keys on a forum.

The administrators have stored a flag.txt file on this server to track our progress and measure success. Fully enumerate the target and submit the contents of this file as proof.

Moving forward to the enumeration, a secondary FTP was identified at port 2121 with the word Ceil in the banner.

After testing the FTP service on port 2121, it was possible to establish a connection.

On the FTP server, an SSH key was found in the .ssh directory.

The next step would be to download it and use it for the SSH connection.

Once downloaded, set the appropriate file permissions with chmod, and then use the SSH command, specifying the key with the -i option. 

Finally, the flag.txt file located at /home/flag had read and write permissions for the ceil account.

Last but not least, the content of the flag.

Thanks for reading!