This is a write-up for another TryHackMe’s rooms named “Lunizz CTF”. This room is available here:
As always lets starts our enumeration process to find out what services are running on the target.
Enumeration
NMAP
# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p- 10.10.190.71
┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -sS -Pn -T4 -p- 10.10.190.71 130 ⨯
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-24 16:34 EST
Nmap scan report for 10.10.190.71
Host is up (0.024s latency).
Not shown: 65530 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
4444/tcp open krb524
5000/tcp open upnpNmap done: 1 IP address (1 host up) scanned in 13.41 seconds
# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p22,80,3306,4444,5000 10.10.190.71
┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -O -A -Pn -T4 -p22,80,3306,4444,5000 10.10.190.71…