学习成果
在第一层,您将获得网络安全笔测试领域的基本技能。您将首先学习如何匿名连接到各种服务,例如 FTP、SMB、Telnet、Rsync 和 RDP。接下来,您将发现 Nmap 的强大功能,它是一个有价值的工具,用于识别目标系统上的开放端口,使您能够评估其漏洞。最后,您将探索连接到 MongoDB 服务器,为您的渗透测试知识添加有价值的一层。此级别将为您进入网络安全领域奠定坚实的基础。
- 了解如何匿名连接 FTP、SMB、Telnet、Rsync 和 RDP。
- 了解如何使用 Nmap 识别开放端口。
- 了解如何连接到 MongoDB 服务器。
VM 缩写代表什么?
TASK 1
What does the acronym VM stand for?
Virtual Machine
Show Answer
TASK 2
What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It’s also known as a console or shell.
terminal
Hide Answer
TASK 3
What service do we use to form our VPN connection into HTB labs?
openvpn
Hide Answer
TASK 4
What tool do we use to test our connection to the target with an ICMP echo request?
ping
Hide Answer
TASK 5
What is the name of the most common tool for finding open ports on a target?
nmap
Hide Answer
TASK 6
What service do we identify on port 23/tcp during our scans?
telnet
Hide Answer
TASK 7
What username is able to log into the target over telnet with a blank password?
root
Hide Answer
SUBMIT FLAG
Submit root flag
b40abdfe23665f766f9c61ecba8a4c19
Hide Answer
TASK 1
What does the 3-letter acronym FTP stand for?
File Transfer Protocol
Hide Answer
TASK 2
Which port does the FTP service listen on usually?
21
Hide Answer
TASK 3
What acronym is used for the secure version of FTP?
SFTP
Hide Answer
TASK 4
What is the command we can use to send an ICMP echo request to test our connection to the target?
ping
Hide Answer
TASK 5
From your scans, what version is FTP running on the target?
vsftpd 3.0.3
Hide Answer
TASK 6
From your scans, what OS type is running on the target?
Unix
Hide Answer
TASK 7
What is the command we need to run in order to display the ‘ftp’ client help menu?
ftp -h
Hide Answer
TASK 8
What is username that is used over FTP when you want to log in without having an account?
anonymous
Hide Answer
TASK 9
What is the response code we get for the FTP message ‘Login successful’?
230
Hide Answer
TASK 10
There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.
ls
Hide Answer
TASK 11
What is the command used to download the file we found on the FTP server?
get
Hide Answer
SUBMIT FLAG
Submit root flag
035db21c881520061c53e0536e44f815
Hide Answer
TASK 1
What does the 3-letter acronym SMB stand for?
Server Message Block
Hide Answer
TASK 2
What port does SMB use to operate at?
445
Hide Answer
TASK 3
What is the service name for port 445 that came up in our Nmap scan?
microsoft-ds
Hide Answer
TASK 4
What is the ‘flag’ or ‘switch’ that we can use with the smbclient utility to ‘list’ the available shares on Dancing?
-L
Hide Answer
TASK 5
How many shares are there on Dancing?
4
Hide Answer
TASK 6
What is the name of the share we are able to access in the end with a blank password?
WorkShares
Hide Answer
TASK 7
What is the command we can use within the SMB shell to download the files we find?
get
Hide Answer
SUBMIT FLAG
Submit root flag
5f61c10dffbc77a704d76016a22f1664
Hide Answer
TASK 1
Which TCP port is open on the machine?
6379
Hide Answer
TASK 2
Which service is running on the port that is open on the machine?
redis
Hide Answer
TASK 3
What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database
In-memory Database
Hide Answer
TASK 4
Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments.
redis-cli
Hide Answer
TASK 5
Which flag is used with the Redis command-line utility to specify the hostname?
-h
Hide Answer
TASK 6
Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server?
info
Hide Answer
TASK 7
What is the version of the Redis server being used on the target machine?
5.0.7
Hide Answer
TASK 8
Which command is used to select the desired database in Redis?
select
Hide Answer
TASK 9
How many keys are present inside the database with index 0?
4
Hide Answer
TASK 10
Which command is used to obtain all the keys in a database?
keys *
Hide Answer
SUBMIT FLAG
Submit root flag
03e1d2b376c37ab3f5319922053953eb
Hide Answer
TASK 1
What does the 3-letter acronym RDP stand for?
Remote Desktop Protocol
Hide Answer
TASK 2
What is a 3-letter acronym that refers to interaction with the host through a command line interface?
CLI
Hide Answer
TASK 3
What about graphical user interface interactions?
GUI
Hide Answer
TASK 4
What is the name of an old remote access tool that came without encryption by default and listens on TCP port 23?
telnet
Hide Answer
TASK 5
What is the name of the service running on port 3389 TCP?
ms-wbt-server
Hide Answer
TASK 6
What is the switch used to specify the target host’s IP address when using xfreerdp?
/v:
Hide Answer
TASK 7
What username successfully returns a desktop projection to us with a blank password?
Administrator
Hide Answer
SUBMIT FLAG
Submit root flag
951fa96d7830c451b536be5a6be008a0
Hide Answer
TASK 1
Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.
dir busting
Hide Answer
TASK 2
What switch do we use for nmap’s scan to specify that we want to perform version detection
-sV
Show Answer
TASK 3
What does Nmap report is the service identified as running on port 80/tcp?
http
Hide Answer
TASK 4
What server name and version of service is running on port 80/tcp?
nginx 1.14.2
Hide Answer
TASK 5
What switch do we use to specify to Gobuster we want to perform dir busting specifically?
dir
Hide Answer
TASK 6
When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?
-x php
Hide Answer
TASK 7
What page is found during our dir busting activities?
admin.php
Hide Answer
TASK 8
What is the HTTP status code reported by Gobuster for the discovered page?
200
Hide Answer
SUBMIT FLAG
Submit root flag
后台登录密码admin admin
6483bee07c1c1d57f14e5b0717503c73
Hide Answer
TASK 1
How many TCP ports are open on the machine?
2
Show Answer
TASK 2
Which service is running on port 27017 of the remote host?
MongoDB 3.6.8
Hide Answer
TASK 3
What type of database is MongoDB? (Choose: SQL or NoSQL)
NoSQL
Hide Answer
TASK 4
What is the command name for the Mongo shell that is installed with the mongodb-clients package?
mongo
Hide Answer
TASK 5
What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing 😉
show dbs
Hide Answer
TASK 6
What is the command used for listing out the collections in a database? (No need to include a trailing 😉
show collections
Hide Answer
TASK 7
What is the command used for dumping the content of all the documents within the collection named flag in a format that is easy to read?
db.flag.find().pretty()
Hide Answer
SUBMIT FLAG
Submit root flag
1b6e6fb359e7c40241b6d431427ba6ea
Hide Answer
TASK 1
What is the default port for rsync?
873
Hide Answer
TASK 2
How many TCP ports are open on the remote host?
1
Hide Answer
TASK 3
What is the protocol version used by rsync on the remote machine?
31
Hide Answer
TASK 4
What is the most common command name on Linux to interact with rsync?
rsync
Hide Answer
TASK 5
What credentials do you have to pass to rsync in order to use anonymous authentication? anonymous:anonymous, anonymous, None, rsync:rsync
None
Hide Answer
TASK 6
What is the option to only list shares and files on rsync? (No need to include the leading – characters)
list-only
Hide Answer
SUBMIT FLAG
Submit root flag
72eaf5344ebb84908ae543a719830519
Hide Answer