TryHackMe: Advent of Cyber 2 [Day 8] What’s Under the Christmas Tree?

Room: Advent of Cyber 2

Difficulty: Beginner

After a few months of probation, intern Elf McEager has passed with glowing feedback from Elf McSkidy. During the meeting, Elf McEager asked for more access to The Best Festival Company’s (TBFC’s) internal network as he wishes to know more about the systems he has sworn to protect.

Elf McSkidy was reluctant to agree. However, after Elf McEager’s heroic actions in recovering Christmas, Elf McSkidy soon thought this was a good idea. This was uncharted territory for Elf McEager — he had no idea how to begin finding out this information for his new responsibilities. Thankfully, TBFC has a wonderful up-skill program covering the use of Nmap for ElfMcEager to enroll in.

Question #1 When was Snort created?

This one just needed a quick Google search to see that Snort was created in 1998:

Question #2 Using Nmap on 10.10.129.156, what are the port numbers of the three services running? (Please provide your answer in ascending order/lowest -> highest, separated by a comma)

I started by doing an nmap scan of that IP address:

The three open ports reflected here are a web server on 80, SSH on 2222, and a remote desktop connection on 3389.

Question #5 Use Nmap to determine the name of the Linux distribution that is running, what is reported as the most likely distribution to be running?

Looking at the above scan results, there are several mentions of Ubuntu.

Question #6 Use Nmap's Network Scripting Engine (NSE) to retrieve the "HTTP-TITLE" of the webserver. Based on the value returned, what do we think this website might be used for?

Again using the original scan as a guide, focusing on the web server (port 80), look closely at the HTTP-title section. This shows that it is being used as a blog.

Happy Hacking! ❤