https://tryhackme.com/room/wreath
Overview:
We were recently approached by a friend who requested our expertise in performing a penetration test on their small network. This particular network consists of three computers, each having a unique role within the system. Notably, one of these devices is exposed to the public with a public-facing IP address. Additionally, the network is equipped with a Git server, which increases the complexity of the task at hand. As we delve into this task, we aim to identify any potential vulnerabilities that could be exploited and propose solutions to secure this network further.
Penetration Testing Scope:
The scope of this penetration test is specifically confined to a single public IP address, which is 10.200.101.200.
This scope not only covers the public-facing system but also encompasses all the internal devices that are interconnected to it. This means that any device that communicates or shares a network with this specified IP address will be included in our penetration test, contributing to a comprehensive and thorough security assessment.
The following command was executed in order to scan the public facing server:
nmap -p-15000 -vv 10.200.101.200 -oG initial-scan
As shown in the previous screenshot, Nmap flags four ports as open, while it flags port 9090 (Zeus-Admin) as closed.
Using Nmap With Service Detection On The Public Web Facing Server
Once I disclosed that the public-facing server has 4 open ports, I proceeded to run the Nmap tool again, this time using Service detection mode.
The Command that was executed is the following:
nmap -p-15000 -sV 10.200.101.200 -oG initial-scan
As can be seen in the screenshot provided above, after a thorough analysis, the operating system that was detected on the public-facing server during our penetration test is CentOS.