Attacking Common Services - Medium

I’ve been trying to figure this one out for ~2 weeks.

  • I tried brute forcing SSH and FTP.
  • I tried enumerating usernames using smtp-user-enum on ports 110 and 995 using the provided usernames list and another bigger list.
  • I found a zone transfer, but couldn’t get anywhere from there.
  • I even tried enumerating the subdomains.

I feel like DNS is the entry point, but I am out of ideas. Could someone please help?

Have you found a username?

1 Like

No, unfortunately. Am I supposed to use the provided userlist or something else?

The clue is to accuratly enumerate a nonstandard open port.


Thank you. It was pretty straightforward after scanning all ports :slight_smile:

1 Like

Would anyone be able to help provide a nudge for this? I feel like I’m missing something obvious, but I don’t seem to be getting anywhere with the 4 ports showing as open for this. I’ve done all of the same checks as the OP and found an interesting sounding subdomain, but nothing past that.

Hi. Are we supposed to brutefore the nonstandard port? I’ve tried that and still got nothing