Attacking Common Services - Medium

Would anyone be able to help provide a nudge for this on finding the initial username? I feel like I’m missing something obvious, but I don’t seem to be getting anywhere with the 4 ports showing as open for this. I’ve been able to perform a zone transfer and tried to brute force the domains returned, but haven’t gotten anywhere with it.

I’ve seen it mentioned in other threads that there should be an non-standard port that stands out, which I took to mean it would not be one normally seen in the top 1000 by nmap, but I haven’t been able to find any other than the 4 mentioned above that are all relatively common.

Yes, there is a service that does not run on a standard port. Maybe you have to restart the lab and run a scan again with NMAP.
Maybe wait a few minutes after starting the lab.

6 Likes

Thanks. For some reason I had to restart the lab several times before those ports showed up, but I got it now.

1 Like

Hi
Thats few days I’m trying to run on that one. Found 6 open ports, found a file in one of these, with name s*****.
Used the name to try and brute passwords for services where it was possible.
Tried bigger lists for brute but the 90min elusive target makes it an obvious no-go.
Am I missing something ?
edit : Forget it … I need more sleep :clown_face:
Thx

I finished the hard lab the questions provided info, this ‘blackbox’ medium lab is putting me in brute force h word. I have to nmap/respawn severel times to get the ‘other’ service to show as open. Any hints?

judging from the comments there’s an anonymous login somewhere I guess, I’m going back to the footprinting module for clues

got it

Apparently
HTB suggest that you wait up to 5 minutes after target spawns to get full access to all avaible services/ports.

1 Like

Hi i found the username and im brute frocing everything didn’t get my way in any hints please kinda stuck

Did you find the mynotes.txt file?

1 Like

nvm i need to sleep xD

1 Like

finally :slight_smile: i love this machine because first time i completed a machine within 5mins
–>run rustscan or nmap -p- for all ports
→ run nmap with default scipts on openports you need to observe output carefully
→ connect to ssh using hydra

4 Likes

in ftp simon is a directory, cd Simon. you will find the wordlists there.

I’m stuck on the “Attacking Common Services - Medium” skill assessment as well. Found common service running on not standard port 2***. I tried anonymous login, nmap scripts, and brute-forcing with various lists even the ones provided in the resources with no luck.
Some tips would be greatly appreciated.

I managed to solve this after multiple target restarts the missing port appeared.
Here is a small tip for anyone that might have the same problem as I had: There should be 6 open TCP ports

4 Likes

Just a heads up for people coming here too early, make sure you leave at least 5 MINUTES before running your first nmap -p- scan… that is a key here!

1 Like

I am stuck how to login FTP server…
I used ftp command, it can access.
open <IP address> 2121
I have tried brute-forcing with hydra and module resources (users.list & pws.list ), but can not find valid credential…
How do I get user-name and password on FTP?

Here’s a nudge: you should at least see 5 total ports or more. in this case, consider resetting the machine.

2 Likes

Thank you very much :smiley:
resolved it.
I lost a little time…

THANKS

At last ! well this challenge require thinking about connecting the missing link… so somethings are obvious but you may have miss it… always think in all possible directions… think of what you are using as a list and what you’ve missed… everything has already been discussed on the forum… just think smart :slight_smile:

1 Like

Medium lab was much easier than easy werid

2 Likes