Attacking Enterprise Networks (External Information Gathering)

Hello All,

I’m starting the Attacking Enterprise Networks module and am having trouble with the first question:

“Perform a banner grab of the services listening on the target host and find a non-standard service banner. Submit the name as your answer (format: word_word_word)”

Well, first of all all of the ports that return open for the target are for standard services on standard ports, such as pop3 on port 110, rpcbind on port 111 etc. I did an nmap scan with the banner script to return the banners for open ports. Then used the banner grab egrep command from the github cheat sheet but I’m not seeing how these results will help me answer the question.

I don’t want the answer, I just want pushed in the right direction.

Thanks

Did you scan both UPD and TCP?

Yes, I see 11 TCP ports open and 3 UDP ports. I scanned for all ports using “-p-” and was only seeing TCP ports at first. When you asked if I scanned for both protocols, I scanned specifically for UDP ports and banners using “–script=banner” which showed port 53, 68, & 111 open and the services.

I tried submitting domain_dhcpc_rpcbind as my answer but that wasn’t it. I figured it wouldn’t be because these are only service names and not banners. Banners aren’t showing for UDP ports.

Jeez, I finally got it lol it literally says unknown banner smh

2 Likes

■■■, the first question is the worst. To save everyone a heap of time, just look at the output for the aggressive scan closely…

Here is a haiku to help if you get really stuck

It’s not DNS
There’s no way it’s DNS
It was DNS

And if you’re still stuck look at the banner for 53/tcp

Hey can you tell me hint for FQDN ??? It’s been 2 hour i stuck in third question. I can’t find anything for FQDN of associated subdomain

Regarding the question “What is the FQDN of the associated subdomain?” Do you have the answer? I feel like this question is bullshit

Ps.flag