Footprinting Lab - Hard

Any hints on what to start from?
Tried all known logins/passwords in all combinations from previous labs with no luck.
SNMP ignores all v1/v2c requests so no entry points seen here as well…

maybe you have to enumerate in order to find the right SNMP community

My bad. Overlooked one obvious thing.
Thanks!

1 Like

Probably something is changed since this post was written. I can’t see any SNMP service on the target machine…
I am confused… maybe I need to look much more in the deep

Do you actually enumerate all the services over the target machine? Try to reread the SNMP section. You probably overlooked something in the enumeration process.

Oops, now it’s ok. My fault to do not update the post before. Completed

I feel like a got all the services but have no grasp on how to obtain any credentials for anything on this one. Anyone able to PM for a little hint :slight_smile:

I found some credentials on the SNMP service but now that I’m in the ssh server i don’t know how to escalate the privileges to root account, can somebody help me?

When you ssh to the server. Do you notice any files (plural) right away that might give away some other services you can gain informations from? remember to do ls -la to show all files.

Thank you i found it

I am using Nmap for enumeration, but there is not any SNMP server . how can i find it ?

I understand you are scanning TCP ports, but have you scanned UDP ports? Think that in the HTB Academy theory it says that the SNMP service works under a UDP port .

snmpwalk -v2c -c public 10.129.202.20 i tried this,but no response from target. i enumerated and you are right there is port 161 open but what should be next step?

It may be that the “public” comunity string is not valid for the SNMP service. Have you tried to find another comunity string? In the HTB Academy theory there is a command that helps you to search for valid comunity srtings and clearly indicates which SecLists wordlist you have to use.

Yes my friend i went ahead now i find PRIVAT key in toms inbox. and when im trying to use for ssh -i /home/htb-ac452153/Desktop/a.txt tom@10.129.202.20 like that it writes invalid format

Change the name to “id_rsa” and don’t forget to give the necessary permissions to that private key.

I did it now im an navigating in ssh here is too much files to check :smiley:

i see a .mysql_history file so i assume i can login to mysql server but when i try it seems that there is no SQL server running. Any hint?

Did you find the fight credentials? This might not be the only file that is helpful in you journey

  • I list all files (including hidden ones) from the user tom home directory but i can’t find anything going through every single files and directory could it be in a different user directory?