Enumeration

Start here: Sign into https://session.luhack.uk, and launch the “Attacker terminal”

We have been receiving suspicious reports from agents in the People’s Republic of Damnonia. It sounds like troops are being moved around, but it’s unclear whether this is yet another internal reshuffle, or preparations for something bigger…

Take a closer look at the services we have found, and see what you can find.

Web

Use this in your browser (with cookies)

or http://target:80 in the attacker terminal.

What user can you identify on the login page?

What is the path that accidentally got directly exposed?

FTP

We also found an anonymous FTP server running on target, which we believe to be of military significance.

Rumours have been heard saying that the ground troops are particularly strong

How many reports concern the ground troops?

What other user is currently on the FTP server?

How many reports failed to be transferred?

DNS

while looking at traffic logs, we spotted their authoritative DNS server running on target:53 responding to requests.

In there, we saw gov.dn

Whats the IP of the mail server?

What is the internal sub-domain on gov.dn

give the fully qualified domain

What other government organisation shares that same infrastructure?

External DNS

We saw a request going out to compsoc-dev.com, but we lost what exactly was being requested.

Can you find whats interesting about that zone?

(Hint: dnssec)