Enumeration

Start here: Sign into https://session.luhack.uk, and launch the “Attacker terminal”

We have been receiving suspicious reports from agents in the People’s Republic of Damnonia. It sounds like troops are being moved around, but it’s unclear whether this is yet another internal reshuffle, or preparations for something bigger…

Take a closer look at the services we have found, and see what you can find.

Web

Use this in your browser (with cookies)

or http://target:80 in the attacker terminal.

What user can you identify on the login page?

What is the path that accidentally got directly exposed?

FTP

We also found a FTP server running on target, which we believe to be of military significance.

Rumours have been heard saying that the ground troops are particularly strong

How many reports concern the ground troops?

What other user is currently on the FTP server?

How many reports failed to be transferred?

DNS

Sudden development!

while looking at traffic logs, we spotted their authoritative DNS server responding to requests.

In there, we saw gov.dn

Whats the IP of the mail server?

What is the internal sub-domain on gov.dn

give the fully qualified domain

What other government organisation shares that same infrastructure?

TLS

We have received another report from our agents in the PRD with an important domain to the NAF. Maybe you can use this to solve some of the outstanding mysteries?

How many names are there?