Reconnaissance

Complete these challenges by going to session.luhack.uk and opening the Attacker Terminal.

Your task is to gain information about an environment that you have gained unauthorised access to. Your colleague has already enumerated the network and found a number of servers to investigate.

You can access each server through it’s hostname. For example, to ping the first server you could run ping server1.

DO NOT work through these in order, skip around as they are not in order of difficulty.

server1

  1. What web server is running?
  1. What is the organisation unit for the certificate issuer?
  1. What is the hostname for the website being served over https?

server2

One of your colleagues has previously discovered that this organisation uses luhack.local as the domain for their intranet.

  1. What type of server is this?
  1. What is the version string of the service?
  1. What is the IP address of their mail server?
  1. What is the IP address of their file shares?
  1. Where will sending reports get sent, by recipients of this mailserver?
  1. What is the super secret and totally secure credential?

server3

  1. What is the ED25519 HostKey fingerprint of this SSH server?
  1. What is the typical port for SSH?

server4

  1. What is the software and version of that software running on this server?
  1. There is a vulnerability in this software, when was it disclosed, according to a popular automated pentesting tool?
  1. What is the secret character string that enables the vulnerability?
  1. What is the password for the admin user?

server5

  1. What is the number of the document that specifies the protocol running on the server?
  1. What is the first name of the CEO?
  1. What commit is running on the server?