Reconaissance

Complete these challenges by going to session.luhack.uk and opening the Attacker Terminal.

Your task is to gain information about an environment that you have gained unauthorised access to. Your collegue has already enumerated the network and found a number of servers to investigate.

You can access each server through it’s hostname. For example, to ping the first server you could run ping server1.

DO NOT work through these in order, skip around as they are not in order of difficulty.

Server 1

  1. What web server is running?
  1. Which URL will upgrade your browser to a more secure version?
  1. What is the organisation unit for the certificate issuer?
  1. What is the hostname for the website being served over https?

Server 2

One of your colleagues has previously discovered that this organisation uses luhack.local as the domain for their intranet.

  1. What type of server is this?
  1. What is the version string of the service?
  1. What is the IP address of their mail server?
  1. What is the IP address of their file shares?
  1. Who do I email if I need to report an issue with the authenticity of email I am receiving from their domain?
  1. What is the super secret and totally secure credential?

Server 3

  1. What is the fingerprint of this SSH server?
  1. What is the typical port for SSH?

Server 4

  1. Is this a UDP or TCP server?
  1. What is the name of the service that this server provides?
  1. What is the current version of this service?

Server 5

  1. What is the software and version of that software running on this server?
  1. There is a vulnerability in this software, when was it discolsed, according to a popular automated pentesting tool?
  1. What is the secret character string that enables the vulnerability?
  1. What is the password for the admin user?

Server 6

  1. How many ports are open on the server?
  1. What is the intended hostname of the server?
  1. What is the IMAP server called?
  1. What is the SMTP server?

Server 7

  1. What is the number of the document that specifies the protocol running on the server?
  1. What is the first name of the CEO?
  1. Who else is targeting the victim?

Server 8

  1. What protocol is running on this host?
  1. This server has been running since 2020 without being updated. What CVE is this server vulnerable to?

Server 9

  1. What is the version of the user-facing application on this server?
  1. What tool would make investigating this host much easier?