THM: OpenVPN
Ref:
Open VPN GUI
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
==================================
Linux:
==================================
1. Download OpenVPN by running the following command in your terminal: sudo apt install openvpn
2. Locate the full path to your VPN configuration file (download from the access page), normally in your Downloads folder.
3. Use your OpenVPN file with the following command: sudo openvpn /path-to-file/file-name.ovpn
==================================
Using TryHackMe without a VPN:
==================================
If you are unable to connect to our network through the VPN, you can deploy a Kali Linux machine and control it in your browser. You can then access all TryHackMe machines through that machine. Free users can deploy the machine for 1 hour a day, subscribers have unlimited access.
Follow the steps to deploy your own machine in your browser:
1.Subscribe to TryHackMe
2.Go to the My Machine page
3.Deploy a web-based machine of your choice!
A in-browser window will then appear, wait for your machine to load and you will be able to access machines through the Kali Linux machine without being connected to a VPN. If you're using the Kali Linux machine, start the machine on the "My Machine" page, and paste the machines and IP into the Kali Linux's machines web browser.
==========================================================
VM
1. Tools are located in /root/Desktop/Tools & /opt/
2. Webshells are located in /usr/share/webshells
3. Wordlists are located in /usr/share/wordlists
4. To use Empire & Starkiller, read the following file: /root/Instructions/empire-starkiller.txt
==========================================================
- Reconnaissance via nmap
1
2
3
4
5
6
7
8
Which systems are up?
What services are running on these systems?
Nmap series
1.Nmap Live Host Discovery
2.Nmap Basic Port Scans
3.Nmap Advanced Port Scans
4.Nmap Post Port Scans
- ARP scan: This scan uses ARP requests to discover live hosts
- ICMP scan: This scan uses ICMP requests to identify live hosts
- TCP/UDP ping scan: This scan sends packets to TCP ports and UDP ports to determine live hosts.
We also introduce two scanners, arp-scan and masscan, and explain how they overlap with part of Nmap’s host discovery.
Nmap was created by Gordon Lyon (Fyodor), a network security expert and open source programmer. It was released in 1997. Nmap, short for Network Mapper, is free, open-source software released under GPL license. Nmap is an industry-standard tool for mapping networks, identifying live hosts, and discovering running services.
Nmap’s scripting engine can further extend its functionality, from fingerprinting services to exploiting vulnerabilities. A Nmap scan usually goes through the steps shown in the figure below, although many are optional and depend on the command-line arguments you provide.
1
As part of active reconnaissance, we want to discover more information about a group of hosts or about a subnet. If you are connected to the same subnet, you would expect your scanner to rely on ARP (Address Resolution Protocol) queries to discover live hosts. An ARP query aims to get the hardware address (MAC address) so that communication over the link-layer becomes possible; however, we can use this to infer that the host is online. (We revisit link-layer in Task 4.)
If you want to check the list of hosts that Nmap will scan, you can use nmap -sL TARGETS. This option will give you a detailed list of the hosts that Nmap will scan without scanning them; however, Nmap will attempt a reverse-DNS resolution on all the targets to obtain their names. Names might reveal various information to the pentester. (If you don’t want Nmap to the DNS server, you can add -n.)
1
2
nmap -sL TARGETS
nmap -sL 10.10.12.13/29