Advent of Cyber 2022 – Day 4 Walkthrough

Question 1

What is the name of the HTTP server running on the remote host?

Before performing any scanning, I like to start an engagement by pinging the target:

Pinging the box on TryHackMe Advent of Cyber Day 4

This confirms that I can connect to the target and also gives us potential information about the OS: a TTL of 64 indicates that the target is most likely running Linux.

TryHackMe is looking for the name of the server (software), which can be found using many types of scan including nikto:

Nmap scan on TryHackMe Advent of Cyber Day 4

Answer (Highlight Below):

Apache

Question 2

What is the name of the service running on port 22 on the QA server?

This is the standard service that runs on port 22, and is identified by an nmap scan.

Nmap scan on TryHackMe Advent of Cyber Day 4

Answer (Highlight Below):

SSH

Question 3

What flag can you find after successfully accessing the Samba service?

Samba is a file share service that can sometimes be exploited for sensitive information.

TryHackMe gives us good information telling us how to connect to Samba:

Connecting to the SMB service

Use the IP for your target machine (mine will be different) and make sure to use the credentials supplied:

Connect SMB

The flag is in the admin directory:

SMB admin fileshare

Answer (Highlight Below):

{THM_SANTA_SMB_SERVER}

Question 4

What is the password for the username santahr?

This can be found in userlist.txt (also in the admin folder on the Samba share).

Userlist on THM AoC Day 4

Answer (Highlight Below):

santa25