Blue holes are fascinating geological phenomena. Where bedrock dissolves, they form underwater in the middle of limestone-rich areas, and get their name from the stark contrast between them and their surroundings.
TryHackMe’s ICE room is an easy boot-to-root process that exploits a basic (albeit specific) misconfiguration. How would it be done in a real-world scenario? Fictionalizing what this would look like will hopefully make this walk-through a little more interesting and relatable. Of course, this example is entirely made-up. In any real-world scenario, you will need authorization to test something like this legally! Exploits can have unintended consequences, including permanent damage and data loss.
Ubuntu has a special place in my heart. It was the first Linux distribution I ever installed. Someone gave me an old fat Toshiba laptop, and since it was running the ancient Windows Vista and thus was practically useless, I followed a guide to flash Ubuntu. With it, I self-hosted a personal website that I never got to production because I spent all my time designing a loading screen. But I digress.
Metasploit is a double-edged sword. Written in Ruby, it is a full-featured framework for penetration testing. Penetration testing is the act of breaking into systems—legally, for the good guys. Because it enables security engineers to find weaknesses to patch, it keeps them with a job.
I had installed Ubuntu before. I had even installed MacOS. But I had no clue Windows 10 on VirtualBox would the nastiest to do. It took a lot of head-banging just to figure out what the problem was. For historical purposes, I’m leaving the first part of this article as I originally wrote it under “What I tried,” so that hopefully, someone out there with the same problem as myself will benefit from a walk-through of the thought process.
Imagine you’re a computer. A computer sealed off from any others. You may hear from people, but never from one of your own kind.
Nmap is a powerful and essential program for understanding how networks operate and what is happening on a network. According to its manual, it is “an open source tool for network exploration and security auditing” [nmap.org].
The internet is founded on the principles of the OSI (Open Systems Interconnection) model. Although it’s not the most comfortable to learn about, it is essential. This is a high-level summary of OSI key concepts.
Active reconnaissance, in contrast to passive reconnaissance, requires direct engagement with a target instead of publicly available data. Consequently, with this type of research, it’s harder to avoid leaving traces, but it generally provides deeper insights into the system.
If active recon is like eating anchovy pizza, passive recon is asking other people about the pizza. Which method tells you more? Which method signals the anchovies that you’re researching them? You get my point.
The first stage of The Unified Kill Chain is reconnaissance. And reconnaissance begins with the wealth of information available through passive reconnaissance. Essentially, passive recon is researching about a target through public means. For a brief primer on this type of research, I took a TryHackMe room on it. This article follows the flow of my learnings through that room.
On the command line, there are a few essential utilities to reveal this data without the target necessarily knowing you’re researching about them. I find these command-line tools far more efficient than their Google-and-GUI counterparts.