Sunday, 14 January 2018

SANS HOLIDAY HACK 2017 : PART 3

If you have not read the 1st Part then read it here.

http://oxhat.blogspot.in/2018/01/sans-holiday-hack-2017-part-1.html

So this part is all about exploiting machines.Each challenge will lead us to a page of the Great Book that will answer our questions to who was the actual culprit behind hurling those massive snowballs.

Challenge 3:
3) The North Pole engineering team uses a Windows SMB server for sharing documentation and correspondence. Using your access to the Letters to Santa server, identify and enumerate the SMB file-sharing server. What is the file server share name?

In my previous post I showed you how we obtained the password for allabaster snowball. Now luckily the compromised machine had nmap installed in it. So we are going to scan the internal network and try to find the SMB File Share.





So IP address 10.142.0.7 belongs to the SMB Server.

As the hint says "Alabaster likes to keep life simple. He chooses a strong password, and sticks with it". we can try logging in 10.142.0.7 via SSH. Interestingly we succeed in logging in via SSH.

Now the problem is it has limited commands availability. Lets access the port 445 of 10.142.0.7 via port forwarding technique using SSH as 10.142.0.3 as the server using local port forwarding techniques.


Now we can try using smbclient to find the shares using Alabaster's username and password


Now that we found the share name we can try accessing the share. I also found the 3rd Page from the GreatBook here.


And there we have page3 from Great Book