This NFS section is a good one. Especially for a new hacker, just knowing the use and exploits of NFS is a huge step. This first section goes over the basic implementation of NFS but there's a few weird questions in here that got me. The first one is that it was asking to find a process that NFS uses. I spent a while looking for the name of the process that runs to connect NFS shares to a computer. The answer is painfully simple. The process is mounting, like the verb of mounting a drive; NOT like the noun computer process. The second one that got me is How NFS represents files. The answer there is file handle. Makes sense after knowing the answer, but a stumper for a bit.

Now on to enumerating NFS. I was excited about this for all of 2 minutes until my nmap scan came back empty. I saw that the answer we need for the NFS port question is 4 characters long. 1 hour later again, after another nmap -p- scan, I finally get the answer. Once we get that port we can mount the NFS share like a USB drive and gain the access.

Exploiting the share went a little over my head. We download a bash executable with SUID permissions to get a root shell. It was a bit tough to comprehend and complete. Especially answering the permissions question after I ran chmod 777 at some point trying to get it to run. I managed to put together what they permissions were supposed to look like from an earlier ls command. Then I grabbed the flag and called it a day

Important takeaways:

• mounting files

• Finding things to do for nmap -p-

Here we go. I'm not sure why but I have a soft spot for mail protocols; now we get to do a little attack on it. The first section gives a simple overview of SMTP and a basic routing path. All the answers are accessible without any outside research.

Moving on to enumeration, we are double dipping this time. We run an nmap scan to ensure that smtp is running on an open port. We the bring up metasploit to gain the version number and run its exploits as well. I'm pretty rusty on metasploit, but using the help menu with some idea of what I'm doing got me through for now. The exploit runs a username list against the server to find any matches. I find the default administrator account is still active, that'll work.

Exploitation here is a run of hydra against the server's ssh port. We use hydra here with the administrator account we found from enumeration to get the password "alejandro". At least that was a tougher password than our last hydra exploit. These credentials can access the ssh port and grab the flag.

Important takeaways:

• Using metasploit

• Commands: msfconsole, use, run, options, search

From SMTP the room moves on to a service I don't have much experience with. MySQL is a relational database management system that, naturally, uses SQL. This first section goes over how MySQL works. I don't find it amazing or fascinating, but to each their own.

Enumerating here is vastly different than previous sections. The room explains that in most other CTF rooms, you won't be enumerating SQL directly. The credentials needed to gain access will come from enumerating and exploiting other protocols and accounts. So for this section they give us the username and password to use and then spin up metasploit again to give it a thorough testing.

This means exploiting the protocol is just a bunch of changing metasploit modules to gather information from the SQL database. This eventually boils down to grabbing the password hash from one and using John the Ripper to plaintext it. Use ssh again to access the user's files and snag the flag.

Important takeaways:

• Attacking SQL will usually come after leveraging other exploits to attain the password.

• Commands: mysql, john

This room does a good job continuing the basic premise of exploring, enumerating, and exploiting a protocol. I assume this will be the three E's of CTFs in the future and the whole "overview of protocols" was a cover up to instill that in me instead of the actual exploits. Anyways, this is the last room in the network protocols section of the Complete Beginner path. Next up will be Web fundamentals group.

Per aspera ad astra,

Connor J