Skip to main content

Training Update v0.83

blank
blank

Thursday time and it’s nearly the end of the week and it’s time for more THM!

Today we start on the Nmap module within the Complete Beginner Path (feel’s like Déjà vu)!

blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank

Now we move on to the Network Services module.

blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank

Flag – THM{smb_is_fun_eh?}

Note – I can now understand why they are decommissioning this path and these rooms as this section is dreadful. In this room they ask you to do things which they do not explain how to do & there is not information which relates to how to get the potential answers such as, the username for the ssh user this is not explained. It also does not explain how to download the file which is required (id_rsa) and also how to use the id_rsa file (ssh username@ipaddress -i id_rsa). It just seems that when this room was created 1787 days ago (nearly years ago) they didn’t think quality was a requirement for a paid service clearly.

blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank

Flag – THM{y0u_g0t_th3_t3ln3t_fl4g}

blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank

Flag – THM{y0u_g0t_th3_ftp_fl4g}

blank

Next up is the Network Services 2 module.

blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank

“Download the bash executable to your Downloads directory. Then use “cp ~/Downloads/bash .” to copy the bash executable to the NFS share. The copied bash shell must be owned by a root user, you can set this using “sudo chown root bash”

blank

“Let’s do a sanity check, let’s check the permissions of the “bash” executable using “ls -la bash”. What does the permission set look like? Make sure that it ends with -sr-x.”

blank

“SSH into the machine as the user. List the directory to make sure the bash executable is there. Now, the moment of truth. Lets run it with “./bash -p”. The -p persists the permissions, so that it can run as root with SUID- as otherwise bash will sometimes drop the permissions.”

blank

Flag – THM{nfs_got_pwned}

blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank

Flag – THM{who_knew_email_servers_were_c00l?}

That’s where we will leave it for today and we shall continue to finish the last part of this module tomorrow and continue on with the rest of this path.

I can understand fully why this path is being retired, this pathway is not for ‘Complete Beginners’ as a lot of the text which you need to understand is not geared towards beginners and alot of the questions are very ambiguous and alot of assertions are made of the person going through this module & they expect and absolute beginner to know alot of tools without syntax and how to use them? Poorly written and explained! Also, alot of the content is super old.

As you may have guessed, this module has pissed me off!

blank
blank

Until next time & don’t sleepwalk through life!

Muraho