🏁 Episode 2 of Season 1 of The Human Connection Challenge is Closed! 🏁
We hope that you all enjoyed the second lab ofThe Human Connection Challenge: Season 1! Over 120 of you attempted the lab this time around, but only 49 of you completed it. Was this one more difficult than Episode 1, or is everyone just winding down for the holidays? Either way, Beth Holden has written another walkthrough guide so that you can see how she intended for you to complete the lab: Scanning - Walkthrough Guide (Official Version) The winners will be announced in our next monthly newsletter at the beginning of January. 🔔 Don’t miss out – the next lab will go live on Monday, January 6th. Make sure you're following the CHALLENGES Tag to get notified as soon as it’s released. Let us know how you got on this time around - maybe you’ll inspire someone else with your tips.Human Connection Challenge: Season 1 – Scanning Walkthrough Guide (Official Version)
Time’s Up! Congratulations to everyone who completed Lab 2: Scanning from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab, based on my perspective as the author. Remember, there are often multiple ways to approach a challenge, so if you used a different method and succeeded, that's perfectly fine! The goal is to learn, and I hope these notes help clarify any steps and reinforce key concepts for the next challenge. This challenge has now ended, but the lab remains available for practice. While prizes are no longer up for grabs, you can still complete the lab and use this walkthrough guide for support if needed. I’ve also used placeholders in some of the commands that would give away an answer directly, so if you see anything enclosed in angle brackets, such as <name server>, please make sure you replace it with the actual value, such as nameserver. With all that considered, let's get started. Overview Task: Identify the name server records of tinytown.bitnet. 1. What is the IP of the first name server for tinytown.bitnet? You’ll first need to open a Terminal on the Kali desktop. Next, you’ll need to query the DNS Server IP (found in the Machines panel) about the tinytown.bitnet domain using the nslookup (Name Server Lookup) tool. You’re specifically looking for NS (Name Server) records, so you can use the -type=ns parameter with nslookup to specify this: nslookup -type=ns tinytown.bitnet [DNS Server IP] The output of this command will return two name servers for the domain labelled with 1 and 2. Your next step is to identify what IP address is associated with the first name server (1). To do this, you can use nslookup along with the name server, domain, and DNS Server IP: nslookup <name server>1.tinytown.bitnet [DNS Server IP] This command will then return an IP address for the name server. 2. What is the IP of the second name server for tinytown.bitnet? As you’ve already identified both name servers, you’ll just need to run the previous command, except with the second (2) name server: nslookup <name server>2.tinytown.bitnet [DNS Server IP] You’ll then find the IP address associated with it. Task: Identify port service information for Target 1. 3. What service version is running on port 53? A network scanning tool like Nmap can help you identify the service version running on a specific port. To do this with Nmap, you can use the -sV option for service detection: nmap -sV [Target 1 IP Address] The output will show what service version is running on port 53. 4. What is the full service banner of port 22? There are a couple of ways to find the full service banner of port 22 – such as with Nmap or Netcat. If you’re using Nmap, you can modify the previous command to include the “banner” script along with the port number: nmap -sV -script=banner [Target 1 IP Address] -p22 The command line will then display the service banner from port 22. You can alternatively use netcat to manually connect to the SSH server. When a client connects, Netcat may present a banner that contains version information. To use Netcat, you’ll need the nc command along with the Target 1 IP address and specify you want to connect to port 22: nc [Target 1 IP Address] 22 When you run this command, the banner appears before the terminal hangs. Task: Identify a token on one of the ports. 5. What is the token? With the previous Nmap command, you initially found that three ports were open on Target 1. However, you’ll need to do a more thorough network scan to find another open port, one not initially found with the previous scans. To do this, you can expand your port scan to cover a much wider range by using Netcat to scan for open ports from 1 through 9000: nc -zvn <Target 1 IP Address> 1-9000 Here,-z will scan for listening services but won’t send any data, -v is verbose mode, which provides more detailed information, and -n tells Netcat not to resolve hostnames via DNS. This command will reveal a fourth open port. Now, you can use Netcat to connect to this port: nc <Target 1 IP Address> <open port> The token will then be displayed in the terminal. Task: Scan the TLS configuration on Target 2. 6. How many protocols are enabled? To scan for SSL/TLS configurations, you can use the sslscan tool. By default, sslscan scans port 443 and will return supported server ciphers, certificate details, and more. You can use sslscan like this: sslscan <Target 2 IP Address> The returned output will be verbose, but you can find and count the number ofenabled protocols under the SSL/TLS Protocols subheading. 7. Name an enabled protocol. Using the previous output, name one of the enabled protocols. 8. What exploit are the protocols NOT vulnerable to? Using the same output, scroll down through the results until you find a subheading that’s named after a vulnerability and contains a similar string to: <Protocol> not vulnerable to <vulnerability name> The vulnerability has the same name as the subheading. Task: Identify and extract information from an SMB share on Target 3. 9. What Disk shared directory can you access? To extract information from an SMB (Server Message Block) share, you can use the smbclient tool. First, you’ll need to list the SMB shares on the target using the -L flag (the list/lookup option) with: smbclient -L //<Target 3 IP> You’ll then be prompted for a password, but you can pressEnter to skip this. A list of SMB shares will then be displayed, three of which are shown to be a Disk type, so you know the answer will be one of these. You can now begin to go through the list and try to connect to the shares with: smbclient //<Target 3 IP>/<Sharename> However, this time when you’re prompted for a password and you pressEnter, you might encounter a message when you try and connect to a share: NT_STATUS_ACCESS_DENIED If you attempt to connect to all shares, you’ll find you can connect to one share without a password. You’ll then be greeted with the following prompt to show the successful connection: smb: \> 10. What is the token stored in the directory? Now that you’re connected, you can execute commands to interact with the SMB share. If you run ls, you’ll find a token.txt file in the current directory. You can then download the file from the share onto your local machine with: get token.txt On theKali desktop, open the Home folder and the token.txt will be inside. Open this file and find the token. 11. What is the username stored in the directory? After you’ve run ls in the SMB share, you’ll find not only token.txt, but also a file named creds.txt. Use the same command as you just did previously to download the file onto your machine: get creds.txt This file will also be downloaded to theHome folder, where you can find a username and password. Task: Identify open services on Target 3. Task: Connect to Target 3 with the previously found credentials. 12. What is the token stored in the user's /Documents directory? For this final task, you first need to scan the target using Nmap. You’ll find that if you attempt to scan the target without using the -Pn flag, you’ll get a response saying that the host seems down. However, if you run Nmap with -Pn, you’ll find some ports are open: nmap -Pn <Target 3 IP Address> However, the ports returned from this command don’t offer a way to connect to the target. You’ll also need to scan the 6000 most popular ports: nmap -Pn --top-ports 6000 <Target 3 IP Address> These results will now show two additional ports are open regarding the Web Services Management (Wsman) protocol, which is used to communicate with remote machines and execute commands. One of the tools that implement this protocol is Windows Remote Management (WinRM) which is Microsoft’s implementation of Wsman. Knowing this, you can now use Metasploit to interact with the target. In your terminal, run: msfconsole Once loaded, you can use the the following auxiliary module to connect to a system with WinRm enabled and execute a command with: set cmd ls You’ll then need to set the following options, using the credentials you found in thecreds.txt file: set username <username> set password <password> set rhosts <Target 3 IP Address> Next, you need to set thecmd option with the command you want to run. If you use the ls command, you’ll be able to find what out files are in the directory you connect to: set cmd ls With all the options set, you can now run the module: run The results of the executed command will be printed on the screen and also saved to a directory, but both show the existence of a token.txt file in the current directory. You can now set the cmd option to type token.txt in Metasploit: set cmd type token.txt Once set, use therun command to send the updated command: run The contents oftoken.txt will then be displayed on the screen and outputted to a file. Tools For this challenge, you’ll use a range of tools including: Nslookup Nmap Netcat Sslscan Smbclient Metasploit Tips You can use different tools and parameters within those tools to scan for and find information, so don’t be afraid to try out a few different things! If you want to learn more about some of the tools within this lab, take a look at the following collections: Reconnaissance Nmap Infrastructure Hacking Introduction to Metasploit Post Exploitation with Metasploit Conclusion The steps I’ve laid out here aren’t the only way to find the answers to the questions, as long as you find the answer, you did it – well done! If you found another way to find some of these answers and think there’s a better way to do it, please post them in the comments below! I hope you enjoyed the challenge and I’ll see you for the next one.Cyber Countdown: Day 1
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. To get us started, today’s lab is of course Episode 2 of our Community Challenge -Scanning. In this lab we’ll test your scanning and enumeration skills but other than that, you’ll find limited information available to guide you. Lab author BethHolden, Cyber Security Engineer here at Immersive Labs is passionate about offensive cybersecurity and created this challenge as a little Christmas treat. The lab contains a range of tools which may provide multiple ways to solve the challenge, she’s eager to see how well you fare – good luck! As a reminder, we reward the top performing community members in the following categories: 🥇 First to Finish ⏱️ Fastest to Complete 🎯 Most Accurate 💪 Most Persistent 🎁 Spot Prizes In addition, at the end of each month, the lab author will provide a walkthrough to guide you through the lab and share hints, tips and expert advice on how to approach similar labs in the future. We also encourage you to submit your own walkthrough guides tocommunity@immersivelabs.com and we will feature any unique approaches in their own Community Walkthrough Guide. You can read more about Season 1 of the Human Connection Challengehere. To be in with a chance of a prize you have until midnight on Sunday 22nd December 2024 to complete episode 2! To find the lab in the Immersive Labs Platform, Click Exercise > Challenges & Scenarios > The Human Connection Challenge: Season 1 > Scanning 🔔 Don’t miss out – there are 5 more labs to come in this challenge series. Make sure you're following the CHALLENGES Tag to get notified as soon as each one is released. Good Luck!The Human Connection Challenge: S1E2 Update
Don't Forget!There is only 1 week left to complete the second lab of the Human Connection Challenge if you want to be in with a shout of winning an exclusive digital badges, physical challenge coins, swag and prizes. So far, over 40 of you have already completedThe Human Connection Challenge: Season 1 - Episode 2. If you are yet to complete it, you have until midnight on Sunday 22nd December 2024! To read more about the challengeclick here. To find it in the Immersive Labs Platform,Click Exercise > Challenges & Scenarios > The Human Connection Challenge: Season 1 Don’t forget toFollow The Community Blogto get a notification whenever a new Challenge Lab is released! Good Luck!The Human Connection Challenge Lab 1: Basic OS Skills – Walkthrough Guide (Community Version)
This is a walkthrough guide written by one of our community members, who offered to give their perspective on the challenge. Interestingly, they approached this challenge by completing some of the tasks in the graphical user interface (GUI) instead of the command line.🏁 Episode 1 of Season 1 of The Human Connection Challenge is Closed! 🏁
Thank you to everyone who participated in the first lab of The Human Connection Challenge: Season 1! Over 140 of you rose to the occasion and completed Episode 1, showcasing your skills and determination. If you’re looking to review or refine your approach, check out thetwo walkthrough guides here, including an alternative approach from community memberudhav Basic OS Skills - Walkthrough Guide (Official Version) Basic OS Skills – Walkthrough Guide (Community Version) We won't be removing the lab for your platform, so please feel free to try it again. We're crunching the numbers now and will announce the inaugural winnerslater this week – stay tuned for the results! 🔔 Don’t miss out – the next lab will go live onMonday, December 2nd. Make sure you're followingthe CHALLENGES Tag to getnotifiedas soon as it’s released. How did you get on? Did you do something different to the walkthroughs above? Let us know in the comments 👇The Human Connection Challenge Lab 1: Basic OS Skills - Walkthrough Guide (Official Version)
In this walkthrough, I'll share some strategies for efficiently completing the lab, based on my perspective as the author. Remember, there are often multiple ways to approach a challenge, so if you used a different method and succeeded, that's perfectly fine! The goal is to learn, and I hope these notes help clarify any steps and reinforce key concepts for the next challenge.The Human Connection Challenge: S1E1 Update
Don't Forget! There is only 1 week left to complete the first lab of the Human Connection Challenge if you want to be in with a shout of winning an exclusive digital badges, physical challenge coins, swag and prizes. So far, over 80 of you have already completed The Human Connection Challenge: Season 1 - Episode 1. If you are yet to complete it, you have until midnight on Sunday 24th November 2024! To read more about the challenge click here. To find it in the Immersive Labs Platform,Click Exercise > Challenges & Scenarios > The Human Connection Challenge: Season 1 Don’t forget to Follow The Community Blogto get a notification whenever a new Challenge Lab is released! Good Luck!Introducing The Human Connection Challenge: Season 1
Starting today we will begin releasing a series of all-new Challenge Labs. Each month you’ll be given the chance to showcase your cybersecurity skills across a range of topics and climb the Season 1 Leaderboard, with the chance to win kudos and rewards along the way.
