SANS KringleCon - Objective 5 Terminal
In this challenge, we are tasked with a terminal challenge in order to receive hints for Objective 5. This challenge consists of performing enumeration over a network, directed at an IPv6 host. The goal is to understand the difference flags, commands and processes involved, when conducting enumeration over a IPv6 only host. Although this is not common, I think this is preparing us for the future.
We start off by opening the terminal and as usual we see at the top is our area to enter out answers as we go. We see that our task is to simply perform basic enumeration to find a flag that is hidden in plain sight.
We start off wit ha basic nmap scan after running ifconfig to determine our existing network. From here, our nmap scan is targeting the entire subnet in an attempt to perform host discovery. We can see several hosts on the network so we will simply go through them one at a time.
We scan our first host and identify three open ports. We don't really find anything on port 22 or 3000, but port 8000 looks promising. We can see http is the running service, and we would like to view the webpage. However we have only terminal access so we will have to settle for old school cli page viewing. We are able to accomplish this with the curl command over the specific port.
we see that curling the webpage over port 8000 provides information about an API key.
We jump into Host 2 and see that only port 80 is open. We proceed to send another curl request that provides a revealing response suggesting that we need to view this webpage over IPv6 to reveal further information.
We then curl the suggested ipv6 address and are directed to scan other TCP ports. This is interesting as we did not see any, so we have to take a step back and conclude that we are to perform an IPv6 specific scan of the host.
We scan the host specifying an IPV6 scan. We find some repeating words in the banner for port 9000 but we curl port 9000 in particular to get our results.
Using the curl command, we specify our ipv6 address over port 9000 and receive our final flag.