Service Scanning

Question 1

Command used to connect to HTB VPN network

Answer 1

sudo openvpn user.ovpn

openvpn – represents the VPN client

user.ovpn – VPN key

Question 2

How do we successfully identify we connected to the VPN.

Answer 2

command netstat -rn

And see the tun adapter

Question 3

NMAP flag for running useful NMAP scripts against a target by default.

Answer 3

-sC

Question 4

How to locate a specific NMAP script (e.g. a vulnerability associated with Citrix)

Answer 4

locate scripts/citrix

Question 5

Syntax for running an NMAP script

Answer 5

nmap –script (script name) -p(port) (host)

Question 6

Technique used fingerprint a service quickly

Answer 6

Banner grabbing

Question 7

Nmap syntax for banner grabbing

Answer 7

nmap -sV –script=banner (target) (port)

Question 8

Netcat syntax for banner grabbing

Answer 8

nc -nv (host) (port)

Question 9

Command to connect to FTP service via anonymous authentication:

Answer 9

ftp -p (IP address)
Once connected, FTP supports common commands such as cd and ls

Question 10

FTP command to download files

Answer 10

get command

Question 11

Tool used to enumerate and interact with SMB shares

Answer 11

smbclient

Question 12

smbclient flag that specifies we want to view a list of all available shares

Answer 12

-L

Question 13

smbclient flag suppresses the password prompt

Answer 13

-N

Question 14

smbclient flag for downloading files

Answer 14

get command