Enumeration Techniques
In this CTF, I used the Nmap tool in conjunction with Metasploit to enumerate the target machine. Nmap allowed me to gather open port details meanwhile I was able to probe for a username using Metasploit. This only required me to align certain values found from our Nmap scan like which port was open (25) and of course the IP address which is already provided.
Exploitation Techniques
Thanks to those enumeration techniques I was able to confirm a known good username on the SMPT mail server which was “administrator” — a common misconfiguration. I then deployed the Hydra tool, a password cracker, and that allowed me to gain access to the administrator account.
No responses yet