DBTN

Netmon is an "Easy" difficulty Machine on hackthebox.eu First Step: Nmap Scan of the Machine nmap -n -v -Pn -p- -A --reason -oN netmon-10.10.10.152.txt 10.10.10.152 Pretty clearly a Windows Machine. Primary areas of opportunity: FTP/21, HTTP/80, SMB/445 21/tcp open ftp syn-ack ttl 127 Microsoft ftpd 80/tcp open http syn-ack ttl 127 Indy httpd 18.1.37.13946 (Paessler PRTG bandwidth monitor) 135/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC 139/tcp open netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn 445/tcp open microsoft-ds syn-ack ttl 127 Microsoft Windows Server 2008 R2 - 2012 microsoft-ds 5985/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 47001/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 49664/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC 49665/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC 4...

Basically, companies constantly want to protect from rogue DHCP servers that end up on their networks, whether the intent was malicious or not. DHCP works like this, its a 4 step process. The Client PC will search the network for a DHCP Server "Any DHCP Servers out there?" The DHCP Server will reply back with an offer "Yeah I'm here. 10.10.10.32 is available, do you want it?" The Client PC will then officially request the IP that has been offered "Yes  DHCP Server , thank you I will use this IP address" The  DHCP Server  will then Acknowledge the Client PC's use of the IP. "Ok, thanks." However, the problem with this is when there is a rogue device added to the network. If someone adds a DHCP Server to the network the Client PC will take the IP offered by whichever DHCP Server offers them an IP first. The  Client PC  will search the network for a DHCP Server "Any DHCP Servers out there?" ...