We covered the solution walkthrough of Moria Vulnhub by analyzing Wireshark Pcap file to extract a series of ports which are used to perform port knocking. This was followed by web enumeration to extract password hashes eventually using JohnTheRipper to extract the plain text passwords that were used to login to the root account.
Description
Moria is NOT a beginner-oriented Boot2Root VM, it will | require good enum skills and a lot of persistence. VM has been tested on both VMware and VirtualBox, and gets its IP through DHCP, make sure you’re on the same network.
Port Knocking
Network administrators employ a technique called port knocking for authentication. It comprises of a knock sequence, which is a predetermined series of closed port connection attempts to particular IP addresses. The method makes use of a daemon that scans firewall log files for the proper order of connection requests.
Because the protected ports will appear closed unless the attacker transmits the correct knock sequence, the main goal of port knocking is to prevent an attacker from using a port scan to look for potentially vulnerable services on a system.
Wireshark Packet Analysis
A network packet analyzer is called Wireshark. The acquired packet data is displayed in as much detail as possible by a network packet analyzer.
Consider a network packet analyzer as a measuring tool for investigating the contents of a network cable, similar to how an electrician uses a voltmeter to investigate the contents of an electric cable (albeit at a higher level).
These kinds of tools used to be either very costly, proprietary, or both. But that has changed after Wireshark was released. One of the greatest packet analyzers on the market right now is Wireshark, which is open source and available for free.
Video Walkthrough