Tryhackme - Snort Challenge: Live Attacks

Tryhackme – Snort Challenge: Live Attacks

In this walk through, we will be going through the Snort Challenge – Live Attacks room from Tryhackme. This room will put our snort skills into practice by defending against live attacks. On that note, let’s get started.

Snort Challenge: Live Attacks

Task 1 – Introduction

Tryhackme - Snort Challenge: Live Attacks

Tryhackme - Snort Challenge: Live Attacks

Task 2 – Scenario 1 | Brute-Force

Question 1 – Stop the attack and get the flag (which will appear on your Desktop)

sudo gedit /etc/snort/rules/local.rules

Tryhackme - Snort Challenge: Live Attacks

sudo snort -c /etc/snort/snort.conf -q -Q --daq afpacket -i eth0:eth1 -A full

Tryhackme - Snort Challenge: Live Attacks

THM{81b7fef657f8aaa6e4e200d616738254}

Question 2 – What is the name of the service under attack?

sudo snort -c /etc/snort/snort.conf -q -Q --daq afpacket -i eth0:eth1 -A console

Tryhackme - Snort Challenge: Live Attacks

SSH

Question 3 – What is the used protocol/port in the attack?

TCP/22

Tryhackme - Snort Challenge: Live Attacks

Task 3 – Scenario 2 | Reverse-Shell

Question 1 – Stop the attack and get the flag (which will appear on your Desktop)

sudo nano /etc/snort/rules/local.rules
drop tcp any any -> any any (sid: 1000005;)

Tryhackme - Snort Challenge: Live Attacks

sudo snort -c /etc/snort/snort.conf -q -Q --daq afpacket -i eth0:eth1 -A full

Tryhackme - Snort Challenge: Live Attacks

THM{0ead8c494861079b1b74ec2380d2cd24}

Question 2 – What is the used protocol/port in the attack?

sudo snort -c /etc/snort/snort.conf -q -Q --daq afpacket -i eth0:eth1 -A console

TCP/4444

Question 3 – Which tool is highly associated with this specific port number?

Metasploit

Tryhackme - Snort Challenge: Live Attacks

Also Read: Tryhackme – Simple CTF

So that was “Snort Challenge – Live Attacks” for you. In this room, we have practiced and tested our skills with snort by defending against the live attacks based on common scenarios like Bruteforce and Reverse Shell uploads. On that note, i will take your leave but stay tuned for the next one and till then, remember to “Hack the planet”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top