In today’s TryHackMe write-up, we’ll be diving into the crucial realm of Networking Secure Protocols. This module comprises 8 comprehensive tasks, offering a fantastic hands-on exploration of various methods used to secure network traffic. In an era where data breaches are commonplace, understanding how to protect our communications is paramount. This room on TryHackMe provides a fantastic hands-on exploration of various methods used to secure network traffic. We’ll unravel the mysteries behind SSL/TLS, the backbone of secure web browsing, and then explore practical ways to fortify existing plaintext protocols like HTTP, SMTP, POP3, and IMAP. Furthermore, we’ll examine how SSH emerged as the secure successor to the insecure TELNET and finally, demystify how a VPN can establish a secure network tunnel across an otherwise untrusted infrastructure. So, buckle up as we embark on this journey to fortify our network knowledge!
Task 1: Introduction
Read the introduction and click submit to move onto the next task.
Question 1: Please ensure you have finished the Networking Core Protocols room at minimum. No answer needed.
Task 2: TLS
Read the instructions and continue with the questions.
Question 1: What is the protocol name that TLS upgraded and built upon?
The protocol that TLS (Transport Layer Security) upgraded and built upon is SSL (Secure Sockets Layer). TLS is essentially the successor to SSL, incorporating improvements and addressing security vulnerabilities found in earlier versions of SSL. While the terms are often used interchangeably, especially SSL, it’s important to recognize that TLS represents the more modern and secure evolution of this foundational secure communication protocol.
Question 2: Which type of certificates should not be used to confirm the authenticity of a server?
Self-signed certificates should generally not be used to confirm the authenticity of a server in a production environment or when dealing with untrusted parties. These certificates are created and signed by the server owner themselves, without the verification of a trusted Certificate Authority (CA). As a result, there’s no independent third-party vouching for the server’s identity, making it susceptible to man-in-the-middle attacks where a malicious actor could present their own self-signed certificate. While self-signed certificates can be useful for internal testing or specific controlled environments, relying on them for public-facing servers or sensitive communications undermines the core purpose of certificate-based authentication.
Task 3: HTTPS
Read the instructions and continue with the questions.
Question 1: How many packets did the TLS negotiation and establishment take in the Wireshark HTTPS screenshots above?
See the last screen capture of wireshark. You can see they outline the answer with the numbers 1 and 2. The answer is 8.
Question 2: What is the number of the packet that contain the GET /login when accessing the website over HTTPS?
Again, reference the same screen capture. The correct line is highlighted in blue. It is number 10.
Task 4: SMTPS, POP3S, and IMAPS
Read the instructions and continue with the questions.
Question 1: If you capture network traffic, in which of the following protocols can you extract login credentials: SMTPS, POP3S, or IMAP?
IMAP by itself is the insecure, plaintext protocol. Therefore, if you capture network traffic using IMAP, you would be able to extract login credentials as they are transmitted in cleartext. On the other hand, SMTPS and POP3S are the secure versions of SMTP and POP3, respectively, utilizing TLS/SSL encryption to protect the transmitted data, including login credentials. So, the answer should focus on the insecure protocol.
If you capture network traffic, you can extract login credentials from IMAP. This is because IMAP, without the “S,” transmits data, including usernames and passwords, in plaintext. Conversely, SMTPS and POP3S are the secure versions of SMTP and POP3, respectively, utilizing TLS/SSL encryption to protect the transmitted data from eavesdropping. Therefore, network captures of SMTPS and POP3S would reveal encrypted data, making credential extraction significantly more difficult without decryption keys.
Task 5: SSH
Read the instructions and continue with the questions.
Question 1: What is the name of the open-source implementation of the SSH protocol?
The most widely used and de facto standard open-source implementation of the SSH protocol is OpenSSH (OpenBSD Secure Shell). Developed as part of the OpenBSD project, it is a suite of secure networking utilities providing encrypted communication sessions over a network. OpenSSH includes both the client (ssh, scp, sftp) and server (sshd) components and has been widely adopted across various operating systems, making it the cornerstone of secure remote administration and file transfer.
Task 6: SFTP and FTPS
Open the site and complete the exercise.
Question 1: Click on the View Site button to access the related site. Please follow the instructions on the site to obtain the flag.
| Cleartext Protocol Port | Secure Protocol Port |
| 80 | 443 |
| 110 | 995 |
| 25 | 587 |
| 143 | 993 |
| 23 | 22 |
| 21 | 990 |
Copy and paste the flag into the answer box. THM{Protocols_secur3d}
Task 7: VPN
Open the site and complete the exercise.
Question 1: What would you use to connect the various company sites so that users at a remote office can access resources located within the main branch?
To connect various company sites and enable users at a remote office to securely access resources located within the main branch, you would typically use a Virtual Private Network (VPN). A VPN creates an encrypted tunnel over a public network like the internet, effectively extending the private network of the main branch to the remote office. This allows users at the remote site to securely communicate with servers and access resources as if they were physically connected to the same local network, ensuring data confidentiality and integrity during transmission between the sites.
Task 8: Closing Notes
Start the virtual machine and follow the instructions.
Question 1: One of the packets contains login credentials. What password did the user submit?
Look at packet 366. Open Hypertext Transfer Protocol 2. Open Stream. Open HTML Form URL. Look at Form item: “pass”.
Answer is: THM{B8WM6P}
Leave a Reply