Enumerating The Network

Nmap scan report for 10.10.110.3
PORT    STATE SERVICE
443/tcp open  https

Nmap scan report for 10.10.110.123
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
8000/tcp open  http-alt
8089/tcp open  unknown

Nmap scan report for 10.10.110.124
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 10.10.110.122
PORT     STATE SERVICE
3000/tcp open  ppp

Enumerating Splunk Instance On 192.168.110.123 And Got Flag

OFFSHORE{b3h0ld_th3_P0w3r_0f_$plunk}

I got anonymous ftp on 172.16.1.201

nxc ftp 172.16.1.0/24 -u '' -p ''

and got a flag too

OFFSHORE{st0p_us1ng_fr33warez!}

Sniffing the local host

tcpdump -i eth0 -w file.pcap

Open the dump and see the http traffic

sudo wireshark file.pcap

We got credentials and flag

grep -rnw /opt/splunk -e "psql" --color