Answered step by step
Verified Expert Solution
Question
1 Approved Answer
NOTES: In order to prepare for this lab, you should have downloaded the two Lubuntu virtual machines; the first, named Linx, will be the one
NOTES:
In order to prepare for this lab, you should have downloaded the two Lubuntu virtual machines; the first, named Linx, will be the one from which you will launch different security tools; the second, named Hare, will be used as the target.
For Linx, the username is herzing and the password Herzing You dont need to login into Hare, for all the required tasks will be done remotely.
The IP addresses are for Linx and for Hare, none of them with outside communication to Internet.
Its convenient to work as root, so once you open a commandline terminal, execute sudo su to become root. You will be asked for the users password you logged in with.
Please respond to the following questions:
tcpdump
Try the command tcpdump i enpsc port on Linx. Wait at least for seconds. What is the destination IP of this traffic? What is the filename after the GET command?
What command would you use to see only network traffic related to Hare supposing there were more endpoints on the network
wireshark
Using wireshark and filtering the output of the traffic capture to see only FTPrelated traffic, determine the username and password in the communication.
nmap
Execute nmap on Linx. How many open ports there are and what are the corresponding services?
Execute now nmap p What is different with the smtp service? What does it mean?
What command would look for endpoints with the port open in all the class C network using a TCP SYN scan hint: use man nmap for help
nikto
Using nikto against Hare determine the Apache version hint: use nikto h for help
What are the allowed HTTP methods?
john
Now that you have credentials to connect by FTP execute ftp use them. Then, when in the ftp prompt is shown, list all files with ls or dir and download the only available file with get creds.web
Use John the Ripper john filename to crack the password of the user webadmin. What is this users password?
Open a web browser world map icon at the bottom and get to http:private You need the username webadmin and the password you just cracked. What message did you get on the browser?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started