Reference no: EM133481648
Make sure you are using security tools in a virtual internal network or that you have written permission to do so on the network you are connected to.
you should have downloaded the two Lubuntu virtual machines; the first, named Linx, will be the one from which you will launch different security tools; the second, named Hare, will be used as the target.
For Linx, the username is "herzing" and the password "Herzing2021". You don't need to login into Hare, for all the required tasks will be done remotely.
The IP addresses are 192.168.100.11 for Linx and 192.168.100.12 for Hare, none of them with outside communication to Internet.
It's convenient to work as root, so once you open a command-line terminal, execute "sudo su" to become root. You will be asked for the user's password you logged in with.
Please respond to the following questions:
tcpdump
Try the command "tcpdump -i enp0s3 -c 4 port 80" on Linx. Wait at least for 60 seconds. What is the destination IP of this traffic? What is the filename after the GET command?
What command would you use to see only network traffic related to Hare (supposing there were more endpoints on the network)?
wireshark
Using wireshark and filtering the output of the traffic capture to see only FTP-related traffic, determine the username and password in the communication.
nmap
Execute "nmap 192.168.100.12" on Linx. How many open ports there are and what are the corresponding services?
Execute now "nmap -p25 192.168.100.12". What is different with the smtp service? What does it mean?
What command would look for endpoints with the port 22 open in all the class C network using a TCP SYN scan (hint: use "man nmap" for help)?
nikto
Using nikto against Hare determine the Apache version (hint: use "nikto -h" for help).
What are the allowed HTTP methods?
john
Now that you have credentials to connect by FTP, execute "ftp 192.168.100.12", use them. Then, when in the ftp> prompt is shown, list all files with "ls" or "dir" and download the only available file with "get creds.web".
Use John the Ripper (john filename) to crack the password of the user webadmin. What is this user's password?