Scribd Logo
Upload

Welcome to Scribd!

  • Test Lab V.7 Write Up: Target Network: Securesoft Llc. Server'S Ip Address: 192.168.101.5 Network Map

    Uploaded by

    dogu26
    71 views4 pages
    This document provides instructions for the first lab assignment, which involves penetration testing a simulated computer network called SecureSoft LLC. Participants are given some initial information like the target IP address and a network map. The first step is using nmap to scan the target and identify open ports and services. Information gathered includes SSH on port 22, an SMTP mail server on port 25, and a website on port 80. This information can be used to brute force passwords and potentially find user accounts and emails. The most interesting finding was discovering an "Admin Tools" resource on port 3121, which led to obtaining an SSH private key that can be used to access the internal network.

    Original Description:

    pentestit walkthrough

    Original Title

    TL7_WU_en

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for the first lab assignment, which involves penetration testing a simulated computer network called SecureSoft LLC. Participants are given some initial information like the target IP address and a network map. The first step is using nmap to scan the target and identify open ports and services. Information gathered includes SSH on port 22, an SMTP mail server on port 25, and a website on port 80. This information can be used to brute force passwords and potentially find user accounts and emails. The most interesting finding was discovering an "Admin Tools" resource on port 3121, which led to obtaining an SSH private key that can be used to access the internal network.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    71 views4 pages

    Test Lab V.7 Write Up: Target Network: Securesoft Llc. Server'S Ip Address: 192.168.101.5 Network Map

    Uploaded by

    dogu26
    This document provides instructions for the first lab assignment, which involves penetration testing a simulated computer network called SecureSoft LLC. Participants are given some initial information like the target IP address and a network map. The first step is using nmap to scan the target and identify open ports and services. Information gathered includes SSH on port 22, an SMTP mail server on port 25, and a website on port 80. This information can be used to brute force passwords and potentially find user accounts and emails. The most interesting finding was discovering an "Admin Tools" resource on port 3121, which led to obtaining an SSH private key that can be used to access the internal network.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Test lab v.

    7 write up

    https://lab.pentestit.ru/pentestlabs/3

    This write-up describes the first lab assignment and the direction for implementation of
    the next tasks. A distinctive feature of all «Test lab» is that laboratories are developed based on
    a real computer networks. Participants try to hack such networks using the tools and attack
    vectors which real hackers are using.

    For participate in this lab you need to register on the lab's site and prepare the linux
    distro that will be used for pentest performing. "Kali Linux" is one that recommended. This is
    specialized distributive designed for security specialists and containing a large number of tools
    for penetration testing. After complete registration and have a working VPN connection to the
    laboratory, we have available the following information:
    · Target network: SecureSoft LLC.
    · Server's IP address: 192.168.101.5
    · Network map

    Pentest in the laboratory is carried out by a "Gray box" - some information about the target
    infrastructure is known. In this case, we have a network map with marked hosts and their
    roles.

    The first step is process of information gathering by using the popular scanning tool - nmap.
    After that you need to manually check received information - check responses from the
    connection to the open port using telnet and see the code, generated on html pages.
    «nmap 192.168.101.5» gave the following information:

    Open port 22 provides access via SSH.


    Open the mail server port 25, it says that we can try to perform a selection of passwords
    (BruteForce) at a sufficiently high speed (unlike web-bruteforce), to attack with Hydra utility.
    Checking the web site on port 80 is provided the information about rules of drawing up the
    logins accounts. In the source code of the Web-page you can find the company's employees's e-
    mail.

    Use this information to attack. While checking the website on port 8100 we see that it is a web-
    interface of the mail server (port 25). We will use this information later, and now perform
    bruteforcing password for discovery account.

    Founded login and password provides access to e-mail employee SecureSoft LLC angela.allard
    through the web-interface. Looking for angela.allard's mail, we find a list of the SecureSoft LLC
    employees.
    Now we get a large list of employees that provide us login's constructing logic as <name>.<last
    name>. Then we need to using the Hydra utility. After a while, we get a password from the
    account pauline.newman. To Bruteforce attack (selection of passwords) to use a dictionary
    consisting of the most popular passwords in 2014, you can find this list in google.

    The second mail account gave us more interesting information. First, we received the coveted
    token of Mail's task, and the second, we received additional information that can help us in
    future.

    As in the real penetration testing an attacker collects information about the target system in
    any possible and accessible locations. The most interesting may be resources for IT / IS staff -
    they can contain very critical information that will help gain access to the entire network. For
    the provision of the scheme marked by an interesting resource - Admin Tools. Scanning port
    range (1-10000) by Nmap utility.

    We see that on non-standard port 3121 hanging some application. Empirically we determine
    that it launched a website Admin Tools.
    Functionality of the site turned out to be inoperative. It contained tools that facilitate the work
    of the system administrator. On the tooltip to submit form was found an indication of the
    download the SSH key. That is the tip-off that this file may be located on this server. After
    examining the structure of the site and html-code we doesn't found anything useful, so it was
    decided to scan the directory site by dirb utility.

    File was found - .bash_history. This file contains a history of commands that are executed in the
    console, for example, via SSH. This file name has been found private key SSH - ssh_key.priv,
    which was immediately downloaded from the site.

    Now we have the data for access to the internal network of the company SecureSoft LLC
    through port 22 using ssh. Also, the file ssh_key.priv contains the token for the "Admin Tools".
    These are the very first steps in lab passing, hope it will help you to understand tasks logic and
    complete remaining lab tasks.

    You might also like