Difference between revisions of "DerpNStink: 1 ~ VulnHub - Walkthrough"
(→Discovery) |
|||
Line 8: | Line 8: | ||
== Methodology == | == Methodology == | ||
=== Discovery === | === Discovery === | ||
− | <syntaxhighlight lang="shell-session" highlight=" | + | <syntaxhighlight lang="shell-session" highlight="11-13" line> |
root@kali:~# nmap -O -sT -sV -p- -T5 192.168.56.105 | root@kali:~# nmap -O -sT -sV -p- -T5 192.168.56.105 | ||
Revision as of 22:19, 2 May 2018
Contents
Objective
Remotely attack the VM and find all 4 flags eventually leading you to full root access.
Source: [VulnHub.com]
Status: [Work in progress]
Methodology
Discovery
root@kali:~# nmap -O -sT -sV -p- -T5 192.168.56.105
Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-26 05:21 EDT
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Stats: 0:00:10 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 66.67% done; ETC: 05:21 (0:00:03 remaining)
Nmap scan report for 192.168.56.105
Host is up (0.00068s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.2
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
MAC Address: 08:00:27:FF:CF:9E (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.8
Network Distance: 1 hop
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.92 seconds
Recommendations
Appendix A: Vulnerability Detail and Mitigation
Rating | High |
Description | xxxxxx |
Impact | xxxxx |
Remediation | xxxxx |
Rating | High |
Description | xxxxxx |
Impact | xxxxx |
Remediation | xxxxx |
Rating | High |
Description | xxxxxx |
Impact | xxxxx |
Remediation | xxxxx |
Rating | High |
Description | Unix file permissions for /etc/shadow are incorrect. |
Impact | Allow any user with a shell to access this file and extract password hashes which can be further passed to a password cracking utility to extract user credentials. |
Remediation | Set unix file permissions for /etc/shadow to "600" and change ownership to root:root |