Differences
This shows you the differences between two versions of the page.
|
isc:labs:08 [2024/11/27 08:37] ebru.resul [[30p] 1. Port Scanning] |
isc:labs:08 [2025/11/24 12:18] (current) florin.stancu |
||
|---|---|---|---|
| Line 29: | Line 29: | ||
| # let the h4x0rs in (enables the account): | # let the h4x0rs in (enables the account): | ||
| sudo usermod -e -1 -U hacker | sudo usermod -e -1 -U hacker | ||
| + | # make all tty writable by hacker | ||
| + | sudo usermod -aG tty hacker | ||
| </code> | </code> | ||
| Line 80: | Line 82: | ||
| === [10p] Discover Devices on the Network === | === [10p] Discover Devices on the Network === | ||
| - | //**STEP 1: Scan the network with nmap (it uses ping scan)**// | + | //**STEP 1: Scan the network with nmap (using ping scan)**// |
| * __What It Does:__ Sends ICMP Echo Requests (pings) or TCP/UDP requests to detect devices on the network. | * __What It Does:__ Sends ICMP Echo Requests (pings) or TCP/UDP requests to detect devices on the network. | ||
| Line 86: | Line 88: | ||
| * __Limitations:__ May miss devices that block ICMP or TCP requests. | * __Limitations:__ May miss devices that block ICMP or TCP requests. | ||
| - | <note> **TASK:** Run a ping scan to discover active hosts in your network using nmap (you can use CIDR notation! Remember OpenStack's network prefix?).</note> | + | <note> **TASK:** Run a nmap with ping scan to discover active hosts in your network using nmap (you can use CIDR notation! Remember OpenStack's network prefix?). Hint: Search on google how to run a "nmap with ping scan option"</note> |
| <solution -hidden> | <solution -hidden> | ||
| <code> | <code> | ||
| Line 166: | Line 168: | ||
| * __Purpose:__ Helps test UDP scanning, which is slower and behaves differently than TCP due to the lack of acknowledgments. | * __Purpose:__ Helps test UDP scanning, which is slower and behaves differently than TCP due to the lack of acknowledgments. | ||
| - | <note> **TASK:** Work in pairs. One person opens an UDP server on their VM using netcat, while the other scans for it. Choose a non-standard port (e.g., 10002). </note> | + | <note> **TASK:** Work in pairs. One person opens an UDP server on their VM using netcat, while the other scans for it. Choose a non-standard port (e.g., 10002). Hint: use -k when opening the server to allow multiple connections </note> |
| <solution -hidden> | <solution -hidden> | ||
| Line 269: | Line 271: | ||
| - Ask your colleague for their VM IP address. | - Ask your colleague for their VM IP address. | ||
| - Use `curl` to connect to their HTTP server and display the server’s response | - Use `curl` to connect to their HTTP server and display the server’s response | ||
| - | - Attempt to SSH into their VM using the credentials `hacker:student` | + | - Attempt to SSH into their VM using the credentials `hacker:student31337` |
| - If successful, send a broadcast message to your colleague’s system <code>hacker@<colleague-VM>$ wall "Wazzaap?" </code> | - If successful, send a broadcast message to your colleague’s system <code>hacker@<colleague-VM>$ wall "Wazzaap?" </code> | ||
| </note> | </note> | ||
| + | |||
| + | <note warning> | ||
| + | Unfortunately, ''wall'' [[https://sources.debian.org/src/util-linux/2.41-5/debian/NEWS#L1-L9|was removed from modern Debian systems]] :(( | ||
| + | But we gave ''hacker'' write permissions to all ''tty'', so we could do this instead: <code> | ||
| + | # check for the TTY's address | ||
| + | who # usually, the first one is the owner of the VM, coming from FEP | ||
| + | # then write your message! | ||
| + | echo "Wazzaaa" | tee /dev/pts/0 | ||
| + | </code> | ||
| + | </note> | ||
| <solution -hidden> | <solution -hidden> | ||
| Line 278: | Line 290: | ||
| curl http://<colleague-VM-IP> | curl http://<colleague-VM-IP> | ||
| ssh hacker@<colleague-VM-IP> | ssh hacker@<colleague-VM-IP> | ||
| - | wall "Wazzaap?" | + | echo "wazzzaaaaap" | tee /dev/pts/0 |
| </code> | </code> | ||
| </solution> | </solution> | ||
