4.1 Cupcake - JadenGil/Jaden-Tech-Journal GitHub Wiki

Deliverable 1:

nmap 10.0.5.23 -sV -F

image

nmap 10.0.5.23 -A -F

image

image

image

Deliverable 2:

The following public apps were found OpenSSH, Apache, and VMWare

OpenSSH:

OpenSSH is a software that allows a user on the same network to control another machine remotely

Apache:

Apache acts as a web server and is the most popular cross-platform web server. It's basic job is accepting requests from clients from a visitors browser and it'll then send them a response to said request.

VMWare:

VMware is a virtualization software cloud computing software. It allows for the user to use virtual machines and it also allows them to run on a server to share with others.

Deliverable 3:

In our search, we didn't find any specific vulnerabilities given the 10-minute limit but there are definitely some db exploits that can be utilized.

Deliverable 4:

image

Deliverable 5:

Basic database manipulation vulnerabilities

Deliverable 6:

image

Deliverable 7:

image

image

image

image

Deliverable 8:

cat rockyou.txt | grep -i samwise

image

Deliverable 9:

Pre-reqs:

apt-get install kali-tweaks

kali-tweaks -h

Harden -> SSH (press space) -> apply -> quit

image

image

Deliverable 10:

image

Last Deliverable:

In this lab, I learned a fair bit about brute-force password cracking. I have participated in a few Capture the Flag events so through that I had some idea of what to do but this lab was a great refresher on what to do and how to gather the proper information on a user in order to gain their password.