Scribd Logo
Upload

Welcome to Scribd!

  • 6 views

    Acticidad Ampliación 1

    Uploaded by

    Jose Estrella Tijeras
    The document describes the results of several network scanning and service enumeration exercises performed on IP addresses 10.0.2.5, 10.0.1.5, and 10.0.1.5. Nmap scans revealed open ports and services including SSH, FTP, SMTP, HTTP, MySQL. A bruteforce attempt successfully cracked the MySQL root password. Metasploit was used to exploit the vulnerable vsftpd service and obtain a root shell on port 21.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Acticidad Ampliación 1

    Uploaded by

    Jose Estrella Tijeras
    6 views9 pages
    The document describes the results of several network scanning and service enumeration exercises performed on IP addresses 10.0.2.5, 10.0.1.5, and 10.0.1.5. Nmap scans revealed open ports and services including SSH, FTP, SMTP, HTTP, MySQL. A bruteforce attempt successfully cracked the MySQL root password. Metasploit was used to exploit the vulnerable vsftpd service and obtain a root shell on port 21.

    Original Description:

    Original Title

    Acticidad ampliación 1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes the results of several network scanning and service enumeration exercises performed on IP addresses 10.0.2.5, 10.0.1.5, and 10.0.1.5. Nmap scans revealed open ports and services including SSH, FTP, SMTP, HTTP, MySQL. A bruteforce attempt successfully cracked the MySQL root password. Metasploit was used to exploit the vulnerable vsftpd service and obtain a root shell on port 21.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    6 views9 pages

    Acticidad Ampliación 1

    Uploaded by

    Jose Estrella Tijeras
    The document describes the results of several network scanning and service enumeration exercises performed on IP addresses 10.0.2.5, 10.0.1.5, and 10.0.1.5. Nmap scans revealed open ports and services including SSH, FTP, SMTP, HTTP, MySQL. A bruteforce attempt successfully cracked the MySQL root password. Metasploit was used to exploit the vulnerable vsftpd service and obtain a root shell on port 21.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 9

    Jose A.

    Estrella Tijeras 1º ASIR

    Acticidad ampliación 1
    Ejercicio 1
    Captura 1:

    Comando netdiscover -r:


    Jose A. Estrella Tijeras 1º ASIR

    Ejercicio 2
    nmap -sS -p- -n -v 10.0.2.5 130 ⨯
    Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-03 15:20 EST
    Initiating ARP Ping Scan at 15:20
    Scanning 10.0.2.5 [1 port]
    Completed ARP Ping Scan at 15:20, 0.04s elapsed (1 total hosts)
    Initiating SYN Stealth Scan at 15:20
    Scanning 10.0.2.5 [65535 ports]
    Discovered open port 22/tcp on 10.0.2.5
    Discovered open port 139/tcp on 10.0.2.5
    Discovered open port 5900/tcp on 10.0.2.5
    Discovered open port 3306/tcp on 10.0.2.5
    Discovered open port 23/tcp on 10.0.2.5
    Discovered open port 445/tcp on 10.0.2.5
    Discovered open port 80/tcp on 10.0.2.5
    Discovered open port 25/tcp on 10.0.2.5
    Discovered open port 21/tcp on 10.0.2.5
    Discovered open port 111/tcp on 10.0.2.5
    Discovered open port 1524/tcp on 10.0.2.5
    Discovered open port 1099/tcp on 10.0.2.5
    Discovered open port 8180/tcp on 10.0.2.5
    Discovered open port 8787/tcp on 10.0.2.5
    Discovered open port 2121/tcp on 10.0.2.5
    Discovered open port 513/tcp on 10.0.2.5
    Discovered open port 6000/tcp on 10.0.2.5
    Discovered open port 58424/tcp on 10.0.2.5
    Discovered open port 2049/tcp on 10.0.2.5
    Discovered open port 512/tcp on 10.0.2.5
    Discovered open port 6697/tcp on 10.0.2.5
    Discovered open port 55973/tcp on 10.0.2.5
    Discovered open port 5432/tcp on 10.0.2.5
    Discovered open port 48045/tcp on 10.0.2.5
    Jose A. Estrella Tijeras 1º ASIR

    Discovered open port 3632/tcp on 10.0.2.5


    Discovered open port 8009/tcp on 10.0.2.5
    Discovered open port 6667/tcp on 10.0.2.5
    Discovered open port 45847/tcp on 10.0.2.5
    Discovered open port 514/tcp on 10.0.2.5
    Completed SYN Stealth Scan at 15:20, 1.76s elapsed (65535 total ports)
    Nmap scan report for 10.0.2.5
    Host is up (0.00027s latency).
    Not shown: 65506 closed tcp ports (reset)
    PORT STATE SERVICE
    21/tcp open ftp
    22/tcp open ssh
    23/tcp open telnet
    25/tcp open smtp
    80/tcp open http
    111/tcp open rpcbind
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    512/tcp open exec
    513/tcp open login
    514/tcp open shell
    1099/tcp open rmiregistry
    1524/tcp open ingreslock
    2049/tcp open nfs
    2121/tcp open ccproxy-ftp
    3306/tcp open mysql
    3632/tcp open distccd
    5432/tcp open postgresql
    5900/tcp open vnc
    6000/tcp open X11
    6667/tcp open irc
    6697/tcp open ircs-u
    Jose A. Estrella Tijeras 1º ASIR

    8009/tcp open ajp13


    8180/tcp open unknown
    8787/tcp open msgsrvr
    45847/tcp open unknown
    48045/tcp open unknown
    55973/tcp open unknown
    58424/tcp open unknown
    MAC Address: 08:00:27:0F:D9:60 (Oracle VirtualBox virtual NIC)

    Read data files from: /usr/bin/../share/nmap


    Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds
    Raw packets sent: 65536 (2.884MB) | Rcvd: 65536 (2.622MB)

    Ejercicio 3:
    nmap -sV -sC -O -p 21,22,80,3306 -n -v -T5 10.0.1.5
    Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-03 15:22 EST
    NSE: Loaded 155 scripts for scanning.
    NSE: Script Pre-scanning.
    Initiating NSE at 15:22
    Completed NSE at 15:22, 0.00s elapsed
    Initiating NSE at 15:22
    Completed NSE at 15:22, 0.00s elapsed
    Initiating NSE at 15:22
    Completed NSE at 15:22, 0.00s elapsed
    Initiating Ping Scan at 15:22
    Scanning 10.0.1.5 [4 ports]
    Completed Ping Scan at 15:22, 0.05s elapsed (1 total hosts)
    Initiating SYN Stealth Scan at 15:22
    Scanning 10.0.1.5 [4 ports]
    Completed SYN Stealth Scan at 15:22, 1.24s elapsed (4 total ports)
    Initiating Service scan at 15:22
    Jose A. Estrella Tijeras 1º ASIR

    Initiating OS detection (try #1) against 10.0.1.5


    Retrying OS detection (try #2) against 10.0.1.5
    NSE: Script scanning 10.0.1.5.
    Initiating NSE at 15:23
    Completed NSE at 15:23, 0.00s elapsed
    Initiating NSE at 15:23
    Completed NSE at 15:23, 0.00s elapsed
    Initiating NSE at 15:23
    Completed NSE at 15:23, 0.00s elapsed
    Nmap scan report for 10.0.1.5
    Host is up (0.00059s latency).

    PORT STATE SERVICE VERSION


    21/tcp filtered ftp
    22/tcp filtered ssh
    80/tcp filtered http
    3306/tcp filtered mysql
    Too many fingerprints match this host to give specific OS details

    NSE: Script Post-scanning.


    Initiating NSE at 15:23
    Completed NSE at 15:23, 0.00s elapsed
    Initiating NSE at 15:23
    Completed NSE at 15:23, 0.00s elapsed
    Initiating NSE at 15:23
    Completed NSE at 15:23, 0.00s elapsed
    Read data files from: /usr/bin/../share/nmap
    OS and Service detection performed. Please report any incorrect results at
    https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 4.91 seconds
    Raw packets sent: 54 (6.816KB) | Rcvd: 3 (120B)

    • Software y versión del servidor web usado (puerto 80):


    Jose A. Estrella Tijeras 1º ASIR

    • Software y versión del servidor mysql usado (puerto 3306):


    Aparece que hay demasiadas huellas como para escanear en busca el SO.
    Ejercicio 4: mysql
    Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-03 15:33 EST
    Nmap scan report for 10.0.1.5 (10.0.1.5)
    Host is up (0.00058s latency)
    PORT STATE SERVICE
    3306/tcp filtered mysql
    mysql-brute:
    Accounts:
    root:root – Valid credentials
    Nmap done: 1 IP address (1 host up) scanned in 0.67 seconds

    Ejercicio 5:
    1. Hacemos un escaneo de puertos para averiguar cual es el puerto ftp. Es el puerto 21.
    Jose A. Estrella Tijeras 1º ASIR

    2. Vamos a usar Metasploit para explotar la vulnerabilidad. Ponemos en la consola


    msfconsole para iniciarlo.
    3. Search vsftpd:
    Jose A. Estrella Tijeras 1º ASIR

    4. Show options para configurarlo.

    5.
    Jose A. Estrella Tijeras 1º ASIR

    Al ejecutar ahora el comando show options aparece la IP que hemos puesto:

    Ahora al escribir whoami obtenemos como respuesta “root”.

    You might also like