Initial Pen Testing

"locate" searches through the filesystem looking for things which match the command line. It does this very quickly using a file database. The command "updatedb" refreshes the database.

Use the locate command to find the full path name of the nmap file with "stun-version" in its title.
file location:

Locate finds all locations which contains information related to the search parameter. Try

locate zenmap

Pipe the output through grep and locate the part of nmap which involves copyright. Use locate with zenmap and then pipe this into a grep for copyright.
file location:

Use locate and grep to find the full pathname where the nmap executable lives. This will be a directory with "bin/" somewhere in its name.
file location:

Use locate and grep to find the full pathname where the locate database lives. Hint: database files usually end with ".db".
file location:

Make sure you are logged into your virtual machine using at least 1 telnet or ssh session.

The ss command can be used to check network sessions running. Use the ss command and identify the remote endpoint ip number used when you ssh or telnet to a virtual machine.
Proxy IP:

The ss command with "-a" shows all current network connections. Services which are using ports will be in the LISTEN state.

How many ports are being used by services?
Service ports used:

Use the service command to start the apache2 service.

Use the ss command, find out which port number apache2 is running on.

Hint. Use the man page of ss to help. Look for how to see the port numbers numerically, as well as to see what processes are using which entry in ss.
Service port:

Use iceweasel, browse to 127.0.0.1, and fill in the blank below.

Iceweasel can be found in the application menu, Internet>Iceweasel.

Fill in the blank:
The webserver software is running but no has been added

Use nano and edit the default webpage.

Use locate to find "index.html", and then pipe and greps to locate an instance with "www" and "var" in their names.

In the appropriate index.html, change "It works!" to "It does not work!". Remember to save!

Use the service command to stop the apache2 service.

Use the ifconfig command. What is the interface which is connected to the local network? This will be the interface with relates to the 10.x.x.x network.
Device:

Again using ifconfig, what is the IP number of this machine in terms of the device identified above.
IP:

Netcat is a command for basic client/server command line configuration.

Use netcat to make a web request to linuxzoo.net on the http port. Basic netcat configuration puts the server name in parameter 1 and the port number in paramater 2. Once connected, type "GET /index.html" then type CTRL-V CTRL-M then the return key. Note when connected you dont get any message, just a blank line... HTTP requests need to end with carriage return then a line feed, thus the need for CTRL-V CTRL-M.

Look through the resulting web document. What is on the last line?
Last line:

Use netcat for a chat client. Make sure you either have two terminal sessions or two command windows in your virtual machine.

In command window 1, do

netcat -l 127.0.0.1 -p 666

Now have a third command window. Use the ss command and find the established entry for this chat session. What is the local endpoint port number used at the client end of this network connection?
Client port number:

Once passed press CTRL-C in the chat session to quit.

Use

-e 'cat /etc/passwd'

Introduce the flag "--continuous" and restart the nc listener. Now when you end the client with CTRL-C, you can connect again without problems.

When finished, terminate the listener with a CTRL-C in that window. NOTE: Sometime in vnc mode pressing CTRL-C results in autorepeat. If it looks like a key is held down, just press any other key to fix this. This is a bug in the java vnc client.

Use your new knowledge to create a backdoor on port 789. This should be a listening port in continuous mode which runs /bin/bash when someone connects. Run this and connect to it, and try "ls"...

When finished, terminate the listener with a CTRL-C in that window.

Use your new knowledge to create a server on port 790. This should be a listening port in continuous mode which runs something which tell you how many files and directories (not including hidden files) can be found in /root. When you are counting you should ignore hidden files.

When finished, terminate the listener with a CTRL-C in that window.