Initial Pen Testing

"locate" searches through the filesystem looking for things which match the command line. It does this very quickly using a file database. The command "updatedb" refreshes the database.

Use the locate command to find the full path name of the nmap file with "stun-version" in its title.
file location:

Locate finds all filesystem locations which contains information related to the search parameter nmap. Try

locate nmap

Pipe the output into grep to filter the output from the locate cmd, and find the location of an nmap scipt relating to "smb-flood".
file location:

Use locate and grep to find the full pathname where the nmap executable lives. This will be a directory with "bin/" somewhere in its name.
file location:

Use locate and grep to find the full pathname where the locate database lives. Hint: database files usually end with ".db".
file location:

Make sure you are logged into your virtual machine using at least 1 ssh session.

The ss command can be used to check network connections currently running. Use the ss command and identify the remote endpoint ip number used when you ssh to a virtual machine. Grep for ssh, or use a specific flag for the ss cmd to filter for tcp connections.
Proxy IP:

The ss command with "-a" shows all current network connections. Services which are using ports will be in the LISTEN state.

How many ports are being used by services?
Service ports used:

Use the service command to start the apache2 service.

Use the ss command, find out which port number apache2 is running on.

Hint. Use the man page/help of ss to check options to see the port numbers numerically, as well as to see what processes are using which entry in ss.
Service port:

Use the web browser IN YOUR VIRTUAL MACHINE, browse to 127.0.0.1, and fill in the blank below based on what you can see on the webpage displayed.

The browser can be found in the application menu. Just search for browser.

Fill in the blank:
This is the default page used to

Use nano and edit the default webpage.

Use locate to find "index.html", and then pipe and greps to locate an instance below "/var/www".

In the appropriate index.html, change "If you can read this page" to "If you can see this page". Remember to save!

Use the service command to stop the apache2 service.

Use the "ip address" command. What is the interface which is connected to the local network? This will be the interface with relates to the 10.x.x.x network.
Device:

Again using "ip address", what is the IP number of this machine in terms of the device identified above.
IP:

Netcat is a command for basic client/server command line configuration.

Use netcat to make a simple ASCII client request to your own SSH server port. Basic netcat configuration puts the server/host IP in parameter 1 and the service port number in parameter 2. Once connected you should see a line of text then the communication seems to hang. At that point hit CTRL-C to terminate the request.

Looking at the ASCII line you got back from your SSH server, what is the first 7 characters received?
First line:

There are different versions of netcat, some with more features than others. In the next few questions I recommend using nmap netcat. This is called ncat. It has some very nice flags which make things easier.

Use ncat for a chat client. Make sure you either have two terminal sessions or two command windows in your virtual machine.

In command window 1, do

ncat -l 127.0.0.1 666

Now have a third command window. Use the ss command and find the established entry for this chat session. What is the local endpoint port number used at the client end of this network connection?
Client port number:

Once passed press CTRL-C in the chat session to quit.

Use

-c 'cat /etc/passwd'

Introduce the flag "-k" and restart the ncat listener. Now when you end the client with CTRL-C, you can connect again without problems.

When finished, terminate the listener with a CTRL-C in that window.

Use your new knowledge to create a backdoor on port 789. This should be a listening port in continuous mode which runs /bin/bash when someone connects. Run this and connect to it, and try "ls"...

When finished, terminate the listener with a CTRL-C in that window.

Use your new knowledge to create a server on port 790. This should be a listening port in continuous mode which runs something which tell you how many files and directories (not including hidden files) can be found in /root. When you are counting you should ignore hidden files.

When finished, terminate the listener with a CTRL-C in that window.