Taking a trip on the net.
The graphical user interface is very easy, but if you are to be a real computer administrator, you will need to use the command line at one point or another. This is especially true with virtual systems where memory is at a premium. Here were are going to take a trip on the network, all from the keyboard without even leaving our desk. The other systems could be right next to us or a zillion miles away. We will log into two additional computers and then perform some testing on a forth system. Sometimes this is known as pen testing. NOTICE: YOU MUST HAVE THE PERMISSIONS TO PEN TEST ANOTHER SYSTEM IN ADVANCE!! The real world pen testers make their clients sign a detailed agreement relieving them of any liability ahead of the events. What we are about to do is for educational purposes and no damage or illegal entry actions will be performed.
Let's log into the first system.
[eddie@oedt01 ~]$ ssh robopet
Linux robopet 2.6.12-9-386 #1 Mon Oct 10 13:14:36 BST 2005 i586 GNU/Linux
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
You have new mail.
Last login: Wed May 23 14:42:04 2012 from oedt01.homelinux.com
So far so good, let's log into that second system.
eddie@robopet:~$ ssh oesrvr1
eddie@oesrvr1's password:
Linux oesrvr1 2.6.32-41-generic-pae #89-Ubuntu SMP Fri Apr 27 23:59:24 UTC 2012 i686 GNU/Linux
Ubuntu 10.04.4 LTS
Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
0 packages can be updated.
0 updates are security updates.
You have new mail.
Last login: Wed May 23 14:42:20 2012 from robopet
Now we are logged into a second system which could be next door or half way around the world. And we did not even have to purchase a plane ticket. So now let's find out about another system. We will use Google for this test. What we about to do is known as penetration testing at the baby step level. We are going to use a program known as nmap to help us. So that nmap is not used lightly, generally administrative or root rights are required. So we use sudo to preface our command.
What we want to do is see if we can find out what the operating system is and what doors or ports are open on that system. When you use a web browser such as firefox, you access the doors or ports of the system you wish to look at the web page of.
eddie@oesrvr1:~$ sudo nmap -O sS www.google.com
[sudo] password for eddie:
Starting Nmap 5.00 ( http://nmap.org ) at 2012-05-23 15:05 CDT
Failed to resolve given hostname/IP: sS. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
Warning: Hostname www.google.com resolves to 5 IPs. Using 74.125.227.17.
Interesting ports on dfw06s03-in-f17.1e100.net (74.125.227.17):
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
554/tcp closed rtsp
1935/tcp closed rtmp
Aggressive OS guesses: OpenWrt (Linux 2.4.32) (90%), OpenWrt White Russian 0.9 (Linux 2.4.30) (90%), Microsoft Xbox game console (modified, running XboxMediaCenter) (90%), OpenWrt Kamikaze (Linux 2.4.32 - 2.4.34) (88%), uClinux 2.4.19-uc1 (ARM) (88%), APC AP9319 Environmental Monitoring Unit or Smart-UPS 1000 RM UPS (88%), Bosch Divar security system (88%), HP DeskJet 6127 or 6840, Officejet 7400, Officejet Pro K550, or Photosmart 2710 or 8400 printer (88%), HP LaserJet (1020-, 2010-, 2600-, 2800-, 3050-, or 3390-series), or Brother (HL-5250DN, MFC-7840N, or MFC-8860DN) printer (88%), HP LaserJet 2600n printer (88%)
No exact OS matches for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.31 seconds
The last time I did this the operating system was not even guessed and only two ports (80 and 443) were shown. We will look at ports 80 and 443. We can use a program called links2 to access the websites from the command line as if using Firefox or the like.
eddie@oesrvr1:~$ links2 www.google.com:80
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
Search Images
iGoogle | Web +------------ Exit Links -------------+
| |
| Do you really want to exit Links? |
_______________ | | dvanced
[ Goog | [ Yes ] [ No ] | earchLanguage
+-------------------------------------+ ools
Advertising ProgramsBusiness Solutions+GoogleAbout Google
(c) 2012 - Privacy & Terms
Yes, port 80 works.
eddie@oesrvr1:~$ links2 www.google.com:443
+------------ Exit Links -------------+
| |
| Do you really want to exit Links? |
| |
| [ Yes ] [ No ] |
+-------------------------------------+
We have to use a special prefix for port 443 to work.
eddie@oesrvr1:~$ links2 https://www.google.com:443
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
Search Images
iGoogle | Web +------------ Exit Links -------------+
| |
| Do you really want to exit Links? |
_______________ | | dvanced
[ Goog | [ Yes ] [ No ] | earchLanguage
+-------------------------------------+ ools
Advertising ProgramsBusiness Solutions+GoogleAbout Google
(c) 2012 - Privacy & Terms
Now let's look at another system (where we logged in from).
eddie@oesrvr1:~$ sudo nmap -O sS robopet
Starting Nmap 5.00 ( http://nmap.org ) at 2012-05-23 15:08 CDT
Failed to resolve given hostname/IP: sS. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
Interesting ports on robopet (192.168.1.110):
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:00:00:00:00:00 (Nic card type)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.19
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.98 seconds
On this system the correct os is described. Not only that we have the mac address and the make of the network card. This data could be easily for a another computer to seem as if it was that computer. Not good. Ports 80 and 443 are not used, which usually means a web server is not set up for the traditional ports. (Actually there is no web server installed). We do see that the ssh default port 22 is being used. Normally this needs to be changed to some other port to above 1000 and it is hidden. We could attack port 22 if we wanted to get into that system. For another day. Time to go back home. Let's leave all the computers we have entered.
eddie@oesrvr1:~$ exit
logout
Connection to oesrvr1 closed.
eddie@robopet:~$ exit
logout
Connection to robopet closed.
Back at the original computer.
[eddie@oedt01 ~]$
Comments
Post a Comment