Download Lab Exercise: Gaining Remote Access to Servers using FTP, SSH, and Terminal Server and more Lab Reports Computer Systems Networking and Telecommunications in PDF only on Docsity!
9/26/
Lab E
Lab ELab E If any of yourforce be killedor captured, thesecretary willdisavow anyknowledge ofyouractions...thistape will selfdestruct in 5seconds...Good Luck, Jim
YourYourassignment,assignment,should youshould youchoose tochoose toaccept it…accept it… Practice usingPractice using FTP
FTP
SSHSSH
//PuttyPutty
,, TerminalTerminal
ServerServer
9/26/
Lab E
Scenario
You have already done a complete survey of a remotenetwork using
Nmap
Now, it’s time to attempt to actually get (remote) accessto one or more of the target’s servers using
guessed
(or
known) usernames/passwords.Your target is: Joe’s Kawasakis and Toothpick Construction, Inc.
Lab ELab E
9/26/
Lab E
Lab ELab E
Potential Show Stoppers
- The servers might have login lockout enabled.2. An IDS might catch password guessing.3. Your IP address will be logged.
9/26/
Lab E
Before getting started, make sure you have anetwork connection… By making sure you have an IP address:
Open a DOS window
Enter:
>^
ipconfig
If your IP address is not
between
and
Lab ELab E , ask for help.
9/26/
Lab E
Lab ELab E
Logginginto aLinux FTPservertakes youhere. You can cddown, butnot up!
SolarisSolaris
LinuxLinux
Solaris lets you move upthe directory structure.
9/26/
Lab E
Only the pub directory is in this ftp dir cd .. Won’t do any good – can’t go up^ See? You’re still in the ftp directory
Will be 208.16.3.
something
9/26/
Lab E
1. Okay, you found an FTP server on a Linux box…
But you can’t log in as root (too insecure)And you can’t use the
find
command
You can’t even use the
cat
command to examine file contents!
You must GET any flags you want to examine. Here’s how: ftp> ls
are there any files in ftp directory?
ftp> ls
pub
are there any files in pub directory?
ftp> get <file-name>
the file is now on your
box
ftp> get pub/<file-name>
file is now on your
box
ftp> quit
Exit FTP
type <file-name>
Now, you’re back on your
box
Lab ELab E
9/26/
Lab DLab D LAB 9
2. Run Putty (to use SSH) -^
If its icon is on thedesktop, double-click on it
-^
Or navigate to c:\tools\putty
and run it
there.
-^
Enter the server’s IPaddress 208.16.3.
not 1!
-^
Click on the “Open”button
-^
Select “Yes” if you get aPuTTY Security Alert
-^
You will be asked for ausername and password Guess, if you have to…
9/26/
Lab E
2. SSH (port 22) is open
(cont.)
If the SSH server is a Linux box: How do you know who all the users are? $ cat /etc/passwd
View all users
- They’re listed at the end of the file• Anyone
can view
passwd
Now,
try to
log in as each of these people
- Just try a little while – you won’t get in as
every
person!
If the SSH server is a Windows box: > dir/s/a c:\flag?.txt
Find the flags �
/a shows hidden files
type c:\flag1.txt
View Flag 1
contents
exit
Lab ELab E
9/26/
Lab E
Lab ELab E
3. Windows Terminal Server (port 3389) is open
Click: Start/All Programs/Accessories/Communications/RemoteDesktop ConnectionEnter the IP address of the Terminal Server (not
and click on
Connect
9/26/
Lab E
3. Windows Terminal Server (port 3389) is open
(cont.)
-^
Once you find flags, look at their contents – that’s
what
your manager wants!^ > type c:\winnt\flag3.txt> net share
if you’re an admin, you can �
check for who owns shares
-^
Now, disconnect^ • Click Start/Shut Down• Then select
Disconnect
Disconnect
Lab ELab E
9/26/
Lab E
Troubleshooting •^
In an environment like this lab, where the poor serversare being hammered by a room full of hackers, theservers may crash!
-^
So, if you have successfully used a port (ftp, ssh, etc.),and it suddenly stops working, make sure the server isstill up by pinging the server: > ping 208.16.3.
target’s IP, not 1!
•^
Rescan the server’s ports – is the port you’re using stillopen? > nmap 208.16.3.
target’s IP, not 1!
•^
If you find something amiss, let the instructor know!
Lab ELab E
