Penetration Testing Lab. Reconnaissance and Mapping Using Samurai-2.0



Similar documents
Using Internet or Windows Explorer to Upload Your Site

Lab - Observing DNS Resolution

Intelligence Gathering. n00bpentesting.com

How to use FTP Commander

IDS and Penetration Testing Lab ISA656 (Attacker)

File Transfer Examples. Running commands on other computers and transferring files between computers

Using Webmin and Bind9 to Setup DNS Sever on Linux

Configuring your network settings to use Google Public DNS

1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux

VPN Web Portal Usage Guide

Lab 1: Network Devices and Technologies - Capturing Network Traffic

Setting cron job Linux/Unix operating systems using command-line interface

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

IIS, FTP Server and Windows

USB HSPA Modem. User Manual

How to Earn IPv6 Certifications (Windows Version: Fast) Why? Macintosh Instructions Windows Versions Tips for Windows Home Edition Users

IDS and Penetration Testing Lab II

Running a Default Vulnerability Scan SAINTcorporation.com

APPLICATION NOTE. CC5MPX Digital Camera and IPn3Gb Cellular Modem 10/14. App. Note Code: 3T-Z

Name Services (DNS): This is Quick rule will enable the Domain Name Services on the firewall.

Running a Default Vulnerability Scan

CafePilot has 3 components: the Client, Server and Service Request Monitor (or SRM for short).

Configure Single Sign on Between Domino and WPS

Lab 2: Secure Network Administration Principles - Log Analysis

Transferring Your Hosting Account

Lab - Observing DNS Resolution

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.

Part I - Gathering WHOIS Information

Installation Guidelines (MySQL database & Archivists Toolkit client)

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Equalizer VLB Beta I. Copyright 2008 Equalizer VLB Beta I 1 Coyote Point Systems Inc.

ITIS 2110 Lab 11: Domain Name Server. Tyler Everhart 11/12/2010

How to Use vsphere to Connect to and Manage an ESXi Hypervisor Installation

Managing Qualys Scanners

Web attacks and security: SQL injection and cross-site scripting (XSS)

JMC Next Generation Web-based Server Install and Setup

Hadoop Lab - Setting a 3 node Cluster. Java -

How to Configure the Windows DNS Server

Troubleshooting / FAQ

Parallels Plesk Panel User Guide

Install FileZilla Client. Connecting to an FTP server

Device Log Export ENGLISH

Scan to FTP Guide. Version 0 ENG

Scan to Quick Setup Guide

Alinto Mail Server Pro

Firewalls and Software Updates

Create a New Account Contents

Vulnerability analysis

SOA Software API Gateway Appliance 7.1.x Administration Guide

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

HOW TO USE THE File Transfer Protocol SERVER ftp.architekturaibiznes.com.pl

How to Setup and Connect to an FTP Server Using FileZilla. Part I: Setting up the server

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings. Securepoint Security System Version 2007nx

Zimbra :: The Leader in Open Source Collaboration. Administrator's PowerTip #3: June 21, 2007 Zimbra Forums - Zimbra wiki - Zimbra Blog

DNS Resolving using nslookup

Penetration Testing LAB Setup Guide

Livezilla How to Install on Shared Hosting By: Jon Manning

Configure Backup Server for Cisco Unified Communications Manager

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Clearswift SECURE Exchange Gateway Installation & Setup Guide. Version 1.0

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

ecopy ShareScan v4.3 Pre-Installation Checklist

Install and Configure RelayFax

OCS Training Workshop LAB14. Setup

Setting Up a Dreamweaver Site Definition for OIT s Web Hosting Server

Configuring Security for FTP Traffic

Other documents in this series are available at: servernotes.wazmac.com

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

Working with your NTU off campus

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Rally Installation Guide

Creating Custom Nameservers Contents

Management, Logging and Troubleshooting

Hadoop Data Warehouse Manual

SAS3 INSTALLATION MANUAL SNONO SYSTEMS 2015

13.1 Backup virtual machines running on VMware ESXi / ESX Server

OCS Virtual image. User guide. Version: Viking Edition

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

ORACLE BUSINESS INTELLIGENCE WORKSHOP. Prerequisites for Oracle BI Workshop

How-to: DNS Enumeration

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

Information & Communication Technologies FTP and GroupWise Archives Wilfrid Laurier University

Virtual Office Remote Installation Guide

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Deployment Guide A10 Networks/Infoblox Joint DNS64 and NAT64 Solution

Apache Configuration

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

SFTP Server User Login Instructions. Open Internet explorer and enter the following url:

Elluminate Live! Access Guide. Page 1 of 7

How To Set Up A Webhosting Website On Windstream.Com

Web24 Web Hosting Guide

Penetration Testing LAB Setup Guide

Setup Instructions for Secure Hummingbird FTP

Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5

Setting Up Your FTP Server

Fasthosts Internet Parallels Plesk 10 Manual

Vulnerability Assessment Lab

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

Transcription:

Penetration Testing Lab Reconnaissance and Mapping Using Samurai-2.0 Notes: 1. Be careful about running most of these tools against machines without permission. Even the poorest intrusion detection system will report some of these tests. 2. Login and password for the live CD is samurai and samurai. 3. For every command, there should be a man page. Look it over to see the syntax and options for the command. 4. The target assumed is DVWA wherever you have it. a. The target will be called dvwa.yourdomain.xxx b. One option is to install it on your machine and then install Samurai in a container like vmware or Virtual Box or Parallels. c. Another option is to open the Samurai iso file, but DVWA in the root and configure the web server and then recreate the iso with DVWA neatly included. I haven t done this yet, so try at your own risk. d. In this first lab, many of the commands could be run against a local machine without it having to have DVWA. 5. If you use windows, you may want to install Cygwin to get Linux tools a. http://www.cygwin.com/ has instructions 6. Goals: a. Get a handle on reconnaissance and mapping b. Learn to use a few tools c. Have some fun (no, really)

Reconnaissance Exercise 1: nslookup 1. Enter the command: nslookup dvwa.yourdomain.xxx a. What is the IP address of our default DNS server? What does that mean? b. What is the IP address of dvwa.yourdomain.xxx? 2. Enter nslookup interactive mode by entering: nslookup and then: set debug Now enter the following request: dvwa.yourdomain.xxx a. How many authoritative nameservers are their for the cs.montana.edu domain? b. Their names and IP addresses? c. Enter montana.edu and answer the same questions.

Exercise 2: dig 1. Run man dig to see the syntax of the command. 2. Enter dig dvwa.yourdomain.xxx and compare the output to nslookup. 3. Enter dig montana.edu mx. a. What are the DNS names and IP addresses of the campus mail servers? 4. Enter dig cs.montana.edu ANY +answer. a. What did you find out?

Exercise 3: Fierce 1. Open a terminal top menu bar, icon looks like a terminal. If you find the transparent background obnoxious, click on Edit > Preferences > Background and change the Transparency flag. 2. Execute the following PATH=$PATH:/usr/bin/samurai/fierce 3. Change to your home directory. Then run Fierce with:./fierce.pl dns cs.montana.edu a. What is the DNS name and IP of the default name server for the domain. b. Fierce detected a security issue early in the process. What is it? c. web1.cs.montana.edu has another name; what is it? d. Gary Harkin has a machine. What is the name? Why would you care? e. What other things might be of interest? Do names tell you anything about the applications that might be running; who might have root access; anything else?

Exercise 4: netcat 1. Open a terminal if you need one. Enter nc google.com 80 Enter : HEAD / HTTP/1.0 and hit enter twice. a. What do you see? netcat allows you to build an HTTP request manually from stdin. You need a blank line to trigger the send. Try the following: nc google.com 80 GET / HTTP/1.1 Host: google.com User-Agent: BOZOS-BROWSER Referrer: MasterOfDisguise.com b. http://www.google.com/#hl=en&source=hp&q=netcat

Exercise 5: nmap 1. Enter the following: nmap sv dvwa.yourdomain.xxx and wait. a. What services are open on the server? b. Look at the man page and choose another scan type to try on the target. What did you find out?

Exercise 1: wget Mapping 1. wget downloads files via HTTP, HTTPS or FTP. Check out the man page. Create a directory to store downloaded data in. 2. Enter wget http://www.dvwa.yourdomain.xxx/~harkin/assignment1/insert.html 3. Now try the recursive option: wget r http://www.dvwa.yourdomain.xxx/~harkin/assignment1/ --nocheck-certificate a. Look to see what is stored? How cool is that? What is in the various delete.php files? What has happened here?

Exercise 2: webscarab Return to the home directory and enter the following: java jar /usr/bin/samurai/webscarab/webscarab-(hit the Tab key here) Now launch Firefox. Go to Tools > SwitchProxy > WebScarab Local

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information