Lab 8 - Further adventures in penetration testing


Our goal with this lab is to continue to see and experience the processes involved on doing a complete penetration test. In particular, we want to see how to use the vast seectin of Internet resources to cut rught through the peremeter of a system with open vulnerabiities.

Useful Links


Step 1: Exploiting Distributed C Compiler

Goto yet another instance of the Metasploitable tutorial here: Part 4.

Complete the exploit on the distributed C compiler.

  1. The tutorial does not mention how to find the exploit (CVE-2004-2687). What specific search string does it take to find the needed information?
  2. What website provides the information needed to know how to proceed with the exploit.
  3. It turns out this is a REJECTED entry in the NIST National Vulerability Database. Look up this exploit, and find the replacement code, reorting it here. What is the nature of the vulnerability as defined in the NIST National Vulerability Database?
  4. Use the exploited distcc shell to find all open ports on the other system. Here are instructions on how to use the netstat command: Using Netstat. What is your results. e.g. which ports are open?
Step 2: Obtaining Postgres Credentials

Do the bruteforce cracking of the postgres password.

  1. what are we learning about default passwords?

Step 3: Exploring Nessus Bridge

Continue working at this tutrial page: Nessus Bridge, and Local Escalation

  1. Look up Nessus, give an overview on what this is? What specifically is the Nissus Bridge"
  2. Why are you warned against this particular scan, what is the nature of the problem?
  3. The critical operation here is to find a way to esculate a normal priviledge account (user) into a root level access. This activity uses SCP to move some source code to the victim machine. What is UDEV? What are we doing by compliling a new version on the victim?
  4. Chacterize this general class of vulnerability. How can we protect against it?
Lab due on Moodle May 3.
Topic revision: r2 - 2012-04-26 - JimSkon
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback