Hello, For my IT 4500 class final project we have two virtual machine we have to hack. For now I'll just focus on the linux distro. I did an nmap on it, and here is what i'm coming up with.
Starting Nmap 4.53 ( http://insecure.org
) at 2010-04-23 17:28 MDT
SCRIPT ENGINE: rpcinfo.nse is not a file.
SCRIPT ENGINE: Aborting script scan.
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1708 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.1
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
23/tcp open telnet Linux telnetd
25/tcp open smtp Sendmail 8.14.2/8.14.2/Debian-2buil
79/tcp open finger Debian fingerd
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch)
MAC Address: xx:xx:xx:xx:xx:xx (QEMU Virtual NIC)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.20
Uptime: 0.858 days (since Thu Apr 22 20:52:59 2010)
Network Distance: 1 hop
Service Info: Host: ubuntuclone.cs.dixie.edu; OSs: Unix, Linux
Can anyone fill me in on some vulnerabilities to try for these? I'm not too worried about it, because I already have admin access to the machine just by trying the same usernames and passwords he used for previous assignments. I would like to get in the real way though.
And just to clear up why i'm unable to do this - The class teaches theory only, we've never hacked from the network. We've only obtained passwords through programs such as john the ripper, backtrack etc. He left it up to us to figure out how to do it.
Thanks in advance!