Help Hacking into a linux machine for a class

Hello, For my IT 4500 class final project we have two virtual machine we have to hack. For now I'll just focus on the linux distro. I did an nmap on it, and here is what i'm coming up with.


Starting Nmap 4.53 ( http://insecure.org ) at 2010-04-23 17:28 MDT
SCRIPT ENGINE: rpcinfo.nse is not a file.
SCRIPT ENGINE: Aborting script scan.
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1708 closed ports
PORT   STATE SERVICE VERSION
21/tcp open  ftp     ProFTPD 1.3.1
22/tcp open  ssh     OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
23/tcp open  telnet  Linux telnetd
25/tcp open  smtp    Sendmail 8.14.2/8.14.2/Debian-2build1
79/tcp open  finger  Debian fingerd
80/tcp open  http    Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch)
MAC Address: xx:xx:xx:xx:xx:xx (QEMU Virtual NIC)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.20
Uptime: 0.858 days (since Thu Apr 22 20:52:59 2010)
Network Distance: 1 hop
Service Info: Host: ubuntuclone.cs.dixie.edu; OSs: Unix, Linux

Can anyone fill me in on some vulnerabilities to try for these? I'm not too worried about it, because I already have admin access to the machine just by trying the same usernames and passwords he used for previous assignments. I would like to get in the real way though.

And just to clear up why i'm unable to do this - The class teaches theory only, we've never hacked from the network. We've only obtained passwords through programs such as john the ripper, backtrack etc. He left it up to us to figure out how to do it.

Thanks in advance!
dscitsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

XoduusCommented:
One very important issue here is Rights you understand that breaking in computers is not legal so.
You can use programs to try to decrypt the password file on the debian system, I warn you this will not be easy Linux has one of the best system to protect passwords but also users may not have a good password so it can help. Long time ago there was a too called crack maybe you can find it.  
0
dscitsAuthor Commented:
Yes I understand that, which is why I explained that this is for an assignment in my class. Heres a link to the assignment page so that it will remove all doubt that i'm just trying to hack.
                         http://cit.cs.dixie.edu/it/it4500/projects/project9.md

 I've already used John the ripper to decrypt the passwords of the passwd file, but i'm looking for network exploits rather than having local access to the machine.
I'm googling exploits for the ftp version, I just didn't know if anyone here thats older then me has had experience with this already and could save me some time.
0
diepesCommented:
A couple of suggestions
1. Is anonymous ftp allowed ?      What directory's can be accessed ?
2. Is the web server configured to execute cgi-scripts ? Can you insert code ?
3. Depending on connectivity you may be able to sniff for clear text passwords, same with ftp and web.
4. Brute-force password guessing against telnet, ftp, web.
5. Versions of software checked against known vulnerability
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

HappyCactusCommented:
Is the machine locally or physically accessible?
0
cjl7freelance for hireCommented:
ftp and telnet are cleartext protocols, it might we worth sniffing the net. Login and passwords are transmitted in a readable state...

0
cjl7freelance for hireCommented:
Oops, sorry this was alread suggested! My bad!
0
dscitsAuthor Commented:
@HappyCactus - Is the machine locally or physically accessible?
I have already acquired all of the usernames and passwords through local access, backtrack 4 and john the ripper, I scanned the shadow file and came up with all that information - that is not the issue anymore.

I am now trying to gain access through the network. I will try sniffing the net, is wireshark the program to use? I had trouble when I tried using it I guess i'll just find a tutorial. I will try all of the suggested tasks soon. Thanks, If you think of anything else let me know, I'll keep you posted on what I find.
0
madunixCommented:
I personally use Backtrack for a lot of my pen-testing http://www.backtrack-linux.org/

madunix
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.