dscits
asked on
Help Hacking into a linux machine for a class
Hello, For my IT 4500 class final project we have two virtual machine we have to hack. For now I'll just focus on the linux distro. I did an nmap on it, and here is what i'm coming up with.
Starting Nmap 4.53 ( http://insecure.org ) at 2010-04-23 17:28 MDT
SCRIPT ENGINE: rpcinfo.nse is not a file.
SCRIPT ENGINE: Aborting script scan.
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1708 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.1
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
23/tcp open telnet Linux telnetd
25/tcp open smtp Sendmail 8.14.2/8.14.2/Debian-2buil
79/tcp open finger Debian fingerd
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch)
MAC Address: xx:xx:xx:xx:xx:xx (QEMU Virtual NIC)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.20
Uptime: 0.858 days (since Thu Apr 22 20:52:59 2010)
Network Distance: 1 hop
Service Info: Host: ubuntuclone.cs.dixie.edu; OSs: Unix, Linux
Can anyone fill me in on some vulnerabilities to try for these? I'm not too worried about it, because I already have admin access to the machine just by trying the same usernames and passwords he used for previous assignments. I would like to get in the real way though.
And just to clear up why i'm unable to do this - The class teaches theory only, we've never hacked from the network. We've only obtained passwords through programs such as john the ripper, backtrack etc. He left it up to us to figure out how to do it.
Thanks in advance!
Starting Nmap 4.53 ( http://insecure.org ) at 2010-04-23 17:28 MDT
SCRIPT ENGINE: rpcinfo.nse is not a file.
SCRIPT ENGINE: Aborting script scan.
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1708 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.1
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
23/tcp open telnet Linux telnetd
25/tcp open smtp Sendmail 8.14.2/8.14.2/Debian-2buil
79/tcp open finger Debian fingerd
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch)
MAC Address: xx:xx:xx:xx:xx:xx (QEMU Virtual NIC)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.20
Uptime: 0.858 days (since Thu Apr 22 20:52:59 2010)
Network Distance: 1 hop
Service Info: Host: ubuntuclone.cs.dixie.edu; OSs: Unix, Linux
Can anyone fill me in on some vulnerabilities to try for these? I'm not too worried about it, because I already have admin access to the machine just by trying the same usernames and passwords he used for previous assignments. I would like to get in the real way though.
And just to clear up why i'm unable to do this - The class teaches theory only, we've never hacked from the network. We've only obtained passwords through programs such as john the ripper, backtrack etc. He left it up to us to figure out how to do it.
Thanks in advance!
ASKER
Yes I understand that, which is why I explained that this is for an assignment in my class. Heres a link to the assignment page so that it will remove all doubt that i'm just trying to hack.
http://cit.cs.dixie.edu/it/it4500/projects/project9.md
I've already used John the ripper to decrypt the passwords of the passwd file, but i'm looking for network exploits rather than having local access to the machine.
I'm googling exploits for the ftp version, I just didn't know if anyone here thats older then me has had experience with this already and could save me some time.
http://cit.cs.dixie.edu/it/it4500/projects/project9.md
I've already used John the ripper to decrypt the passwords of the passwd file, but i'm looking for network exploits rather than having local access to the machine.
I'm googling exploits for the ftp version, I just didn't know if anyone here thats older then me has had experience with this already and could save me some time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is the machine locally or physically accessible?
ftp and telnet are cleartext protocols, it might we worth sniffing the net. Login and passwords are transmitted in a readable state...
Oops, sorry this was alread suggested! My bad!
ASKER
@HappyCactus - Is the machine locally or physically accessible?
I have already acquired all of the usernames and passwords through local access, backtrack 4 and john the ripper, I scanned the shadow file and came up with all that information - that is not the issue anymore.
I am now trying to gain access through the network. I will try sniffing the net, is wireshark the program to use? I had trouble when I tried using it I guess i'll just find a tutorial. I will try all of the suggested tasks soon. Thanks, If you think of anything else let me know, I'll keep you posted on what I find.
I have already acquired all of the usernames and passwords through local access, backtrack 4 and john the ripper, I scanned the shadow file and came up with all that information - that is not the issue anymore.
I am now trying to gain access through the network. I will try sniffing the net, is wireshark the program to use? I had trouble when I tried using it I guess i'll just find a tutorial. I will try all of the suggested tasks soon. Thanks, If you think of anything else let me know, I'll keep you posted on what I find.
You can use programs to try to decrypt the password file on the debian system, I warn you this will not be easy Linux has one of the best system to protect passwords but also users may not have a good password so it can help. Long time ago there was a too called crack maybe you can find it.