Posts

Showing posts from 2015

Tango Down (Kioptrix1) : Kioptrix Level 1 (#1) Challenge Walkthrough

Image
Lab Environment :

Victim Host : https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ on VirtualBox
Attacking Host : KALI (On Virtual Box)
Network : Host-Only (VirtualBox)
Tools : As mentioned in the walkthrough below

Discovery :Changed the setting for the VMas host-only, ran an nmapscan

root@kali:~/tools/practice/bash/lab# nmap -sT 192.168.56.1-254

Starting Nmap6.47 ( http://nmap.org) at 2015-10-27 23:09 GMT
Nmapscan report for 192.168.56.1
Host is up (0.0036s latency).
All 1000 scanned ports on 192.168.56.1 are closed
MAC Address: 0A:00:27:00:00:00 (Unknown)

Nmapscan report for 192.168.56.100
Host is up (0.00012s latency).
All 1000 scanned ports on 192.168.56.100 are filtered
MAC Address: 08:00:27:BD:93:7E (CadmusComputer Systems)

Nmapscan report for 192.168.56.101
Host is up (0.0016s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
139/tcp open netbios-ssn
32768/tcpopen filenet-tms
MAC Address: 08:00:27:96:FA:49 (Cadmus Computer Systems)

N…

Tango Down (CTF5) : Capture The Flag (CTF) 5 Lamp Security Challenge

Image
Lab Environment :

Victim Host : https://www.vulnhub.com/entry/lampsecurity-ctf5,84/  on VirtualBox (MacOS) Attacking Host : KALI (On Virtual Box)
Network : Host-Only (VirtualBox)
Tools : As mentioned in the walkthrough below


Discovery :

Install the image

Run a network scan on the range :root@kali:~/vulhub/ctf5# nmap-sT192.168.56.1-254
Starting Nmap6.47 ( http://nmap.org) at 2015-10-31 00:22 GMT
Nmapscan report for 192.168.56.1
Host is up (0.00036s latency).
All 1000 scanned ports on 192.168.56.1 are closed
MAC Address: 0A:00:27:00:00:00 (Unknown)

Nmapscan report for 192.168.56.100
Host is up (0.000079s latency).
All 1000 scanned ports on 192.168.56.100 are filtered
MAC Address: 08:00:27:79:AC:8C (CadmusComputer Systems)

Nmapscan report for 192.168.56.101
Host is up (0.0023s latency).
Not shown: 990 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
139/tcp open netbios-ssn
143/tcp open imap
445/tcp open microsoft-ds
901/tcp open samba-s…

Tango Down (CTF4) : Capture The Flag (CTF) 4 Lamp Security Challenge

Image
Lab Environment :

Victim Host : https://www.vulnhub.com/entry/lampsecurity-ctf4,83/  on VirtualBox (MacOS) Attacking Host : KALI (On Virtual Box)
Network : Host-Only (VirtualBox)
Tools : As mentioned in the walkthrough below


Discovery :

- Search the IP, start the VM, select the network to Host Only network, now we are aware the subnet used by host only, just run an nmapscan to identify the network IP.

We got the below IP and services :

Nmapscan report for 192.168.56.101
Host is up (0.00043s latency).
Not shown: 96 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
631/tcpclosed ipp
MAC Address: 08:00:27:37:40:F6 (CadmusComputer Systems)


To confirm, Telnet on 25 port
root@kali:~# telnet 192.168.56.101 25

Trying 192.168.56.101...
Connected to 192.168.56.101.
Escape character is '^]'.
220 ctf4.sas.upenn.eduESMTPSendmail8.13.5/8.13.5; Sat, 24 Oct 2015 00:05:52 -0400
HELO
501 5.0.0 HELOrequires domain address
VRYroot
500 5.5.1 Command unrecognized: "VRY…

Common TCP/IP Ports For Penetration Testers

Some of the ports of interests for penetration testers are :

Port NumberUsageProtocolSome Enumeration Commands and Tools21FTPTCPNmap NSE,22SSHTCP,UDPTBD23TelnetTCPTBD25SMTPTCPNmap NSE53DNSTCP,UDPNmap NSE, dnsrecon, nslookup80HTTPTCP,UDPNmap NSE, nikto, dirbuster123NTPTCPTBD135Microsoft RPCTCP,UDPNmap NSE, 137NetBIOS Name ServiceTCP,UDPNmap NSE, 139NetBIOS Session Service,
Samba (SMB,CIFS)TCP,UDPNmap NSE, smbclient161SNMPTCP,UDPsnmpwalk, onesixtyone162SNMP TrapTCP,UDPsnmpwalk, onesixtyone389LDAPTCP,UDPTBD443HTTPSTCP,UDPNmap NSE, nikto, dirbuster445Microsoft-dsTCPNmap NSE, PsExec, nbtstat3306MySQLTCPNmap NSE, sqlmap3368Global CatalogueTCPTBD3389RDPTCPTBD List of Ports and usage


If you have any suggestions, please leave your comments below to add some here..

Convert VMX,VMDK to OVF, OVA Format

Problem Statement :

I recently got a dump of a virtual machine, it was exported from VMWare hence it had the respective .vmdk's, .vmx's.. I work on a mac and use VirtualBox to host VM's. The problem begun when I tried to import the virtual machine to my laptop. You cannot import it using VirtualBox. The other option was to install VMWare player on my laptop for that VM specifically which didn't make much sense. Moreover, You would not get VMWare player free for mac, you would need to either buy VMWare Fusion or download a 30 day trial, which again does not solve my purpose.

So in essence I wanted to covert the available VMWare proprietary files in a format which can be imported on my regular VirtualBox

Fix :

There is a tool available from VMWare called OVFTool which can be used to convert the existing VMWare files in any appropriate format.

You can download this tool from here : https://www.vmware.com/support/developer/ovf/

Steps :
Install the OVFTool dmg.Locate the pa…

The Concept of Apache Hadoop Mapreduce 2 or YARN ( Yet Another Resource Negotiator )

Image
Introduction
Comparing to the previous versions of Hadoop, where we had the NameNode and JobTracker daemons on the Master node, MapReduce 2 or YARN was introduced to split the functionalities of JobTracker to specific daemons for resource management and job scheduling.

Comparison

If we see the diagram above, in previous versions of Hadoop, we had the cluster resource management layer tightly coupled and a part of the Mapreduce layer. In Hadoop 2.0, the we see a new layer Yet Another Resource Negotiator (YARN) has been introduced between Mapreduce and HDFS i.e. responsible for cluster resource management. 
To know the reason why this change was needed, let us first recap how it worked in Hadoop 1.0 understanding the downsides as well.


If you follow the figure above, in Hadoop 1.0 , the JobTracker is a part of the MapReduce framework which manages the MapReduce Jobs / Applications along with doing the cluster resource management. Every MapRed job is divided into a number of Map and Reduc…