Previously, we saw mcsysadmin learning the basics of Linux. With the on-going crisis, McElferson has been very impressed and is looking to push mcsysadmin to the security team. One of the first things they have to do is look at some strange machines that they found on their network.
Check out the supporting material here.
#1 How many TCP ports under 1000 are open?
1sudo nmap -sT -p-1000 10.10.199.1562"3" ports
#2 What is the name of the OS of the host?
1sudo nmap -A -p- -vv -oN nmapScanSkillingUp.txt 10.10.199.1562cat nmapScanSkillingUp.txt | grep "OS"3"linux"
#3 What version of SSH is running?
1sudo nmap -A -p- -vv -oN nmapScanSkillingUp.txt 10.10.199.1562cat nmapScanSkillingUp.txt | grep "SSH"3Host is up (0.065s latency).4Not shown: 65531 closed ports5PORT STATE SERVICE VERSION622/tcp open ssh "OpenSSH 7.4" (protocol 2.0)7111/tcp open rpcbind 2-4 (RPC #100000)8999/tcp open http SimpleHTTPServer 0.6 (Python 3.6.8)939239/tcp open status 1 (RPC #100024)
#4 What is the name of the file that is accessible on the server you found running?
1sudo nmap -sT -p-1000 10.10.199.1562Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-05 17:17 EDT3Nmap scan report for 10.10.199.1564Host is up (0.097s latency).5Not shown: 997 closed ports6PORT STATE SERVICE722/tcp open ssh8111/tcp open rpcbind9999/tcp open garcon1011wget http://10.10.199.156:99912"interesting.file"
