Overview

Over the course of the final three labs, you will perform reconnaissance against a target, attack it, then analyze your attack from a defensive perspective in order to protect against it. Last week you performed reconnaissance against your target, identifying multiple running services, and even finding an existing vulnerability and exploit for one of them. Today you will get to attack the target; if ultimately successful, you will try to steal data, and potentially compromise passwords. Next week, we'll discuss how to defend against some of your actions today.

Below is an overview graphic of our operation.

Mission Status

Last week, you performed successful (active) reconnaissance against the target, utilizing ping, nmap, various open-source vulnerability databases, and possibly additional open-source research to identify vulnerabilites on the target. Among other valuable information, we determined the target was running a version of Linux (the kernel appears to be some version of 2.6, though nmap wasn't positive which precise version). In addition, we discovered the target is running a vulnerable version of FTP (vsftpd 2.3.4), and there is an existing Metasploit module to exploit that vulnerability.

Below are screenshots from previously running nmap -p21,22,23,53,80,443 -sV -O against the target machine.

Resources

You primarily will utilize Blackboard and the vSphere Client for this lab. You may also wish to review previous course lessons, such as File Systems and Hierarchies, Operating System Shells and Permissions, and Hashing, Passwords, and Authentication.