Infiltration
What will be an ideal response?
Step 1. Crack the passwords using John the Ripper.
John the Ripper is a tool used to find weak passwords of users. In this step, you will use John
the Ripper to crack weak passwords.
a. From the Kali VM root prompt, verify that the shadow file is in the /root folder on Kali
VM.
b. At the root prompt on Kali VM, enter the john command to crack the passwords. Use
the show option to view cracked passwords reliably.
Note: The password cyberops was added to the /usr/share/john/password.lst file to speed up the
password cracking process.
```
root@kali:~# john --show /root/shadow.txt
analyst:cyberops:17338:0:99999:7:::
1 password hash cracked, 7 left
```
After you have cracked the password for the user analyst, you can access Metasploit-
able via SSH using the login name analyst.
Step 2. Find the targeted host.
In this step, you will use different commands to find the IP address of a possible host on the
internal network behind the DMZ.
a. Establish an SSH session to the Metasploitable VM. E nter yes to accept the RSA digi-
tal signature when connecting for the first time. Connection may take a few moments.
Enter cyberops as the password when prompted.
```
root@kali:~# ssh analyst@209.165.200.235
analyst@209.165.200.235's password:
```
b. Verify that you have root access to Metasploitable. Enter the su -l myroot at the
prompt. Notice that the prompt has changed from analyst@metasploitable to root@
metasploitable.
```
analyst@metasploitable:~$ su -l myroot
root@metasploitable:~#
```
c. Display the /etc/shadow file.
```
root@metasploitable:~# cat /etc/shadow
```
d. Enter exit at the prompt to return to the access privileges of the user analyst.
e. Now display the /etc/shadow file as analyst.
```
analyst@metasploitable:~$ cat /etc/shadow
```
Why did you receive an error message? Record the message and explain.
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
The error message is cat /etc/shadow: Permission denied. Because the /etc/shadow file
is only readable by the owner root and user in the group shadow, the user analyst does
not have the permission to read the file as indicated by the ls -l /etc/shadow command.
It can be read by the user myroot because myroot has root privileges.
f. Enter ifconfig to list all the network interfaces on Metasploitable.
```
analyst@metasploitable:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:ab:84:07
inet addr:209.165.200.235 Bcast:209.165.200.255
Mask:255.255.255.224
inet6 addr: fe80::a00:27ff:feab:8407/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1610 errors:0 dropped:0 overruns:0 frame:0
TX packets:1550 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:117030 (114.2 KB) TX bytes:123570 (120.6 KB)
Interrupt:10 Base address:0xd020
You might also like to view...
All node pointers that do not point to other nodes are set to
a. the root of the tree b. a parent node c. their leftmost child node d. a null pointer e. None of these
Which of the following events does not occur when a plug-and-play device is attached to a computer?
a) The device uniquely identifies itself to the operating system. b) The device indicates to the operating system the resources and services it requires to function properly. c) The device identifies the driver it requires to function. d) The device notifies the user that it is ready to use.
Because the number of entries in a node varies up to a specified maximum, the best structure in which to store them is a linked list.
Answer the following statement true (T) or false (F)
Which of the following is the default documents directory in Windows 7?
A. C:\Windows\%username%\Documents B. C:\Users\%username%\My Documents C. C:\Documents and Settings\%username%\My Documents D. C:\%username%\Documents