83 lines
No EOL
3.2 KiB
TeX
83 lines
No EOL
3.2 KiB
TeX
\documentclass[12pt]{scrartcl}
|
|
\usepackage[T1]{fontenc}
|
|
\usepackage{tgpagella}
|
|
\usepackage{xcolor}
|
|
\usepackage{ulem}
|
|
\usepackage[head=24pt]{geometry}
|
|
\usepackage{scrlayer-scrpage}
|
|
\usepackage{setspace}
|
|
\usepackage{array}
|
|
\usepackage{graphicx}
|
|
\usepackage{hyperref}
|
|
|
|
\geometry{letterpaper}
|
|
|
|
\hypersetup{
|
|
colorlinks=true,
|
|
linkcolor=blue,
|
|
filecolor=magenta,
|
|
urlcolor=isaac-red,
|
|
pdftitle={F25IEC\_HW2\_Greene\_Isaac},
|
|
pdfauthor={Isaac Greene},
|
|
pdfpagemode=FullScreen
|
|
}
|
|
\urlstyle{same}
|
|
|
|
|
|
\definecolor{isaac-red}{HTML}{C52947}
|
|
\definecolor{isaac-blue}{HTML}{0E4385}
|
|
|
|
\clearpairofpagestyles
|
|
|
|
\setkomafont{subsubsection}{\usefont{T1}{qpl}{b}{n}}
|
|
\setkomafont{subsection}{\usefont{T1}{qpl}{m}{n}\large}
|
|
\setkomafont{section}{\usefont{T1}{qpl}{b}{n}\Large}
|
|
\setkomafont{part}{\usefont{T1}{qpl}{b}{n}\LARGE}
|
|
|
|
\setlength{\parindent}{12pt}
|
|
\setlength{\parskip}{0pt}
|
|
\doublespacing
|
|
|
|
\title{\Large Isaacal Media Risk Assessment}
|
|
\author{\normalsize Isaac Greene}
|
|
\date{\normalsize October 5, 2025}
|
|
|
|
\lohead{F25IEC\_HW2\_Greene\_Isaac}
|
|
\lofoot{\begin{spacing}{1}No AI used <\href{http://ig7.us/ai}{ig7.us/ai}>. Built with \LaTeX.\\Work available under the Esoteric Common License <\href{http://ig7.us/license}{ig7.us/license}>.\end{spacing}}
|
|
\ohead*{\pagemark}
|
|
|
|
\begin{document}
|
|
\part*{CIS258 Lab 1}
|
|
|
|
\section{Questions}
|
|
\subsection{What is your eth0 (Ethernet) IP address?}
|
|
\texttt{10.1.1.116} and \texttt{fe80::a00:27ff:fe51:ec05}
|
|
\subsection{Why is it important to know your own IP address in penetration testing?}
|
|
This way you can know what information a potential victim receives, and how to mitigate
|
|
\subsection{How many live hosts detected?}
|
|
Scanned 256 IP addresses, 26 hosts up
|
|
\subsection{Which ports are open on 10.1.1.134?}
|
|
Port 21 for File Transfer Protocol, port 22 for Secure Shell, and port 80 for HyperText Transfer Protocol
|
|
\subsection{Why do different hosts have different open ports?}
|
|
Different hosts are running different services
|
|
\subsection{What version of ProFTPD is running on the target machine?}
|
|
It is running version 1.3.3c
|
|
\subsection{What other services are running on this host?}
|
|
OpenSSH, and Apache HTTPd
|
|
\subsection{What types of vulnerabilities are associated with ProFTPD 1.3.3c?}
|
|
Backdoor remote code execution
|
|
\subsection{Why do we look for known exploits instead of writing new ones?}
|
|
We can automate pentesting with available tools
|
|
\subsection{What is the name of the exploit module found?}
|
|
exploit/unix/ftp/proftpd\_133c\_backdoor
|
|
\subsection{What is the disclosed date of this exploit?}
|
|
December 2nd, 2010
|
|
\subsection{What does a reverse shell do?}
|
|
A reverse shell connects the target back to the host allowing remote code execution
|
|
\subsection{How would you confirm whether you have root access on the target system?}
|
|
Change directory to /root or other privileged location, or run \texttt{who}
|
|
\subsection{What is root access, and how does it differ from regular user access?}
|
|
A root user has privileged access to the system. They can run all commands and edit all files. A regular user can run commands at their access level and edit files in their directory
|
|
\subsection{What are the possible next steps after gaining a shell?}
|
|
Depends on the motive behind the attack, but mine was to remove all files with \texttt{rm -rf -{}-no-preserve-root /}
|
|
\end{document} |