Descarga la aplicación para disfrutar aún más
Vista previa del material en texto
Cuestionarios. Ejercicio 1. #1 What distribution of Linux is being used on this machine? Kali #2 What is the MD5 hash of the apache access.log? d41d8cd98f00b204e9800998ecf8427e #3 It is believed that a credential dumping tool was downloaded? What is the file name of the download? Si, mimikatz #4 There was a super-secret file created. What is the absolute path? root/Desktop/SuperSecretFile.txt #5 What program used didyouthinkwedmakeiteasy.jpg during execution? binwalk #6 What is the third goal from the checklist Karen created? Beneficio económico #7 How many times was apache run? Ninguna #8 It is believed this machine was used to attack another. What file proves this? fisrtscrip_fixed #9 Within the Documents file path, it is believed that Karen was taunting a fellow computer expert through a bash script. Who was Karen taunting? Bob #10 A user su'd to root at 11:26 multiple times. Who was it? Karen #11 Based on the bash history, what is the current working directory? Myfisrthack Ejercicio 2. #1 What is the system timezone? GMT-4 #2 Who was the last user to log in to the system? CRON #3 What was the source port the user 'mail' connected from? 67 #4 How long was the last session for user 'mail'? (Minutes only) 60 minutes #5 Which server service did the last user use to log in to the system? DHCP #6 What type of authentication attack was performed against the target machine? #7 How many IP addresses are listed in the '/var/log/lastlog' file? 192.168.210.131 192.168.56.101 #8 How many users have a login shell? George Wu, Peter Tobias #9 What is the password of the mail user? php #10 Which user account was created by the attacker? webadmin #11 How many user groups exist on the machine? 45 #12 How many users have sudo access? 2 #13 What is the home directory of the PHP user? #14 What command did the attacker use to gain root privilege? (Answer contains two spaces). Sudo su #15 Which file did the user 'root' delete? r00t.blend #16 Recover the deleted file, open it and extract the exploit author name. #17 What is the content management system (CMS) installed on the machine? Drupal #18 What is the version of the CMS installed on the machine? 7 #19 Which port was listening to receive the attacker's reverse shell? 67 2
Compartir