Welcome to Advent of Cyber 2021
クリスマスまでの25日間、毎日基本的な知識を学び、初心者向けの新しいセキュリティ演習を行うことで、サイバーセキュリティを始めることができます。
day10
攻撃者がどのようにしてネットワークに侵入するかを学びます。
nmapを使って、基本的なネットワークポートスキャンを実行できます。
┌──(kali㉿kali)-[~]
└─$ nmap -sT 10.10.16.140 -o nmap-log
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-12 12:44 JST
Answer
Help McSkidy and run nmap -sT MACHINE_IP. How many ports are open between 1 and 100?
2
What is the smallest port number that is open?
22
What is the service related to the highest port number you found in the first question?
http
Now run nmap -sS MACHINE_IP. Did you get the same results? (Y/N)
Y
If you want Nmap to detect the version info of the services installed, you can use nmap -sV MACHINE_IP. What is the version number of the web server?
Apache httpd 2.4.49
By checking the vulnerabilities related to the installed web server, you learn that there is a critical vulnerability that allows path traversal and remote code execution. Now you can tell McSkidy that Grinch Enterprises used this vulnerability. What is the CVE number of the vulnerability that was solved in version 2.4.51?
CVE-2021-42013
You are putting the pieces together and have a good idea of how your web server was exploited. McSkidy is suspicious that the attacker might have installed a backdoor. She asks you to check if there is some service listening on an uncommon port, i.e. outside the 1000 common ports that Nmap scans by default. She explains that adding -p1-65535 or -p- will scan all 65,535 TCP ports instead of only scanning the 1000 most common ports. What is the port number that appeared in the results now?
20212
What is the name of the program listening on the newly discovered port?
telnetd