In this lab, we will use security utilities provided with Kali Linux to conduct a risk assessment. The lab provides a subnetwork of Linux and Windows servers to provide a complete VPC for exercising the Kali Linux utilities.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Access the Kali Linux System
Establish a session to the Kali Linux system:
ssh cloud_user@<KALI_LINUX_PUBLIC_IP>Change to superuser:
su -
- Identify the Address Assigned to the Ethernet Controller
Query the ethernet configuration on the Kali Linux server:
ifconfigMake note of the IP address assigned to the primary ethernet controller.
- Use the `nmap` Command to Explore the Subnet
Use the
nmaputility to explore the ports open on the subnetwork.For help with
nmapcommands:nmap -hTo scan a series or range of subnet private IP addresses:
nmap -sn 10.0.1.1-255To try other flags to speed the port scanning process:
nmap -T4 -Pn -n -p- --min-parallelism 50 to 100 -vv 10.0.1.1-255 --max-retries 0 or 1- Use the hping3 Utility to Analyze a Single Host
Use the hping3 to scan a certain host on the subnet:
hping3 -1 <INTERNAL_IP_ADDRESS_OF_HOST>Note: You may obtain the internal IP address of the host from the lab interface, the output from an
nmapcommand, or the AWS dashboard.- Use `nslookup` to Explore the Nameserver Configuration of Various Hosts
Use
nslookupto explore the A record on google.com:nslookup > google.comUse
nslookupto look at MX records on google.comnslookup > set q=MX > google.comUse
nslookupto interrogate other address types:nslookup > set type=any > google.com- Use the dig Tool to Attempt a Domain Zone Transfer
The syntax for the
digcommand is:dig axfr [domain host] [IP Address To Transfer To]- Use `finger` to Determine Which Users Are Logged into Any Given Host
Use the
fingercommand to see who is logged in on a host:fingerOr:
finger -s root
