root
/
public
mirror of https://github.com/01-edu/public.git
8
9
Fork 0
Code Issues 2 Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5684 Commits
77 Branches
1 Tag
361 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
public/subjects/scan
riad nbou 6274747486
CON-1866 add VMs for UTM 		5 months ago
..
audit CON-1866 add VMs for UTM 5 months ago
README.md CON-1866 add VMs for UTM 5 months ago
scan1.png Update subjects 3 years ago
scan2.png Update subjects 3 years ago

README.md

scan

scan1

You're going to do like Trinity in the movie The Matrix Reloaded. Except that you're not going to turn off the electricity in a city, and you probably don't wear as much leather, but that's okay.

By design and by default, most network entities have a high discoverability.

Whatever your motivations for exploring a network (hacking, curiosity...), you generally proceed in this order :

  1. Scan a network to find hosts
  2. Scan a host to get information (hardware, OS & exposed services)

1. can be done by analyzing the link layer of Internet protocols, in particular ARP in order to gather MAC addresses (the identifier of a network interface, such as Wi-Fi or Ethernet cards).

2. is usually performed by analyzing the network and transport layers, in particular the IP & TCP protocols with the nmap tool.

For the context, when you open a website, here are the protocols involved, from the highest to lowest level (the protocols at the top depend on those at the bottom):

  • HTTP: application layer (website data) - messages
  • TLS: application layer ("lock" sign) - secure connection
  • TCP: transport layer (port number) - reliable connection
  • IP: network layer (IP address) - global communication
  • ARP: link layer (MAC address) - local communication

For this challenge, you will focus on IP, ARP & TCP, and therefore on IP/MAC addresses and ports.

You will need to add these 2 VMs:

For VirtualBox

For UTM

To perform your tasks you only need to use the two VMs.

You will only have control over "01_scan_laptop". A port forwarding is set on 10122 so you can connect through SSH, the password is a single space.

Your mission, should you choose to accept it, is to scan the network interface (enp0s8 for VirtualBox, enp0s1 for UTM) and find a way in the server "01_scan_RRF-CONTROL", you will know you have succeeded when you see :

RRF-CONTROL> █

Because the virtualized Network is very slow (10 Mbps, Ethernet is usually 1000 Mbps), expect long scan times :

  • ARP scanning takes up to 5 minutes
  • port scanning takes up to half an one hour with the option -T4 (even more without).

May the Fourth be with you.

scan2

Another depiction of the nmap tool: in Ocean's 8, Rihanna uses Kali Linux to steal a valuable diamond.

Same strategy, different styles