Hydra (https://github.com/vanhauser-thc/thc-hydra ) starting at 2022-08-29 05:06:15 [WARNING] Many SSH configurations limit the numbe r of...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
Hydra (https://github.com/vanhauser-thc/thc-hydra ) starting at 2022-08-29 05:06:15 [WARNING] Many SSH configurations limit the numbe r of parallel tasks, it is recommended to reduce the tasks: use -t 4 [WARNING] Restorefile (you have 10 seconds to abo rt... (use option -I to skip waiting)) from a pre vious session found, to prevent overwriting, ./hy dra.restore [DATA] max 1 task per 1 server, overall 1 task, 1 login try (1:1/p:1), ~1 try per task [DATA] attacking ssh://10.10.218.7:22/ [22][ssh] host: 10.10.218.7 rd: armando login: jan passwo 1 of 1 target successfully completed, 1 valid pas sword found Hydra (https://github.com/vanhauser-thc/thc-hydra ) finished at 2022-08-29 05:06:26 root@kali:~# root@kali:~# nmap -sV 10.10.218.7 Starting Nmap 7.80 ( https://nmap.org) at 2022-08-29 03:53 UTC Stats: 0:02:22 elapsed; hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 66.67% done; ETC: 03:56 (0:01:11 remaining) Nmap scan report for ip-10-10-218-7.eu-west-1.compute.internal (10.10.218.7) Host is up (0.00089s latency). Not shown: 994 closed ports PORT 22/tcp .0) STATE SERVICE open ssh open http 80/tcp VERSION OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2 Apache httpd 2.4.18 (Ubuntu)) 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 445/tcp open 8009/tcp open ajp13? 8080/tcp open http-proxy? MAC Address: 02:8F:96:8F:27:B9 (Unknown) Service Info: Host: BASIC2; OS: Linux; CPE: cpe:/o: linux: linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org /submit/ . Nmap done: 1 IP address (1 host up) scanned in 199.98 seconds root@kali:~# START_TIME: Mon Aug 29 04:00:48 2022 URL_BASE: http://10.10.218.7/ WORDLIST_FILES: /usr/share/dirb/wordlist s/common.txt metasploit framework Burpsuite GENERATED WORDS: 4612 Scanning URL: http://10.10.218.7/ Home hashcat DIRECTORY: http://10.10.218.7/develo pment/ + http://10.10.218.7/index.html (CODE:20 0|SIZE:158) + http://10.10.218.7/server-status (CODE :403|SIZE:299) Entering directory: http://10.10.21 8.7/development/ (!) WARNING: Directory IS LISTABLE. No n eed to scan it. (Use mode '-w' if you want to scan i t anyway) PEASS END_TIME: Mon Aug 29 04:00:51 2022 DOWNLOADED: 4612 - FOUND: 2 root@kali:~# [I] Found new SID: S-1-5-32 [+] Enumerating users using SID S-1-22-1 and logon username S-1-22-1-1000 Unix User\kay (Local User) S-1-22-1-1001 Unix User\jan (Local User) [+] Enumerating users using SID S-1-5-21-2853212168- 2008227510-3551253869 and logon username d " passwor S-1-5-21-2853212168-2008227510-3551253869-500 *unkno unknown+ (8) 1 password What is the name of the hidden directory on the web server(enter name without/)? development User brute-forcing to find the username & password No answer needed What is the username? jan What is the password? armando What service do you use to access the server(answer in abbreviation in all caps)? SSH Security Weaknesses Outdated services Weak Passwords No Account Lockout Hydra (https://github.com/vanhauser-thc/thc-hydra ) starting at 2022-08-29 05:06:15 [WARNING] Many SSH configurations limit the numbe r of parallel tasks, it is recommended to reduce the tasks: use -t 4 [WARNING] Restorefile (you have 10 seconds to abo rt... (use option -I to skip waiting)) from a pre vious session found, to prevent overwriting, ./hy dra.restore [DATA] max 1 task per 1 server, overall 1 task, 1 login try (1:1/p:1), ~1 try per task [DATA] attacking ssh://10.10.218.7:22/ [22][ssh] host: 10.10.218.7 rd: armando login: jan passwo 1 of 1 target successfully completed, 1 valid pas sword found Hydra (https://github.com/vanhauser-thc/thc-hydra ) finished at 2022-08-29 05:06:26 root@kali:~# root@kali:~# nmap -sV 10.10.218.7 Starting Nmap 7.80 ( https://nmap.org) at 2022-08-29 03:53 UTC Stats: 0:02:22 elapsed; hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 66.67% done; ETC: 03:56 (0:01:11 remaining) Nmap scan report for ip-10-10-218-7.eu-west-1.compute.internal (10.10.218.7) Host is up (0.00089s latency). Not shown: 994 closed ports PORT 22/tcp .0) STATE SERVICE open ssh open http 80/tcp VERSION OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2 Apache httpd 2.4.18 (Ubuntu)) 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 445/tcp open 8009/tcp open ajp13? 8080/tcp open http-proxy? MAC Address: 02:8F:96:8F:27:B9 (Unknown) Service Info: Host: BASIC2; OS: Linux; CPE: cpe:/o: linux: linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org /submit/ . Nmap done: 1 IP address (1 host up) scanned in 199.98 seconds root@kali:~# START_TIME: Mon Aug 29 04:00:48 2022 URL_BASE: http://10.10.218.7/ WORDLIST_FILES: /usr/share/dirb/wordlist s/common.txt metasploit framework Burpsuite GENERATED WORDS: 4612 Scanning URL: http://10.10.218.7/ Home hashcat DIRECTORY: http://10.10.218.7/develo pment/ + http://10.10.218.7/index.html (CODE:20 0|SIZE:158) + http://10.10.218.7/server-status (CODE :403|SIZE:299) Entering directory: http://10.10.21 8.7/development/ (!) WARNING: Directory IS LISTABLE. No n eed to scan it. (Use mode '-w' if you want to scan i t anyway) PEASS END_TIME: Mon Aug 29 04:00:51 2022 DOWNLOADED: 4612 - FOUND: 2 root@kali:~# [I] Found new SID: S-1-5-32 [+] Enumerating users using SID S-1-22-1 and logon username S-1-22-1-1000 Unix User\kay (Local User) S-1-22-1-1001 Unix User\jan (Local User) [+] Enumerating users using SID S-1-5-21-2853212168- 2008227510-3551253869 and logon username d " passwor S-1-5-21-2853212168-2008227510-3551253869-500 *unkno unknown+ (8) 1 password What is the name of the hidden directory on the web server(enter name without/)? development User brute-forcing to find the username & password No answer needed What is the username? jan What is the password? armando What service do you use to access the server(answer in abbreviation in all caps)? SSH Security Weaknesses Outdated services Weak Passwords No Account Lockout
Expert Answer:
Posted Date:
Students also viewed these computer network questions
-
Tobi owns a perpetuity that will pay $1,500 a year, starting one year from now. He offers to sell you all the payments remaining after the first 25 payments have been paid. What price should you...
-
The following additional information is available for the Dr. Ivan and Irene Incisor family from Chapters 1-5. Ivan's grandfather died and left a portfolio of municipal bonds. In 2012, they pay Ivan...
-
15. Consider the following regular expression: [az]+((-|_) [az]+){0,1}(\. [0-9]*)? Briefly explain why each of the strings from the following set that would or would not be matched by the above...
-
Doug Robinson and Dante are considering the possibility of opening their own manufacturing facility. They expect first-year sales to be $800,000, and they feel that their variable costs will be...
-
Define the following terms: a. Assets b. Liabilities c. Equity d. Revenue e. Expense
-
Gold can be dissolved from gold-bearing rock by treating the rock with sodium cyanide in the presence of oxygen. (a) Name the oxidizing and reducing agents in this reaction. What has been oxidized,...
-
Explain why it is important to have a goal before making investments.
-
Lebo Hardware reported cost of goods sold as follows. Lebo made two errors: (1) 2010 ending inventory was overstated $3,000, and (2) 2011 ending inventory was understated $6,000.InstructionsCompute...
-
Wk 4 - Apply: Test [due Day 7] Saved LO Bouwens Corporation manufactures a solvent used In airplane maintenance shops. Bouwens sells the solvent to both U.S. military services and commercial...
-
Nieto Company's budgeted sales and direct materials purchases are as follows. Budgeted Sales Budgeted D.M. Purchases January $237,000 February March 251,400 336,600 $36,500 39,800 41,500 Nieto's...
-
You are given the following total return data for a fund and relevant indices: Year 1 Year 2 Year 3 Index Fund Index Fund Index Fund Equities +31% +35% 2% +2% +24% +26% Fixed Interest Bonds +14% +13%...
-
Horizontal and Vertical Analysis Plato Clothing Company specializes in selling apparel for special occasions. In 2 0 2 2 and 2 0 2 3 , Plato s account balances were as follows: 2 0 2 3 2 0 2 2...
-
your friend Kathryn is an extremely competitive cyclist. She wants to be sure that she's biking more kilometers than the average racing in the area. She takes random sample of other cyclist in area...
-
a. Calculate IRR's for A and B. b. Which project does the IRR rule suggest is best? Consider two mutually exclusive projects A and B: Cash Flows (dollars) Project Co C C NPV at 12% A -35,500 25,400...
-
3. (4 marks) A farmer wants to fence in a rectangular field. The farmer must use a different type of fencing for each pair of parallel sides of the field. One type costs $10 per metre, and the other...
-
Suppose the market demand for ethanol is QD = 60-5P and market supply of ethanol is QS = 20+15P. If the government institutes a price ceiling of $1.40, what is the effect on economic efficiency? The...
-
In Exercises 1-2, rewrite each verbal statement as an equation. Then decide whether the statement is true or false. Justify your answer. 1. The logarithm of the difference of two numbers is equal to...
-
Which statement is false? a. Significant deficiencies need only be reported to the BOD. b. Material deficiencies must be publicly reported. c. The most common area of material weaknesses has been...
-
According to the SEC, which is not a sign of a possible fraudulent company a. Insiders having greater than 50 percent control of the BOD. b. CEO also being chairman of the BOD. c. CEO being the...
-
Prepare a one-hour action pack T.V. episode with the main character a forensic accountant or auditor. The main character should be called Dane Striker or Sloane Striker. Your project can include a...
Study smarter with the SolutionInn App