Skip to content

5063CEM: Practical Pen Testing

Scanning Lab Task

5063CEM: Practical Pen Testing

Home
Essentials
Essentials
Assessment
Assessment
- Overview
- CW1
- CW2
Guides
Guides
0x01: What is Pentesting?
0x01: What is Pentesting?
- Module Overview
- Lecture Materials
  Lecture Materials
- Lab Tasks
  Lab Tasks
  - Hacking Lab
  - Trainer Videos
0x02: The Petest Process
0x02: The Petest Process
- Lecture Materials
  Lecture Materials
- Lab Tasks
  Lab Tasks
  - Lab
0x03: Shells, talking to a server
0x03: Shells, talking to a server
- Materials
  Materials
  - Shells
  - Remote Shells
  - SSH
  - Netcat
  - RCE
  - Web Shells
- Lab Tasks
  Lab Tasks
0x04: Reconnaissance
0x04: Reconnaissance
- Materials
  Materials
- Lab Tasks
  Lab Tasks
  - Lab Lab
    Table of contents
    
    Instructions
    
    Starting Targets
    
    Stopping Targets
    
    Targets
    
    Target 1:
    
    Target 2:
    
    Target 3:
    
    Target 4:
0x05 Privileges and Permisions
0x05 Privileges and Permisions
- Videos
- Materials
  Materials
  - Privilege Escalation
  - Linux Permissions Intro
  - Windows Permissions Intro
  - Linux: ACLs
  - Legitimately Elevating Privileges
    Legitimately Elevating Privileges
    
    Sudo
    
    Sudo Walkthrough
    
    SUID
    
    SUID Walkthrogh
    
    Capabilities
    
    Capabilities Walkthrough
0x06 Linux System Eunumeration
0x06 Linux System Eunumeration
0x07 Remote Code Execution, and Deserialisation
0x07 Remote Code Execution, and Deserialisation
- Materials
  Materials
- Lab
  Lab
  - Lab
0x08 More SQL Injection
0x08 More SQL Injection
- Videos
- Materials
  Materials
- Lab
  Lab
  - Lab
0x09 Overflows 1
0x09 Overflows 1
- Introduction

Scanning: Lab Task

Several Targets to scan in the Github Repo

Use namp to identify

Services running
Ports running on
Version numbers

Instructions

Starting Targets

Each of the targets is its own docker compose file.

In one terminal window navigate to the folder of the target you wish to work with
Start the stack with sudo docker-compose up
- This builds the stack and starts the processes. It means that you will now get debugging information in this terminal
Open A SECOND TERMNINAL WINDOW.
Use Nmap in there.

Stopping Targets

In the window you used to run docker-compose
Stop the service with CTRL-C
Clean up with sudo docker-compose down

Targets

Target 1:

Services on Standard Ports

Target 2:

Services on non standard ports

Target 3:

Once you have identified the services try using NSE to detect a possible vulnerbility

Target 4:

This machine also has a well known vulnerbility. Use NSE to find it, then search for a relevant off the shelf exploit.