Question

In: Computer Science

SETUP Before you begin, we'll need to start the Icecast server to emulate the CEO's computer....

SETUP

Before you begin, we'll need to start the Icecast server to emulate the CEO's computer.

  • Log onto the DVW10 machine (credentials IEUser:Passw0rd! ) and wait for the Icecast application to popup.
  • Then click Start Server.

Reminders

  • A penetration tester's job is not just to gain access and find a file. Pentesters need to find all vulnerabilities, and document and report them to the client. It's quite possible that the CEO's workstation has multiple vulnerabilities.
  • If a specific exploit doesn't work, that doesn't necessarily mean that the target service isn't vulnerable. It's possible that something could be wrong with the exploit script itself. Remember, not all exploit scripts are right for every situation.

Scope

  • The scope of this engagement is limited to the CEO's workstation only. You are not permitted to scan any other IP addresses or exploit anything other than the CEO's IP address.
  • The CEO has a busy schedule and cannot have the computer offline for an extended period of time. Therefore, denial of service and brute force attacks is prohibited.
  • After you gain access to the CEO’s computer, you may read and access any file, but you cannot delete them. Nor are you allowed to make any configurations changes to the computer.
  • Since you've already been provided access to the network, OSINT won't be necessary.

For this week's homework, please use the following VM setup:

Attacking machine: Kali Linux root:toor

Target machine: DVW10 IEUser:Passw0rd!

NOTE: You will need to login to the DVW10 VM and start the icecast service prior to beginning this activity using the following procedure:

After logging into DVW10, type "icecast" in the Cortana search box and hit Enter.

The icecast application will launch.

Click on Start Server.

You are now ready to being the activity.

Once you complete this assignment, submit your findings in the following document:

Report.docx

You've been provided full access to the network and are getting ping responses from the CEO’s

workstation.

1. Perform a service and version scan using Nmap to determine which services are up and

running:

Run the Nmap command that performs a service and version scan against the target.

Answer:

2. From the previous step, we see that the Icecast service is running. Let's start by attacking

that service. Search for any Icecast exploits:

Lab Environment

Deliverable

Instructions

Run the SearchSploit commands to show available Icecast exploits.

Answer:

3. Now that we know which exploits are available to us, let's start Metasploit:

Run the command that starts Metasploit:

Answer:

4. Search for the Icecast module and load it for use.

Run the command to search for the Icecast module:

Answer:

Run the command to use the Icecast module:

Note: Instead of copying the entire path to the module, you can use the number in

front of it.

Answer:

5. Set the RHOST to the target machine.

Run the command that sets the RHOST :

Answer:

6. Run the Icecast exploit.

Run the command that runs the Icecast exploit.

Answer:

Run the command that performs a search for the secretfile.txt on the target.

Answer:

1. You should now have a Meterpreter session open.

Run the command to performs a search for the recipe.txt on the target:

Answer:

Bonus: Run the command that exfiltrates the recipe*.txt file:

Answer:

7. You can also use Meterpreter's local exploit suggester to find possible exploits.

Note: The exploit suggester is just that: a suggestion. Keep in mind that the listed

suggestions may not include all available exploits.

A. Run a Meterpreter post script that enumerates all logged on users.

Answer:

B. Open a Meterpreter shell and gather system information for the target.

Answer:

C. Run the command that displays the target's computer system information:

Answer:

Solutions

Expert Solution

Answer 6
***************

Exploit not run because it may have been fixed in the latest version of Icecast as this exploit was found in 2014.

Other answers are not able to give because the exploit is not working in the Icecast 2.4.4 latest version.

Thanks


Related Solutions

Serena's average serve is about 120 mph! Before you begin you will need to convert that...
Serena's average serve is about 120 mph! Before you begin you will need to convert that to meters per second. It takes the eye about 100 milliseconds to tell the brain it's looking at the ball. By the time the opposing player is ready to react, she only has 400 milliseconds to do so. 1-According to the Sport Science Video on Serena's serve, how long does it take for the eye to pick up the ball once she hits the...
Web Server is the computer that stores Web Server Software and Website. If you are running...
Web Server is the computer that stores Web Server Software and Website. If you are running some service like Food Panda which type of Hosting Server will be used. Answer your question by discussion and comparison of different types of web hosting? If you have low budget so what will be the best possible hosting plan in this situation? Justify your answer by logical reasoning.
Before you start analysing the firm's financial statements, you will need to obtain industry averages for...
Before you start analysing the firm's financial statements, you will need to obtain industry averages for each of the standard financial statement ratios. They are provided below. 2019 2020 2021 Industry Averages Profitability Ratios Return on equity 21.3% 21.2% 19.6% 22.0% Return on Capital employed 12.9% 13.5% 13.5% 12.8% Operating Profit Margin 14.7% 18.2% 23.0% 14.4% Gross Profit Margin 54.7% 52.0% 49.3% 44.8% Efficiency Ratios Average Inventory Turnover period 79.8 83.3 93.0 78.8 Average settlement period for Accounts Receivable 28.0...
a) You have installed the DNS server role on a computer running Windows Server 2016 and...
a) You have installed the DNS server role on a computer running Windows Server 2016 and in the process of configuring forward/reverse lookups. Explain the difference between “ping www.google.com” and “ping the IP address of Google server at 172.217.167.68”. You may want to try both and observe any differences. Your answer should include your explanation, as well as screenshots. [5 Marks] b) Network administrators warn against configuring a file server to use DHCP. Explain what would happen if a file...
a) You have installed the DNS server role on a computer running Windows Server 2016 and...
a) You have installed the DNS server role on a computer running Windows Server 2016 and in the process of configuring forward/reverse lookups. Explain the difference between “ping www.google.com” and “ping the IP address of Google server at 172.217.167.68”. You may want to try both and observe any differences. Your answer should include your explanation, as well as screenshots. b) Network administrators warn against configuring a file server to use DHCP. Explain what would happen if a file server was...
a) You have installed the DNS server role on a computer running Windows Server 2016 and...
a) You have installed the DNS server role on a computer running Windows Server 2016 and in the process of configuring forward/reverse lookups. Explain the difference between “ping www.google.com” and “ping the IP address of Google server at 172.217.167.68”. You may want to try both and observe any differences. Your answer should include your explanation, as well as screenshots.
You are looking to start a business after you inherited a rolling setup, like the one...
You are looking to start a business after you inherited a rolling setup, like the one from problem 2. You did a test run and measured P = 250kW, you will use this next. Also, you call you local power provider in Colorado and fin that the energy cost is 11.2 cents/kWh. From a metal producer, you can buy 3/8” thick by 12” wide 6061 aluminum in 36 ft lengths. These are delivered to your warehouse at a cost of...
in python please! Couple of lists you need before we start baking material_list = ['onion', 'egg',...
in python please! Couple of lists you need before we start baking material_list = ['onion', 'egg', 'cucumber', 'eggplant', 'pasta', 'tomato','butter','rice','garlic','snail'] R_eggsouffle = ["egg", "milk", "butter"] R_escargot = ["snail",'garlic','wine','butter'] R_FriedRice_v1 = ["onion", 'rice', 'egg'] ​ We want to check if our material can make any of these recipes Part A The objective here is to make a function that checks - if your ingredients can make eggsouffle, escargot, FriedRice_v1 or not Basically, if we pass down the recipe name into a...
Companies utilizing technology need to develop and select and implement hardware (server, computer, routers, etc.). Please...
Companies utilizing technology need to develop and select and implement hardware (server, computer, routers, etc.). Please complete a 500-word paper on your thoughts about how Hardware Management Plans are used. Explain what a hardware plan is. What role does that plan play into planning, control, coordination, and decision-making n business today? How will this hardware plan help a company succeed?
BEFORE YOU START: Before working on this assignment you should have completed Assignment 1. PROGRAM STATEMENT...
BEFORE YOU START: Before working on this assignment you should have completed Assignment 1. PROGRAM STATEMENT AND REQUIREMENTS: You will implement in Java the WIFI troubleshooting program you created in Assignment 1 with the following additional conditions: At the end of the program, you will ask if the client wants to purchase a regular router for $50 or a super high-speed router for $200, adding the cost to the total amount the client needs to pay. Once your program calculates...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT