Subject-wise Break-up of Marks for Admission Test for class VI, IX and XI:
We can employ programs like nikto or whatweb to collect additional data about the services operating on these ports. nikto -h 10.0.2.15 This instruction conducts a web system analysis and detects potential vulnerabilities in the HTTP process. Exploiting Vulnerabilities One of the vulnerabilities detected by nikto is a remote script execution vulnerability in the HTTP application. We can employ the exploit unit in Metasploit to leverage this vulnerability. msfconsole msf > use exploit/multi/http/tomcat_mgr_login msf > set RHOST 10.0.2.15 msf > set RPORT 80 msf > exploit This script tries to sign in to the Tomcat manager interface employing default logins. If victorious, it will offer us with a shell on the target device. Gaining Access
We can use instruments like nikto or whatweb to gather more data about the services functioning on these ports. nikto -h 10.0.2.15 This instruction performs a web server assessment and detects possible vulnerabilities in the HTTP service. Exploiting Vulnerabilities One of the vulnerabilities detected by nikto is a remote code execution vulnerability in the HTTP service. We can make use of the exploit module in Metasploit to leverage this vulnerability. msfconsole msf > use exploit/multi/http/tomcat_mgr_login msf > set RHOST 10.0.2.15 msf > set RPORT 80 msf > exploit This module attempts to sign in to the Tomcat manager interface employing default credentials. If successful, it will provide us with a shell on the target computer. Gaining Access
One PC with a compatible running OS (Win, Ubuntu, or Mac) VMware or VMware deployed The Target 3 VM instance image (available for acquisition from the main site) A basic knowledge of networking and penetration assessment ideas
All test papers will consist of 100 multiple choice objective type questions of one mark each.
We can employ programs like nikto or whatweb to collect additional data about the services operating on these ports. nikto -h 10.0.2.15 This instruction conducts a web system analysis and detects potential vulnerabilities in the HTTP process. Exploiting Vulnerabilities One of the vulnerabilities detected by nikto is a remote script execution vulnerability in the HTTP application. We can employ the exploit unit in Metasploit to leverage this vulnerability. msfconsole msf > use exploit/multi/http/tomcat_mgr_login msf > set RHOST 10.0.2.15 msf > set RPORT 80 msf > exploit This script tries to sign in to the Tomcat manager interface employing default logins. If victorious, it will offer us with a shell on the target device. Gaining Access
We can use instruments like nikto or whatweb to gather more data about the services functioning on these ports. nikto -h 10.0.2.15 This instruction performs a web server assessment and detects possible vulnerabilities in the HTTP service. Exploiting Vulnerabilities One of the vulnerabilities detected by nikto is a remote code execution vulnerability in the HTTP service. We can make use of the exploit module in Metasploit to leverage this vulnerability. msfconsole msf > use exploit/multi/http/tomcat_mgr_login msf > set RHOST 10.0.2.15 msf > set RPORT 80 msf > exploit This module attempts to sign in to the Tomcat manager interface employing default credentials. If successful, it will provide us with a shell on the target computer. Gaining Access metasploitable 3 windows walkthrough
One PC with a compatible running OS (Win, Ubuntu, or Mac) VMware or VMware deployed The Target 3 VM instance image (available for acquisition from the main site) A basic knowledge of networking and penetration assessment ideas We can employ programs like nikto or whatweb
