4.2 Target 1
We initially used Nmap to scan for open ports on target 1. We found that SSH, RPCBind, and X11 were the only open protocols that had open ports assigned to them. Initially, we had found a username enumeration attack in Metasploit that we wanted to try, so we used the most common first names in America and after about an hour we found that one user on the machine had a username of “betsy”. We then tried looking for more exploits and vulnerabilities by scanning the server with OpenVAS, but came up with nothing. We then attempted every attack on X11, SSH, and RPCBind possible on the server from the exploits saved in Metasploit, but none of those worked either. We then attempted manual X11 attacks on the server involving xhost, but these always came back with an informational string notifying us that our access was denied. Finally, after struggling, we resolved to brute force SSH with the 10,000 most common passwords and the “betsy” username. This failed as well.