# Ethical Hacking Scenario: Operation Phoenix: A Journey to Begin

Welcome to our comprehensive guide on manual enumeration techniques for cybersecurity. Our story follows a skilled hacker, Wynx, as she navigates the digital landscape of "Operation Phoenix," an ethical hacking operation conducted by Hydra, the elite cybersecurity team. Through her journey, Wynx uses various Linux commands to gather information and uncover vulnerabilities.

## 1. Setting the Stage: The Hostname

### Command: `hostname`
```bash
hostname
```
This command reveals the hostname of the target machine. The hostname is the unique identifier assigned to the system on a network. Knowing the hostname can help in network reconnaissance and can sometimes reveal useful information about the target's role or function within the network.

In [None]:
!hostname

50dbe19cd34f


Executing !hostname in Google Colab returns a string of characters like "58fc39a04e6b", which is the hostname of the virtual machine running the code. This string serves as a unique identifier for the virtual machine instance. In a normal Linux system the command will return the hostname of the machine, which is typically set during the system configuration. The hostname could be something like "mycomputer" or "example.com", depending on how the system administrator has configured it. It's usually a user-friendly name rather than a randomly generated string like in the case of Google Colab.

### Exercise 1: Verify the Hostname

Run the `hostname` command on your own machine. What is the hostname of your computer?

## 2. Understanding the System: Kernel Information

### Command: `uname -a`
```bash
uname -a
```
The `uname -a` command provides comprehensive information about the system, including the kernel version, machine hardware name, processor type, and operating system. This information is crucial for identifying potential kernel vulnerabilities that could be exploited.

In [None]:
!uname -a

Linux 50dbe19cd34f 6.1.85+ #1 SMP PREEMPT_DYNAMIC Sun Apr 28 14:29:16 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux


The command uname -a is a Unix/Linux command that retrieves system information about the operating system.

1. Kernel Version: "6.1.85+ #1 SMP PREEMPT_DYNAMIC" - This indicates the version of the Linux kernel running on the system. The kernel is the core component of the operating system responsible for managing system resources and facilitating communication between software and hardware.

2. System Time: "Sun Apr 28 14:29:16 UTC 2024" - This specifies the date and time when the kernel was built or when the system was last booted. In this case, the system was last booted on Sunday, April 28, 2024, at 14:29:16 UTC.

3. Architecture: "x86_64 x86_64 x86_64" - This indicates the system architecture, which is x86_64. It means that the system is capable of running 64-bit software. The repetition of "x86_64" suggests that the system has multiple CPUs or CPU cores, all of which are 64-bit capable.

4. Operating System: "GNU/Linux" - This specifies the operating system type. In this case, it's a Linux-based operating system.

## 3. Who Am I?

### Command: `whoami`
```bash
whoami
```
The `whoami` command simply returns the username of the current user. This can be useful for quickly verifying your user identity, especially when switching between different accounts or using sudo.

In [None]:
!whoami

root


When the response returns as "root," it denotes a significant level of authority. "Root" isn't merely a username; it symbolizes the superuser account, embodying the pinnacle of system access. As the superuser, one wields unparalleled control over the system's resources and functionalities. With the power to execute commands, modify critical system files, and administer user privileges, the root user stands as the ultimate arbiter of the system's fate. However, such omnipotence demands vigilance, as even a single erroneous command can have far-reaching consequences, potentially jeopardizing the stability and security of the entire system. Thus, while the root user commands immense authority, exercising it judiciously is paramount to ensuring the integrity and reliability of the system.

### Exercise 3: Check Current User

Run the `whoami` command. What is the current username you are logged in with?

## 4. Distribution Information

### Command: `lsb_release -a`
```bash
lsb_release -a
```
The `lsb_release -a` command provides detailed information about the Linux distribution. This includes the distributor ID, description, release number, and codename. This information is essential for identifying the exact OS version in use.

In [None]:
!lsb_release -a

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.3 LTS
Release:	22.04
Codename:	jammy


Google Colab, being a cloud-based service, doesn't include all the components and modules typically found in a full Linux distribution like LSB.

---

The Linux Standard Base (LSB) is a project initiated by the Linux Foundation to standardize the structure and components of Linux distributions. Its primary goal is to increase compatibility among different Linux distributions by defining a common set of standards and APIs (Application Programming Interfaces). This helps developers create software that can run seamlessly across various Linux distributions without needing to be modified for each specific distribution.

Key components of the LSB include:

1. Filesystem Hierarchy Standard (FHS): Defines the directory structure and organization of files within a Linux system, ensuring consistency across distributions.

2. Binary Compatibility: Specifies standards for binary executables and libraries, enabling applications compiled on one LSB-compliant system to run on another without compatibility issues.

3. Core Libraries: Defines a set of core libraries and APIs that must be present on LSB-compliant systems, ensuring a common foundation for software development.

4. Command-line Interfaces (CLI): Specifies standard command-line utilities and options, promoting uniformity in how users interact with the system.

5. Packaging Formats: Recommends packaging formats and tools for distributing software, facilitating software installation and management across distributions.

## 5. OS Release Information

### Command: `cat /etc/*-release`
```bash
cat /etc/*-release
```
The `/etc/*-release` files contain release information for the operating system. These files can include details like the OS name, version, and more. They provide a broader range of details compared to `lsb_release`.

In [None]:
!cat /etc/*-release

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy


* Distributor ID: Indicates that the distribution is Ubuntu.
* Release: Specifies the version of Ubuntu (22.04).
* Codename: Gives the code name of the Ubuntu release (Jammy).
* Description/Pretty Name: Provides a detailed description of the Ubuntu version, including the LTS (Long-Term Support) designation and the code name.
* Version ID: Specifies the version number of Ubuntu (22.04).
* Version: Further details the version as 22.04.3 LTS (Jammy Jellyfish).
* Version Codename: Reiterates the code name of the Ubuntu release (jammy).
* ID/Like: Mentions that Ubuntu is similar to Debian, a popular Linux distribution.
* Home URL/SUPPORT_URL/BUG_REPORT_URL/PRIVACY_POLICY_URL: Provide links for * Ubuntu's home page, support, bug reporting, and privacy policy.
* UBUNTU_CODENAME: Again specifies the code name of the Ubuntu release (jammy).

### Exercise 5: Check OS Release Information

View the contents of `/etc/*-release` on your system. Compare this information with the output of `lsb_release -a`.

## 6. Kernel Version

### Command: `uname -r`
```bash
uname -r
```
The `uname -r` command returns only the kernel version, making it a quick way to check the kernel version without the extra details provided by `uname -a`.

In [None]:
!uname -r

6.1.85+


The kernel release version of the current operating system. In your provided output "6.1.85+", "6.1.85" represents the kernel version, and the additional "+" symbol typically indicates that the kernel version includes additional patches or modifications beyond the base version.

### Exercise 6: Check Kernel Version

Run the `uname -r` command. What is the kernel version of your system?

## 7. System Architecture

### Command: `arch`
```bash
arch
```
The `arch` command displays the architecture of the machine, such as `x86_64` for 64-bit systems. This is useful for understanding the hardware capabilities of the system.

Run this command to determine the system architecture:

In [None]:
!arch

x86_64


This means that your system supports 64-bit instructions and can run 64-bit software.

## 8. System Uptime

### Command: `uptime`
```bash
uptime
```
The `uptime` command shows how long the system has been running, the number of users, and the system load averages. This can be useful for understanding the system's stability and current load.

Use this command to check the system's uptime and load:

In [None]:
!uptime

 15:42:43 up  1:18,  0 users,  load average: 0.35, 0.24, 0.20


* Uptime: The system has been up
* Users: Currently, there are no users logged in.
* Load Average: The load average values represent the system load over the last 1, 5, and 15 minutes, respectively. In this case, the load averages are 0.35, 0.24, and 0.20. These numbers indicate the average number of processes that are either in a runnable state or waiting for CPU time over the specified time intervals. Lower load averages generally indicate a system that is not heavily loaded.

## 9. CPU Information

### Command: `lscpu`
```bash
lscpu
```
The `lscpu` command provides detailed information about the CPU architecture, including the number of CPUs, threads, cores, sockets, and more. This information is crucial for performance tuning and understanding the processing power of the system.

Use this command to gather detailed CPU information:

In [None]:
!lscpu

Architecture:             x86_64
  CPU op-mode(s):         32-bit, 64-bit
  Address sizes:          46 bits physical, 48 bits virtual
  Byte Order:             Little Endian
CPU(s):                   2
  On-line CPU(s) list:    0,1
Vendor ID:                GenuineIntel
  Model name:             Intel(R) Xeon(R) CPU @ 2.20GHz
    CPU family:           6
    Model:                79
    Thread(s) per core:   2
    Core(s) per socket:   1
    Socket(s):            1
    Stepping:             0
    BogoMIPS:             4400.30
    Flags:                fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 cl
                          flush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc re
                          p_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3
                           fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand
                           hypervisor lahf_lm abm 3dnowprefetch i

## 10. Memory Usage

### Command: `free -h`
```bash
free -h
```
The `free -h` command displays the system's memory usage in a human-readable format. It shows the total, used, and free memory, along with buffers and cache used by the kernel.

Run this command to check the memory usage of the system:

In [None]:
!free -h

               total        used        free      shared  buff/cache   available
Mem:            12Gi       727Mi       8.5Gi       1.0Mi       3.5Gi        11Gi
Swap:             0B          0B          0B


## 11. Disk Usage

### Command: `df -h`
```bash
df -h
```
The `df -h` command displays disk space usage in a human-readable format. It shows the total, used, and available space on all mounted filesystems.

Use this command to check the disk usage on the system:

In [None]:
!df -h

Filesystem      Size  Used Avail Use% Mounted on
overlay         108G   28G   81G  26% /
tmpfs            64M     0   64M   0% /dev
shm             5.8G     0  5.8G   0% /dev/shm
/dev/root       2.0G  1.2G  820M  59% /usr/sbin/docker-init
tmpfs           6.4G  108K  6.4G   1% /var/colab
/dev/sda1        70G   46G   24G  66% /kaggle/input
tmpfs           6.4G     0  6.4G   0% /proc/acpi
tmpfs           6.4G     0  6.4G   0% /proc/scsi
tmpfs           6.4G     0  6.4G   0% /sys/firmware


From the output you provided, it seems to list various filesystem types mounted on different directories within the Linux filesystem hierarchy. Here's a breakdown:

1. overlay: This is likely the root filesystem (or "/" directory) of the system. It's utilizing the overlay filesystem, which is commonly used in containerization technologies like Docker.

2. tmpfs: This is a temporary filesystem stored in the system's memory (RAM). It's often used for temporary files and directories that don't need to be persisted across reboots.

3. shm: This is another temporary filesystem, specifically a shared memory filesystem. It's used for creating shared memory segments that can be accessed by multiple processes.

4. /dev/root: This appears to be a block device filesystem mounted at the root directory ("/"). It's likely the primary filesystem for the system, containing the operating system and other essential files.

5. /dev/sda1: This is a block device filesystem, typically representing a partition on a physical disk (such as a hard drive or SSD). It's mounted at the directory specified, providing additional storage space for the system.

6. tmpfs: Another temporary filesystem stored in memory.

Linux (Debian distributions or Ubuntu) uses apt to simplify the process of software management on Debian-based Linux systems, providing users with a convenient and efficient way to install, update, and remove software packages.

The first command, "!apt update", triggers an update of the package information sourced from the repositories configured on the system. This ensures that the user has access to the latest software updates and versions. Following this, the second command, "!apt install hwinfo", proceeds to install the "hwinfo" package using the "apt" package manager.

In [None]:
!apt update
!apt install hwinfo
!apt install net-tools

[33m0% [Working][0m            Get:1 https://cloud.r-project.org/bin/linux/ubuntu jammy-cran40/ InRelease [3,626 B]
[33m0% [Waiting for headers] [Connecting to security.ubuntu.com (185.125.190.83)] [1 InRelease 3,626 B/3[0m[33m0% [Waiting for headers] [Connecting to security.ubuntu.com (185.125.190.83)] [Connecting to ppa.lau[0m                                                                                                    Get:2 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  InRelease [1,581 B]
Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:5 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Get:6 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages [929 kB]
Hit:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:8 https://ppa.launchpadcontent.net/c2d4u.team/c2d4u4.0+/ubuntu jammy InRelease
Hit:9 

## 12. Hardware Information

### Command: `hwinfo`
```bash
sudo hwinfo
```
The `hwinfo` command provides detailed information about the hardware present in the system. It includes details about CPU, memory, disks, network interfaces, and more. This command is often used for diagnosing hardware issues or for inventory purposes.

Gather comprehensive hardware details using this command:

In [None]:
!sudo hwinfo

                                                                > hal.1: read hal data                                                                > floppy.1: get nvram                                                                > floppy.2: nvram info                                                                > bios.1: cmdline                                                                > bios.1.1: apm                                                                > bios.2: ram                                                                > bios.2: rom                                                                > bios.3: smp                                                                > bios.4: vbe                                                                > bios.4.1: vbe info                                                                > bios.5: 32                                                                > bios.6: acpi            

## 13. Network Configuration

### Command: `ifconfig`
```bash
sudo ifconfig
```
The `ifconfig` command displays the network configuration for all network interfaces on the system. It includes details about IP addresses, MAC addresses, and more. The ifconfig command is included in the package namely net-tools and provides a set of command-line tools for network monitoring and configuration.

Check the network configuration using this command:

In [None]:
!sudo ifconfig

sudo: ifconfig: command not found


The provided output details the configuration and statistics of the network interface "eth0". It reveals that the interface is currently active and operational, supporting broadcasting and multicast traffic. The IP address assigned to the interface is "172.28.0.12

The IP address "172.28.0.12" is often associated with Docker containers, especially when using Docker in a local development environment or within a containerized setup. Google Colab's backend infrastructure utilizes Docker or similar containerization technologies internally, and the reported IP address reflects this.

### Exercise 13: Inspect Network Configuration

Run the `ifconfig` command. What network interfaces are available on your system, and what IP addresses are assigned to them?

## 14. Network Statistics

### Command: `netstat -an`
```bash
sudo netstat -an
```
The `netstat -an` command provides detailed information about network connections, including listening and established connections, along with their state.

Use this command to analyze network statistics:

In [None]:
!sudo netstat -an

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.11:44763        0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:9000        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:39931         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:39625         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3453          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:59751         0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:6000        0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:6000        172.28.0.12:60066       ESTABLISHED
tcp        0      0 172.28.0.12:45262       172.28.0.12:9000        ESTABLISHED
tcp        0      0 127.0.0.1:59751         127.0.0.1:42984         ESTABLISHED
tcp        0      0 127.0.0.1:39625         127.0.0.1:50526       

The provided network socket entries illustrate the status of TCP connections on a system. The first line, "tcp 0 0 172.28.0.12:6000 0.0.0.0:* LISTEN", indicates that the system is actively listening for incoming connections on port 6000 of the local IP address "172.28.0.12". The IP address "0.0.0.0" denotes that it's listening on all available network interfaces. The second line, "tcp 0 0 172.28.0.12:6000 172.28.0.12:60066 ESTABLISHED", reveals an established connection between the local machine and a remote host located at IP address "172.28.0.12" on port "60066". This connection is in the "ESTABLISHED" state, indicating that data transfer is actively occurring between the local and remote hosts. Such information is vital for network administrators and system operators to monitor and manage network activity, ensuring the efficient functioning and security of the system.

For TCP connections, details include the protocol (TCP), the Receive and Send queues (Recv-Q and Send-Q), the local and foreign addresses, and the state of the connection. The state indicates whether the connection is listening for incoming requests, established, or in a time-wait state after closure.

For UDP connections, only the local and foreign addresses are shown, along with the protocol (UDP).

Additionally, the text presents active UNIX domain sockets, specifying the protocol (Unix), reference count, flags, type, state, and the corresponding file path for each socket.

This summary provides a comprehensive snapshot of the network activity and socket usage on the system, facilitating network monitoring and troubleshooting tasks.

## 15. Environmental Variables


The output of the env command provides a list of environment variables that are set in the current shell session, each specifying certain configurations and settings for the environment. For example, SHELL=/bin/bash indicates that the default shell for the session is Bash, a popular Unix shell. NV_LIBCUBLAS_VERSION=12.2.5.6-1 specifies the version of the NVIDIA cuBLAS library, a GPU-accelerated library for dense linear algebra computations, used for high-performance computing tasks. NVIDIA_VISIBLE_DEVICES=all signifies that all available NVIDIA GPU devices are accessible, which is particularly relevant in environments that support GPU acceleration, like Google Colab. Lastly, COLAB_JUPYTER_TRANSPORT=ipc indicates the transport mechanism used by Jupyter in Colab, where ipc (inter-process communication) is utilized for communication between processes. These environment variables configure and control various aspects of the system's behavior and resource usage, facilitating customized and efficient execution of tasks within the environment.



In [None]:
!env

SHELL=/bin/bash
NV_LIBCUBLAS_VERSION=12.2.5.6-1
NVIDIA_VISIBLE_DEVICES=all
COLAB_JUPYTER_TRANSPORT=ipc
NV_NVML_DEV_VERSION=12.2.140-1
NV_CUDNN_PACKAGE_NAME=libcudnn8
CGROUP_MEMORY_EVENTS=/sys/fs/cgroup/memory.events /var/colab/cgroup/jupyter-children/memory.events
NV_LIBNCCL_DEV_PACKAGE=libnccl-dev=2.19.3-1+cuda12.2
NV_LIBNCCL_DEV_PACKAGE_VERSION=2.19.3-1
VM_GCE_METADATA_HOST=169.254.169.253
HOSTNAME=50dbe19cd34f
LANGUAGE=en_US
TBE_RUNTIME_ADDR=172.28.0.1:8011
COLAB_TPU_1VM=
GCE_METADATA_TIMEOUT=3
NVIDIA_REQUIRE_CUDA=cuda>=12.2 brand=tesla,driver>=470,driver<471 brand=unknown,driver>=470,driver<471 brand=nvidia,driver>=470,driver<471 brand=nvidiartx,driver>=470,driver<471 brand=geforce,driver>=470,driver<471 brand=geforcertx,driver>=470,driver<471 brand=quadro,driver>=470,driver<471 brand=quadrortx,driver>=470,driver<471 brand=titan,driver>=470,driver<471 brand=titanrtx,driver>=470,driver<471 brand=tesla,driver>=525,driver<526 brand=unknown,driver>=525,driver<526 brand=nvidia,driver>=5

In [None]:
!groups

root


In [None]:
!sudo apt-get install iptables

In [None]:
!ps

    PID TTY          TIME CMD
      1 ?        00:00:00 docker-init
      6 ?        00:00:02 node
     10 ?        00:00:00 oom_monitor.sh
     12 ?        00:00:00 run.sh
     13 ?        00:00:00 kernel_manager_
     34 ?        00:00:00 tail
     60 ?        00:00:08 python3 <defunct>
     61 ?        00:00:00 colab-fileshim.
     79 ?        00:00:05 jupyter-noteboo
     84 ?        00:00:00 dap_multiplexer
    596 ?        00:00:07 python3
    631 ?        00:00:02 python3
    655 ?        00:00:00 language_servic
    661 ?        00:00:07 node
   4979 ?        00:00:00 sleep
   4980 ?        00:00:00 ps


In [None]:
!top

[?1h=[H[2J[mtop - 16:03:08 up 16 min,  0 users,  load average: 0.35, 0.27, 0.27[m[m[m[m[K
Tasks:[m[m[1m  16 [m[mtotal,[m[m[1m   1 [m[mrunning,[m[m[1m  14 [m[msleeping,[m[m[1m   0 [m[mstopped,[m[m[1m   1 [m[mzombie[m[m[m[m[K
%Cpu(s):[m[m[1m  3.3 [m[mus,[m[m[1m  0.0 [m[msy,[m[m[1m  0.0 [m[mni,[m[m[1m 96.7 [m[mid,[m[m[1m  0.0 [m[mwa,[m[m[1m  0.0 [m[mhi,[m[m[1m  0.0 [m[msi,[m[m[1m  0.0 [m[mst[m[m[m[m[K
MiB Mem :[m[m[1m  12979.0 [m[mtotal,[m[m[1m   7991.4 [m[mfree,[m[m[1m    776.3 [m[mused,[m[m[1m   4211.2 [m[mbuff/cache[m[m[m[m[K
MiB Swap:[m[m[1m      0.0 [m[mtotal,[m[m[1m      0.0 [m[mfree,[m[m[1m      0.0 [m[mused.[m[m[1m  11882.6 [m[mavail Mem [m[m[m[m[K
[K
[7m    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                      [m[m[K
[m      1 root      20   0    1076      8      0 S   0.0   0.0   0:00.04 docker-init

In [None]:
!apt install htop

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libnl-genl-3-200
Suggested packages:
  lm-sensors strace
The following NEW packages will be installed:
  htop libnl-genl-3-200
0 upgraded, 2 newly installed, 0 to remove and 45 not upgraded.
Need to get 140 kB of archives.
After this operation, 404 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 libnl-genl-3-200 amd64 3.5.0-0.1 [12.4 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy/main amd64 htop amd64 3.0.5-7build2 [128 kB]
Fetched 140 kB in 1s (171 kB/s)
Selecting previously unselected package libnl-genl-3-200:amd64.
(Reading database ... 122276 files and directories currently installed.)
Preparing to unpack .../libnl-genl-3-200_3.5.0-0.1_amd64.deb ...
Unpacking libnl-genl-3-200:amd64 (3.5.0-0.1) ...
Selecting previously unselected package htop.
Preparing to unpack .../htop_3.0.5-7bui

In [None]:
!sudo apt-get install fail2ban

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  python3-pyinotify python3-systemd whois
Suggested packages:
  mailx system-log-daemon monit sqlite3 python-pyinotify-doc
The following NEW packages will be installed:
  fail2ban python3-pyinotify python3-systemd whois
0 upgraded, 4 newly installed, 0 to remove and 45 not upgraded.
Need to get 512 kB of archives.
After this operation, 2,684 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/universe amd64 fail2ban all 0.11.2-6 [394 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy/main amd64 python3-pyinotify all 0.9.6-1.3 [24.8 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy/main amd64 python3-systemd amd64 234-3ubuntu2 [39.6 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy/main amd64 whois amd64 5.5.13 [53.4 kB]
Fetched 512 kB in 1s (427 kB/s)
debconf: unable to initialize frontend: Dialog
debconf: (

In [None]:
!sudo fail2ban-client status

2024-06-21 16:14:46,827 fail2ban                [8342]: ERROR   Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?


In [None]:
!sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

In [None]:
!sudo apt install nano

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  hunspell
The following NEW packages will be installed:
  nano
0 upgraded, 1 newly installed, 0 to remove and 45 not upgraded.
Need to get 280 kB of archives.
After this operation, 881 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 nano amd64 6.2-1 [280 kB]
Fetched 280 kB in 1s (299 kB/s)
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78, <> line 1.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Teletype
dpkg-preconfigure: unable to re-open stdin: 
Selecting previously unselected package nano.
(Reading database ... 123110 files and directo

In [None]:
!netstat -tuln

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:47205         0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:9000        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.11:36513        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:46207         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:44981         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3453          0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:6000        0.0.0.0:*               LISTEN     
tcp6       0      0 :::8080                 :::*                    LISTEN     
udp        0      0 127.0.0.11:49456        0.0.0.0:*                          


In [None]:
!apt install netcat

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  netcat-openbsd
The following NEW packages will be installed:
  netcat netcat-openbsd
0 upgraded, 2 newly installed, 0 to remove and 45 not upgraded.
Need to get 41.4 kB of archives.
After this operation, 126 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 netcat-openbsd amd64 1.218-4ubuntu1 [39.4 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy/universe amd64 netcat all 1.218-4ubuntu1 [2,044 B]
Fetched 41.4 kB in 0s (122 kB/s)
Selecting previously unselected package netcat-openbsd.
(Reading database ... 123183 files and directories currently installed.)
Preparing to unpack .../netcat-openbsd_1.218-4ubuntu1_amd64.deb ...
Unpacking netcat-openbsd (1.218-4ubuntu1) ...
Selecting previously unselected package netcat.
Preparing to unpack .../netcat_1.218-4ubuntu1_all.deb ...
Unpacking netcat (

In [None]:
!nc -lvp 88888

nc: invalid option -- '-'
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
	  [-m minttl] [-O length] [-P proxy_username] [-p source_port]
	  [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit]
	  [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]]
	  [destination] [port]


In [None]:
!pip install matplotlib



In [None]:
!pip install colab-xterm
%load_ext colabxterm
!pip install udocker
!udocker --allow-root install
%xterm
#Run htop command inside to see the running processes of the system

The colabxterm extension is already loaded. To reload it, use:
  %reload_ext colabxterm


Launching Xterm...

<IPython.core.display.Javascript object>

In [None]:
!netstat -tuln

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 172.28.0.12:9000        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.11:36513        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:45037         0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:23352           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3453          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:59751         0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:6000        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:41169         0.0.0.0:*               LISTEN     
tcp6       0      0 :::8080                 :::*                    LISTEN     
udp        0      0 127.0.0.11:49456        0.0.0.0:*                          


In [None]:
!apt install tcpdump

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libpcap0.8
The following NEW packages will be installed:
  libpcap0.8 tcpdump
0 upgraded, 2 newly installed, 0 to remove and 45 not upgraded.
Need to get 647 kB of archives.
After this operation, 1,773 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 libpcap0.8 amd64 1.10.1-4build1 [145 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 tcpdump amd64 4.99.1-3ubuntu0.2 [501 kB]
Fetched 647 kB in 1s (517 kB/s)
Selecting previously unselected package libpcap0.8:amd64.
(Reading database ... 123208 files and directories currently installed.)
Preparing to unpack .../libpcap0.8_1.10.1-4build1_amd64.deb ...
Unpacking libpcap0.8:amd64 (1.10.1-4build1) ...
Selecting previously unselected package tcpdump.
Preparing to unpack .../tcpdump_4.99.1-3ubuntu0.2_amd64.deb ...
Unpacking tcpd

In [None]:
!tcpdump -i eth0 tcp

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:34:42.805306 IP 172.28.0.1.50276 > f88cc2ba8773.http-alt: Flags [P.], seq 29368342:29368913, ack 1704492823, win 249, options [nop,nop,TS val 269009103 ecr 1571972494], length 571: HTTP: GET /_proxy/10000/out HTTP/1.1
16:34:42.809026 IP f88cc2ba8773.http-alt > 172.28.0.1.50276: Flags [P.], seq 1:132, ack 571, win 249, options [nop,nop,TS val 1571972606 ecr 269009103], length 131: HTTP: HTTP/1.1 500 Reverse Proxy Error.
16:34:42.809059 IP 172.28.0.1.50276 > f88cc2ba8773.http-alt: Flags [.], ack 132, win 249, options [nop,nop,TS val 269009107 ecr 1571972606], length 0
16:34:42.958292 IP 172.28.0.1.50276 > f88cc2ba8773.http-alt: Flags [P.], seq 571:1195, ack 132, win 249, options [nop,nop,TS val 269009256 ecr 1571972606], length 624: HTTP: GET /socket.io/?EIO=3&sid=1wxwXdI17U33z7KLAAAA&t=P0xfdOS&transport=polling HTTP/1.1
16:34:42.959279

In [None]:
!apt install iftop

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libpcap0.8
The following NEW packages will be installed:
  iftop libpcap0.8
0 upgraded, 2 newly installed, 0 to remove and 45 not upgraded.
Need to get 181 kB of archives.
After this operation, 461 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 libpcap0.8 amd64 1.10.1-4build1 [145 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy/universe amd64 iftop amd64 1.0~pre4-7 [35.6 kB]
Fetched 181 kB in 2s (89.3 kB/s)
Selecting previously unselected package libpcap0.8:amd64.
(Reading database ... 121925 files and directories currently installed.)
Preparing to unpack .../libpcap0.8_1.10.1-4build1_amd64.deb ...
Unpacking libpcap0.8:amd64 (1.10.1-4build1) ...
Selecting previously unselected package iftop.
Preparing to unpack .../iftop_1.0~pre4-7_amd64.deb ...
Unpacking iftop (1.0~pre4-7) ...
Setting

In [None]:
%xterm
# iftop -n

UsageError: Line magic function `%xterm` not found.


In [None]:
!apt install logwatch

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  cpio libdate-manip-perl postfix ssl-cert
Suggested packages:
  libarchive1 libsys-cpu-perl libsys-meminfo-perl procmail postfix-mysql postfix-pgsql postfix-ldap
  postfix-pcre postfix-lmdb postfix-sqlite sasl2-bin | dovecot-common libsasl2-modules
  | dovecot-common resolvconf postfix-cdb mail-reader postfix-mta-sts-resolver ufw postfix-doc
The following NEW packages will be installed:
  cpio libdate-manip-perl logwatch postfix ssl-cert
0 upgraded, 5 newly installed, 0 to remove and 45 not upgraded.
Need to get 2,674 kB of archives.
After this operation, 19.6 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 ssl-cert all 1.1.2 [17.4 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 cpio amd64 2.13+dfsg-7ubuntu0.1 [84.5 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy-upda

In [None]:
!logwatch --detail High

 
 ################### Logwatch 7.5.6 (07/23/21) #################### 
        Processing Initiated: Fri Jun 21 16:44:00 2024
        Date Range Processed: yesterday
                              ( 2024-Jun-20 )
                              Period is day.
        Detail Level of Output: 10
        Type of Output/Format: stdout / text
        Logfiles for Host: f88cc2ba8773
 ################################################################## 
 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 overlay         108G   28G   81G  26% /
 /dev/root       2.0G  1.2G  820M  59% /usr/sbin/docker-init
 /dev/sda1        70G   46G   24G  66% /kaggle/input
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End ######################### 



In [None]:
!ss -tuln

Netid State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
udp   UNCONN 0      0         127.0.0.11:49456      0.0.0.0:*          
tcp   LISTEN 0      128      172.28.0.12:9000       0.0.0.0:*          
tcp   LISTEN 0      4096      127.0.0.11:36513      0.0.0.0:*          
tcp   LISTEN 0      100        127.0.0.1:45037      0.0.0.0:*          
tcp   LISTEN 0      1            0.0.0.0:23352      0.0.0.0:*          
tcp   LISTEN 0      128        127.0.0.1:3453       0.0.0.0:*          
tcp   LISTEN 0      4096       127.0.0.1:59751      0.0.0.0:*          
tcp   LISTEN 9      128        127.0.0.1:10000      0.0.0.0:*          
tcp   LISTEN 1      128        127.0.0.1:10001      0.0.0.0:*          
tcp   LISTEN 0      128        127.0.0.1:10002      0.0.0.0:*          
tcp   LISTEN 0      4096     172.28.0.12:6000       0.0.0.0:*          
tcp   LISTEN 0      4096       127.0.0.1:41169      0.0.0.0:*          
tcp   LISTEN 0      511                *:8080             *:*   

In [None]:
!pstree -p

docker-init(1)─┬─nc(10705)
               ├─node(6)─┬─colab-fileshim.(61)
               │         ├─dap_multiplexer(84)─┬─{dap_multiplexer}(85)
               │         │                     ├─{dap_multiplexer}(86)
               │         │                     ├─{dap_multiplexer}(87)
               │         │                     └─{dap_multiplexer}(88)
               │         ├─jupyter-noteboo(79)─┬─python3(10874)─┬─pstree(17220)
               │         │                     │                ├─python3(13991)─┬─bash(13993)
               │         │                     │                │                └─{python3}(14107)
               │         │                     │                ├─python3(14061)─┬─bash(14067)───if+
               │         │                     │                │                └─{python3}(14082)
               │         │                     │                ├─python3(14508)─┬─bash(14510)───if+
               │         │                     │                │

In [None]:
!find /var/log -name '*.log'

/var/log/bootstrap.log
/var/log/alternatives.log
/var/log/apt/history.log
/var/log/apt/term.log
/var/log/dpkg.log
/var/log/fail2ban.log
/var/log/pip.log
/var/log/fontconfig.log


In [None]:
!grep "error" /var/log/bootstrap.log

2023-10-04 02:07:44 URL:http://ftpmaster.internal/ubuntu/pool/main/libg/libgpg-error/libgpg-error0_1.43-3_amd64.deb [69684/69684] -> "/build/chroot//var/cache/apt/archives/partial/libgpg-error0_1.43-3_amd64.deb" [1]
Selecting previously unselected package libgpg-error0:amd64.
Preparing to unpack .../libgpg-error0_1.43-3_amd64.deb ...
Unpacking libgpg-error0:amd64 (1.43-3) ...
Setting up libgpg-error0:amd64 (1.43-3) ...


In [None]:
!sudo -l

Matching Defaults entries for root on f88cc2ba8773:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin,
    use_pty

User root may run the following commands on f88cc2ba8773:
    (ALL : ALL) ALL


In [None]:
!find / -type f \( -perm -o+w -or -perm -o+x \) -exec ls -la {} +

-rwxr-xr-x 1 root root          51632 Feb  7  2022 '/usr/bin/['
-rwxr-xr-x 1 root root             39 Aug 15  2020  /usr/bin/7z
-rwxr-xr-x 1 root root             40 Aug 15  2020  /usr/bin/7za
-rwxr-xr-x 1 root root             40 Aug 15  2020  /usr/bin/7zr
-rwxr-xr-x 1 root root          35344 Jun  5  2023  /usr/bin/aa-enabled
-rwxr-xr-x 1 root root          35344 Jun  5  2023  /usr/bin/aa-exec
-rwxr-xr-x 1 root root          31248 Jun  5  2023  /usr/bin/aa-features-abi
-rwxr-xr-x 1 root root          36020 Mar 18  2022  /usr/bin/aclocal-1.16
-rwxr-xr-x 1 root root          18656 Feb  6  2022  /usr/bin/acyclic
-rwxr-xr-x 1 root root          14478 Oct 24  2023  /usr/bin/add-apt-repository
-rwxr-xr-x 1 root root          14712 Feb 21  2022  /usr/bin/addpart
-rwxr-xr-x 1 root root           1887 Mar  4  2022  /usr/bin/aggregate_profile
-rwxr-xr-x 1 root root          18824 Feb 13 15:39  /usr/bin/apt
-rwxr-xr-x 1 root root          84448 Feb 13 15:39  /usr/bin/apt-cache
-rwxr-xr-x 1 root

In [None]:
!find / -type f -executable -user root ! -path "/proc/*" ! -path "/sys/*" ! -path "/dev/*" -exec ls -l {} +

[1;30;43mStreaming output truncated to the last 5000 lines.[0m
-rwxr-xr-x 1 root root    441009 Jun 18 13:35 /usr/local/lib/python3.10/dist-packages/pygame.libs/libwebp-a19f9429.so.7.1.3
-rwxr-xr-x 1 root root     21249 Jun 18 13:37 /usr/local/lib/python3.10/dist-packages/tensorboard/plugins/projector/tf_projector_plugin/projector_binary.html
-rwxr-xr-x 1 root root   1964091 Jun 18 13:37 /usr/local/lib/python3.10/dist-packages/tensorboard/plugins/projector/tf_projector_plugin/projector_binary.js
-rwxr-xr-x 1 root root   4417248 Jun 18 13:37 /usr/local/lib/python3.10/dist-packages/tensorboard/webfiles.zip
-rwxr-xr-x 1 root root     13699 Jun 18 13:38 /usr/local/lib/python3.10/dist-packages/tensorflow/_api/v2/api_packages.txt
-rwxr-xr-x 1 root root   2169984 Jun 18 13:35 /usr/local/lib/python3.10/dist-packages/tensorflow_gcs_config/_gcs_config_ops.so
-rwxr-xr-x 1 root root      6547 Jun 18 13:38 /usr/local/lib/python3.10/dist-packages/tensorflow/include/google/protobuf/any.h
-rwxr-xr-x

In [None]:
!find / -type f -perm /4000 2>/dev/null

/usr/bin/umount
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/gpasswd
/usr/bin/mount
/usr/bin/passwd
/usr/bin/su
/usr/bin/newgrp
/usr/bin/fusermount
/usr/bin/sudo
/usr/bin/pkexec
/usr/lib/openssh/ssh-keysign
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/libexec/polkit-agent-helper-1


In [None]:
!ps aux | grep sudo

root       20848  0.0  0.0   7376  3476 ?        S    17:02   0:00 /bin/bash -c ps aux | grep sudo
root       20850  0.0  0.0   6484  2348 ?        S    17:02   0:00 grep sudo


In [None]:
!ls -la /etc/cron.*

/etc/cron.d:
total 16
drwxr-xr-x 2 root root 4096 Oct  4  2023 .
drwxr-xr-x 1 root root 4096 Jun 21 16:54 ..
-rw-r--r-- 1 root root  201 Jan  8  2022 e2scrub_all

/etc/cron.daily:
total 28
drwxr-xr-x 1 root root 4096 Jun 21 16:43 .
drwxr-xr-x 1 root root 4096 Jun 21 16:54 ..
-rwxr-xr-x 1 root root  268 Jan 12  2022 00logwatch
-rwxr-xr-x 1 root root 1478 Apr  8  2022 apt-compat
-rwxr-xr-x 1 root root  123 Dec  5  2021 dpkg
-rwxr-xr-x 1 root root 1330 Mar 17  2022 man-db

/etc/cron.weekly:
total 16
drwxr-xr-x 2 root root 4096 Jun 18 13:16 .
drwxr-xr-x 1 root root 4096 Jun 21 16:54 ..
-rwxr-xr-x 1 root root 1020 Mar 17  2022 man-db


In [None]:
!getcap -r / 2>/dev/null

/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-ptp-helper cap_net_bind_service,cap_net_admin=ep


In [None]:
!apt install lsus

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
[1;31mE: [0mUnable to locate package lsusb[0m


## Conclusion

In this guide, we've explored a variety of manual enumeration techniques using Linux commands. These techniques provide valuable insights into the target system's configuration, which is crucial for identifying potential vulnerabilities and securing the system against cyber threats.

By mastering these commands and understanding their output, cybersecurity professionals can effectively assess the security posture of their systems and take proactive measures to mitigate risks.