Fhernanda Romo#

  • Número de cuenta: 314284286

Para la máquina de centos#

Se muestra la sección Acerca de Centos

Comandos:#

    1. # uname -a
        Linux centos-fher 4.18.0-365.el8.x86_64 #1 SMP Thu Feb 10 16:11:23 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux 

    2. # cat /etc/os-release
        NAME="CentOS Stream"
        VERSION="8"
        ID="centos"
        ID_LIKE="rhel fedora"
        VERSION_ID="8"
        PLATFORM_ID="platform:el8"
        PRETTY_NAME="CentOS Stream 8"
        ANSI_COLOR="0;31"
        CPE_NAME="cpe:/o:centos:centos:8"
        HOME_URL="https://centos.org/"
        BUG_REPORT_URL="https://bugzilla.redhat.com/"
        REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 8"
        REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"

    3. # cat /etc/redhat-release
        CentOS Stream release 8

    4. # lsmod
        - [Salida del comando](files/lsmodcentos.txt)

    5. # ps afx
        - [salida del comando](files/psafxcentos.log)

    6. # hostname -I
        10.0.2.15 192.168.122.1 

    7. # ip addr
        1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue   state UNKNOWN group default qlen 1000
            link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
            inet 127.0.0.1/8 scope host lo
            valid_lft forever preferred_lft forever
            inet6 ::1/128 scope host 
            valid_lft forever preferred_lft forever
        2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
            link/ether 08:00:27:fe:c3:9d brd ff:ff:ff:ff:ff:ff
            inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
            valid_lft 80025sec preferred_lft 80025sec
            inet6 fe80::a00:27ff:fefe:c39d/64 scope link noprefixroute 
            valid_lft forever preferred_lft forever
        3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
        link/ether 08:00:27:cf:d9:d7 brd ff:ff:ff:ff:ff:ff
        4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
            link/ether 52:54:00:de:48:ab brd ff:ff:ff:ff:ff:ff
            inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
            valid_lft forever preferred_lft forever

    8. # ip route show
        default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 
        10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 
        192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

    9. # cat /etc/resolv.conf
        # Generated by NetworkManager
        nameserver 192.168.1.1

    10. # netstat -ntulp
        (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
        Active Internet connections (only servers)
        Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
        tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
        tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -                   
        tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -                   
        tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      -                   
        tcp6       0      0 :::22                   :::*                    LISTEN      -                   
        tcp6       0      0 ::1:631                 :::*                    LISTEN      -                   
        tcp6       0      0 :::111                  :::*                    LISTEN      -                   
        udp        0      0 192.168.122.1:53        0.0.0.0:*                           -                   
        udp        0      0 0.0.0.0:67              0.0.0.0:*                           -                   
        udp        0      0 0.0.0.0:111             0.0.0.0:*                           -                   
        udp        0      0 0.0.0.0:5353            0.0.0.0:*                           -                   
        udp        0      0 0.0.0.0:41365           0.0.0.0:*                           -                   
        udp6       0      0 :::36724                :::*                                -                   
        udp6       0      0 :::111                  :::*                                -                   
        udp6       0      0 :::5353                 :::*      


    11. # ping -c 4 1.1.1.1
        PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
        64 bytes from 1.1.1.1: icmp_seq=1 ttl=52 time=21.9 ms
        64 bytes from 1.1.1.1: icmp_seq=2 ttl=52 time=21.3 ms
        64 bytes from 1.1.1.1: icmp_seq=3 ttl=52 time=21.9 ms


    12. # dig example.com.
        ; <<>> DiG 9.11.36-RedHat-9.11.36-2.el8 <<>> example.com.
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43043
        ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

        ;; OPT PSEUDOSECTION:
        ; EDNS: version: 0, flags:; udp: 1232
        ; COOKIE: fb0d910ea4bd1c7237fe5523621c4b84dd70a1c2aebc89e9 (good)
        ;; QUESTION SECTION:
        ;example.com.           IN  A

        ;; ANSWER SECTION:
        example.com.        82381   IN  A   93.184.216.34

        ;; AUTHORITY SECTION:
        example.com.        83508   IN  NS  b.iana-servers.net.
        example.com.        83508   IN  NS  a.iana-servers.net.

        ;; ADDITIONAL SECTION:
        a.iana-servers.net. 379 IN  A   199.43.135.53
        b.iana-servers.net. 379 IN  A   199.43.133.53
        a.iana-servers.net. 379 IN  AAAA    2001:500:8f::53
        b.iana-servers.net. 378 IN  AAAA    2001:500:8d::53

        ;; Query time: 4 msec
        ;; SERVER: 192.168.1.1#53(192.168.1.1)
        ;; WHEN: Sun Feb 27 22:11:32 CST 2022
        ;; MSG SIZE  rcvd: 220

Privilegios de usuario#

    1. $ getent passwd ${USER}
        centos-fher:x:1000:1000:centos-fher:/home/centos-fher:/bin/bash

    2. $ id
        uid=1000(centos-fher) gid=1000(centos-fher) groups=1000(centos-fher),10(wheel),974(wireshark) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

    3. $ groups
        centos-fher wheel wireshark

    4. $ sudo -l
        Matching Defaults entries for centos-fher on centos-fher:
        !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin,
        env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS",
        env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
        env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",
        env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
        env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
        secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

        User centos-fher may run the following commands on centos-fher:
        (ALL) ALL

    5. $ sudo -i

Directorios de instalación#

    which wireshark tcpdump nmap netcat ngrep dsniff wget curl whois bind-utils net-tools iproute iptables iptables-services iputils traceroute ethtool

        /bin/wireshark
        /sbin/tcpdump
        /bin/nmap
        /bin/netcat
        /sbin/ngrep
        /sbin/dsniff
        /bin/wget
        /bin/curl
        /bin/whois
        /usr/bin/which: no bind-utils in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
        /usr/bin/which: no net-tools in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
        /usr/bin/which: no iproute in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
        /sbin/iptables
        /usr/bin/which: no iptables-services in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
        /usr/bin/which: no iputils in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
        /bin/traceroute
        /sbin/ethtool

Para la máquina de debian#

Se muestra la sección Acerca de Debian

Comandos:#

    1. # uname -a
        Linux debian-fher 5.10.0-11-amd64 #1 SMP Debian 5.10.92-1 (2022-01-18) x86_64 GNU/Linux

    2. # cat /etc/os-release
        PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
        NAME="Debian GNU/Linux"
        VERSION_ID="11"
        VERSION="11 (bullseye)"
        VERSION_CODENAME=bullseye
        ID=debian
        HOME_URL="https://www.debian.org/"
        SUPPORT_URL="https://www.debian.org/support"
        BUG_REPORT_URL="https://bugs.debian.org/"

    3. # cat /etc/debian-release
        11.2

    4. # lsmod
        [Salida del comando](files/lsmod.log)

    5. # ps afx
         [Salida del comando](files/psafx.log)

    6. # hostname -I
        10.0.2.15 192.168.56.102

    7. # ip addr
        1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
            link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
            inet 127.0.0.1/8 scope host lo
            valid_lft forever preferred_lft forever
            inet6 ::1/128 scope host 
            valid_lft forever preferred_lft forever
        2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
            link/ether 08:00:27:0e:98:a7 brd ff:ff:ff:ff:ff:ff
            inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
            valid_lft 83061sec preferred_lft 83061sec
            inet6 fe80::a00:27ff:fe0e:98a7/64 scope link noprefixroute 
            valid_lft forever preferred_lft forever
        3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
            link/ether 08:00:27:ab:19:a4 brd ff:ff:ff:ff:ff:ff
            inet 192.168.56.102/24 brd 192.168.56.255 scope global dynamic enp0s8
            valid_lft 377sec preferred_lft 377sec
            inet6 fe80::a00:27ff:feab:19a4/64 scope link 
            valid_lft forever preferred_lft forever

    8. # ip route show
        default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 
        10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 
        192.168.56.0/24 dev enp0s8 proto kernel scope link src 192.168.56.102 

    9. # cat /etc/resolv.conf
        # Generated by NetworkManager
        nameserver 192.168.1.1

    10. # netstat -ntulp
        (Not all processes could be identified, non-owned process info
        will not be shown, you would have to be root to see it all.)
        Active Internet connections (only servers)
        Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
        tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
        tcp6       0      0 :::22                   :::*                    LISTEN      -                   
        udp        0      0 0.0.0.0:46073           0.0.0.0:*                           -                   
        udp        0      0 0.0.0.0:68              0.0.0.0:*                           -                   
        udp        0      0 0.0.0.0:5353            0.0.0.0:*                           -                   
        udp6       0      0 :::47967                :::*                                -                   
        udp6       0      0 :::5353                 :::*                                -                   

    11. # ping -c 4 1.1.1.1
        PING 1.1.1.1 (1.1.1.1): 56 data bytes
        64 bytes from 1.1.1.1: icmp_seq=0 ttl=52 time=21.323 ms
        64 bytes from 1.1.1.1: icmp_seq=1 ttl=52 time=20.889 ms

    12. # dig example.com.
        ; <<>> DiG 9.16.22-Debian <<>> example.com.
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48844
        ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

        ;; QUESTION SECTION:
        ;example.com.           IN  A

        ;; ANSWER SECTION:

  • Privilegios de usuario
    1. $ getent passwd ${USER}
        debian-fher:x:1000:1000:debian-fher,,,:/home/debian-fher:/bin/bash

    2. $ id
        uid=1000(debian-fher) gid=1000(debian-fher) groups=1000(debian-fher),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),109(netdev),113(bluetooth),118(scanner),124(wireshark)

    3. $ groups
        debian-fher cdrom floppy sudo audio dip video plugdev netdev bluetooth scanner wireshark

    4. $ sudo -l
        Matching Defaults entries for debian-fher on debian-fher:
        env_reset, mail_badpass,
        secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

        User debian-fher may run the following commands on debian-fher:
        (ALL : ALL) NOPASSWD: ALL

Directorios de instalación#

    which wireshark tcpdump nmap netcat ngrep dsniff wget curl whois bind-utils net-tools iproute iptables iptables-services iputils traceroute ethtool

        /usr/bin/wireshark
        /usr/bin/tcpdump
        /usr/bin/nmap
        /usr/bin/netcat
        /usr/bin/ngrep
        /usr/sbin/dsniff
        /usr/bin/wget
        /usr/bin/curl
        /usr/bin/whois
        /usr/sbin/iptables
        /usr/sbin/traceroute
        /usr/sbin/ethtool