QuestionQuestion

PART I: Updating Metasploit Lab

1. Open VMware and launch the Kali VM and login as root with your password wilmuabc.
2. Open a shell by clicking on the little black box located at the top left of the desktop, to the right of the word "Places".
3. Launch Metasploit by typing: msfconsole

There are many reasons to update Metasploit. Updating Metasploit will install bug fixes, new community tools, and most importantly - add exploit modules. There are two ways to do this. Your first option is to update Metasploit in an automated fashion by typing "msfupdate" at the command line. This requires registration with Rapid7 for a community edition key. This will update Metasploit with the latest settings, ruby version, modules, etc. You may also simply update Kali by going to “Applications-System Tools-Software Update”. The second way to update Metasploit is manually. Being able to update Metasploit is important because it allows you to import the latest exploits, regardless of where you find them, as long as they follow Rapid7's development rules for Metasploit modules. It's also important because the automated update tool will sometimes break your Metasploit install by modifying your Ruby version or making another change to your environment. This lab will focus on sharpening your skills as penetration testers by having you search for an exploit online, download the exploit, install the exploit, and test the exploit. There is a third way to update Metasploit - Build your own module. You'll have to know how to program in Ruby. You can learn more about Metasploit exploit development here: http://www.offensive-security.com/metasploit-unleashed/Exploit_Development

1. Using your Kali VM, open the Iceweasel web browser by clicking on the icon to the right of the word “Places” and navigate to: http://www.exploit-db.com/ Wordpress is a popular content management system used for blogging on the world wide web. It has been in the news recently for having multiple vulnerabilities.
2. Click on the "Search" button.
3. In the "Free Text Search" field type: Wordpress
4. Click "Search".
5. Look at the exploits and notice the information on the left of the screen. One of the most important things to notice is the check mark. The check mark indicates the exploit has been vetted by the Rapid7 community. It's critical that you only import and use trusted exploits. Otherwise, you could be importing a trojan horse, or worse, onto your system or your customer's system.
6. Go to page 9 and click on "Wordpress HMS Testimonials Plugin 2.0.10 - Multiple Vulnerabilities".
7. Who is the author of this exploit?
7a. Answer:
8. What date was this exploit published?
8a. Answer:
9. Now click the download icon next to these words "Exploit Code:".
10. What type of file is this?
10a. Answer:
11. Open the file that you downloaded. As you can see these are instructions for exploiting a WordPress vulnerability in the way user feedback may be posted. So how would you go about loading this module into Metasploit? You wouldn't. This is simply a text file that walks through manually exploiting WordPress but I chose to show it to you because, as you can see, when you're looking for the latest exploits you don't always need to load a module. There are hands-on instructions for exploiting this vulnerability. If there isn’t a current exploit in Metasploit for your vulnerability be sure to check Exploit-db.com, not just for modules but also for hands-on exploit instructions.   
Metasploit is built on the Ruby programming framework. This means that our modules need to be .rb files. Any exploits that we want to import will need to be converted to Ruby code if they aren't already.
12. Close the text file and return to the web page. Go to page 9 and locate this exploit and click on it: Wordpress W3 Total Cache PHP Code Execution
13. Click the download icon. When prompted to save the file name it: wordpress_w3_php_code_exec.rb Hit the drop-down arrow next to "Save in folder:" and select "Desktop".
14. Click "Save".
15. Minimize all of your windows. You should see a Ruby file on your desktop.
16. Switch your focus to your Metasploit instance. How many exploits are listed? Type: banner
16a. Answer:
17. Now it's time to import your new Ruby file to the Metasploit framework. Open a shell by clicking on the black box next to the word "Places" at the top of your desktop screen. Type this to copy in your new exploit: cp /root/Desktop/wordpress_w3_php_code_exec.rb
/usr/share/metasploit-framework/modules/exploits/multi/php
18. Switch back to your Metasploit shell and type: reload_all
19. How many exploits do you have now?
19a. Answer:
20. Type: use exploit/multi/php/wordpress_w3_php_code_exec
21. Type: info
What does this module do?
21a. Answer:

You now have a better understanding of when to download an exploit versus updating your entire Metasploit install. You've downloaded an exploit that you needed and manually added it to Metasploit. You've looked for a recently published exploit, download it, copied it to the appropriate location within Metasploit, and verified its availability as a module.

Now let’s look at the professional version of Metasploit.

Type: go_pro

Follow the prompts to upgrade your Metasploit version from the framework edition to the professional version.

PART II: Password Brute Forcing Lab

1. Open VMware Player and launch the Kali VM and login as root with your
password wilmuabc.
2. Open a shell by clicking on the little black box located at the top left of
the desktop, to the right of the word "Places".
3. Open another instance of VMware Player and launch the Metasploitable VM.
4. At the user logon prompt type: msfadmin
5. At the password prompt type: msfadmin
6. Type: ifconfig
7. Record the IP address here:

Hydra is a password brute forcing tool that supports many protocols. These are
just a few of the protocols: Samba, Cisco, IMAP, POP3, FTP, LDAP, Telnet, HTTP
Auth, VNC, MySQL, NNTP, SNMP

Let's look at Hydra's options.

1. Switch your focus to the Kali VM and, using the shell you already opened,
type: hydra
1a. Observe the commands available to configure Hydra.

We need wordlists to perform our bruteforcing.

2. Type: cd /usr/share/wordlists

The wordlist we want is zipped up to save space. Let's unzip it.

3. Type: gunzip rockyou.txt.gz

Now let's use Hydra.

4. Type: hydra -l ftp -P /usr/share/wordlists/rockyou.txt -f -v x.x.x.x (target IP address) ftp

What is/are the password(s) to the ftp user account?
4a. ANSWER:

Let's test our findings.

5. Type: ftp x.x.x.x (IP of Metasploitable)
6. Type your username you found.
7. Type your password you found.
Confirm you have logged in.
8. Type: quit

Solution PreviewSolution Preview

This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.

1. Using your Kali VM, open the Iceweasel web browser by clicking on the icon to the right of the word “Places” and navigate to: http://www.exploit-db.com/ Wordpress is a popular content management system used for blogging on the world wide web. It has been in the news recently for having multiple vulnerabilities.
2. Click on the "Search" button.
3. In the "Free Text Search" field type: Wordpress
4. Click "Search".
5. Look at the exploits and notice the information on the left of the screen. One of the most important things to notice is the check mark. The check mark indicates the exploit has been vetted by the Rapid7 community. It's critical that you only import and use trusted exploits. Otherwise, you could be importing a trojan horse, or worse, onto your system or your customer's system.
6. Go to page 9 and click on "Wordpress HMS Testimonials Plugin 2.0.10 - Multiple Vulnerabilities".
7. Who is the author of this exploit?
7a. Answer: RogueCoder
8. What date was this exploit published?
8a. Answer: 2013-08-12
9. Now click the download icon next to these words "Exploit Code:".
10. What type of file is this?
10a. Answer: text file...
$70.00 for this solution

PayPal, G Pay, ApplePay, Amazon Pay, and all major credit cards accepted.

Find A Tutor

View available Network Management and Data Communication Tutors

Get College Homework Help.

Are you sure you don't want to upload any files?

Fast tutor response requires as much info as possible.

Decision:
Upload a file
Continue without uploading

SUBMIT YOUR HOMEWORK
We couldn't find that subject.
Please select the best match from the list below.

We'll send you an email right away. If it's not in your inbox, check your spam folder.

  • 1
  • 2
  • 3
Live Chats