lab 2: penetration testing with metasploit
TRANSCRIPT
Lab 2: Penetration Testing with Metasploit
RationaleTo be able to defend a network or system it is necessary to understand what must be defended against. To that end, this lab calls for you to use some of the tools that malfeasants use to examine systems, looking for vulnerabilities.
Get and install Kali Linux Download the recommended Kali Virtual Machine from https://www.kali.org/downloads - choose 64 bits and VirtualBox if you want to follow along here. The downloaded file is an ova file (kali-linux-2021.2-virtualbox-amd64.ova) and is installed in VirtualBox by clicking 'File → Import Appliance'. Default credentials are kali/kali.
Armitage as a front end to MetasploitRun Kali Linux. Open a shell. Execute the command
sudo /etc/init.d/postgresql start
to start the database server that is used by metasploit. Next, execute
sudo armitage
as shown in Figure 1:
A dialog box appears as shown in Figure 2. Just click "connect". Armitage takes a long time to start. For a while you see what is shown in Figure 3, which looks like a problem due to the connection exception. But the reason for the exception is that the metasploit framework is not ready for connections yet. Eventually, a connection is made and Figure 4 shows the screen that appears, except without the two icons that represent discovered machines from previous launches of armitage. Those icons are the result of defining a workspace and machines in it. The `workspace' tab is used for this purpose. Armitage uses nmap to scan those machines for services. Once that is done, attacks can be suggested for the machines. This is done by selecting one of the icons, dropping the `Attacks' menu as shown in Figure 5, and selecting
Figure 1: Run Armitage in Kali Linux Figure 2: Armitage is starting
`Find Attacks'. Now an `Attack' menu is made available for the selected icon. This can be accessed with a right click over the selected icon. Doing so allows one to choose an attack as illustrated in Figure 6. Selecting an attack results in a window such as the one in Figure 7, where parameters can be set. When the attack is launched, progress and results are displayed in the bottom window in the background of Figure 7.
Figure 3: Armitage is connecting to the database Figure 4: Armitage is now ready
Figure 5: Find attacks on machine with IP address 129.137.4.132
Figure 6: Choose an attack
Figure 7: Choose parameters for an attack
Lab ExerciseDownload a Metasploitable Operating System appliance for VirtualBox. Open VirtualBox and import the appliance to VirtualBox by clicking 'File', then 'Import Client' from the menu. On the right side of the dialog box that opens there is a small square icon. Click that to open a File Dialog box and search for and select the appliance. Click 'Next' to begin the installation. Use Armitage from a second VM to try attacks on that OS. Login to the Metasploitable OS (username:msfadmin password:msfadmin) and find other vulnerabilities. Note that Metasploit and Armitage exist in Kali Linux but they need to be updated.
What to Turn InA Lab report showing up to 10 suspicious findings in a list. If there is a fix, state the fix in the list. Try exploits where possible and report the result (if the exploit failed say why). Examples of reports are here and here.
Note: Armitage is not being supported the way it should be at the moment. If you are having trouble because you can’t find Armitage in the Kali you downloaded or you found Armitage but the results are not what they are supposed to be, for example Armitage hangs during ‘Find Attacks’, then download an old version of Kali Linux, with Armitage, that is known to work well with Metasploitable. The username for the old version is root and the password is student. This is an appliance so it is added to VirtualBox in the same way Metasploitable was above.
Another possibility is to forget Armitage and direct attacks from the command line. A google search will reveal how to do this.
Update: Sheila notes that the latest version of Armitage can find massive exploits on Metasploitable by doing the following from a command shell in Kali:
cd /usr/share/metasploit-framework/modules/exploits/linux/misc sudo mv saltstack_salt_unauth_rce.rb saltstack_salt_unauth_rce.rb.bkp
Sheila also recommends to choose ‘set Exploit Rank’ from the ‘Armitage’ menu and then select ‘poor’. I tried the above and found a bounty of exploits. I did not notice any particular improvement when choosing a poor exploit rank, though.