Lab Guide For Student
Lab Guide For Student
Table of Contents
Chapter 1. Introduction to the penetration testing ............................................................... 3
Laboratory 1.1 Basic configuration of Kali Linux and Metasploitable 2 ..................................... 3
2
Chapter 1. Introduction to the penetration testing
Task:
run all three VM’s used in the course;
update Kali Linux;
configure network connection between all hosts;
ping from Kali Linux other VMs;
find file “hydra” with commands “locate” and “find”;
Tasks:
find people which work in IBM using social networks like Linkedin.
Determine how email address of IBM’s employee is formed;
Discover the specific of use of the following advanced search operators:
3
- “” and “site:” - find all pages containing phrase “top secret” on the site of pentagon;
- “inurl:” – find login pages on domain whitehouse.gov
- “filetype:” – find all docx files on .gov domains containing phrase “top secret”;
- Find Google documentation about advanced search operators and play with other
operators.
Discover what URLs are hidden from search robots in robots.txt files on sites of Pentagon
and Whitehouse.
Discover contents of Google Hacking Database;
Check where a user is registered with specific user ID using services like
https://namechk.com/
Find how defense.gov site looked like 5 years ago using service waybackmachine.org
Tasks:
using online traceroute determine path to domain given by tutor;
determine what DNS and mail servers are used by domain given by tutor;
determine IP-address of site given by tutor;
determine range of IP-addresses with whois utility where the site given by tutor is registered
conduct DNS bruteforcing with fierce utility for domain given by tutor;
run theharvester utility for domain given by tutor.
Tasks:
using Maltego collect information regarding specific company given by tutor.
using Maltego ccollect information regarding specific domain given by tutor
Tasks:
Scan 192.168.12.6 with Zenmap – determine open ports;
Scan 192.168.12.6 with NMap Metasploitable 2 – determine open ports, version of running
services and version of operating system
Scan 192.168.12.6 with db_nmap from Metasploit Framework
Export scan results from the Metasploit database and open it in LibreOffice Calc.
Lab Objectives
Tasks:
1. Connect of FTP server on 192.168.12.6 and determine it’s version;
2. Using information about version find what vulnerabilities exist for given FTP-server;
3. Exploit the discovered backdoor in FTP-server;
4. Perform Steps 1-2 for Web Server on 192.168.12.6. For determining version of web-server
use NMAP.
6
Laboratory 3.4 Using vulnerability scanners for vulnerability assessment
Purpose: understand principles of using vulnerability scanners
Tasks:
1. Configure and update OpenVAS scanner in KaliLinux;
2. Conduct scanning 192.168.12.6 with OpenVAS;
3. Install and update Nessus;
4. Conduct scanning 192.168.12.6 with Nessus;
5. Import results of Nessus scanning to Metasploit database.
6. Compare results of scanners.
Tasks:
1. Upload on Metasploitable 2 «unix-privesc-check» utility and conduct local security check;
2. Conduct scanning 192.168.12.6 with Nessus with “Credential Patch Audit policy”. Provide
ssh credentials.
3. Compare report generated by Nessus with report obtained in previous lab.
4. Find an appropriate for Metasploitable 2 checklist on https://www.cisecurity.org/ and
conduct at least 5 manual checks from it.
7
Laboratory 3.6 Specific scanning tools
Tasks:
1. Find SMB shares on Metasploitable 2 with corresponding scanning module in Metasploit
Framework;
2. Find NFS shares on Metasploitable 2 with corresponding scanning module in Metasploit
Framework;
3. Check the existence of backdoor on vsftpd with nmap script .
Chapter 4. Exploitation
Tasks:
1. Conduct ARP-spoofing attack between Lubuntu and Metasploitable 2; Review ARP-tables
on each hosts before and after attack;
2. Intercept FTP-session with Ettercap sniffer and intercept images with driftnet utility;
8
Laboratory 4.2 Use of Metasploit command line for vulnerability exploitation
Tasks:
Using Metasploit Framework console exploit the following vulnerabilities:
unreal_ircd_3281_backdoor
java_rmi_server
drb_remote_codeexec
Tasks:
Using Armitage check misc attacks and find one for which Metasploitable 2 is vulnerable.
9
Using Metasploit Framework determine what DBMS are running on the target server. Bruteforce
passwords and get contents of tables with users accounts data.
Task:
run NMAP and define network services which are supporting authentication;
find wild command shells and connect to them;
find modules in Metasploit Framework which are used for login to ftp, tomcat, vnc, etc.
bruteforce passwords;
enumerate users via SMB-protocol using corresponding Metasploit Framework module.
Check whether exist users with passwords equal to accounts’ names.
Task:
10
Using nmap and Metasploit Framework determine if remote systems are vulnerable to mentioned
attacks. Detect the mentioned vulnerabilities and exploit remote systems.
Task:
11
Purpose: Learn how to brute force form-based authentication
Task:
Using THC-hydra check default passwords for Tomcat server on 8180 on Metasploitable 2
Find in the Internet cmd.war and deploy it on the Tomcat server;
List users of Tomcat and OS;
Purpose: Learn how to brute force http-basic authentication and execute OS commands through
the web-server.
Task:
12
Purpose: Learn how to exploit SQL-injection and hot to conduct offline brute-forcing of user
passwords.
Task:
Tasks:
1. SET - clone website to gain victim's passwords;
2. Create Malicious Weblink to Sniff Victim's Keystrokes;
3. Create Malicious Weblink, Install Virus, Capture Forensic Images
13
Chapter 7 Exploitation using client-side attacks
Task:
Task:
Using Metasploit Framework to create a backdoor with Meterpreter payload. Put in the
existing debian installation package of any small game. Install it and get Meterpreter shell.
Took the etc/shadow file from the remote host
14
Material and technical equipping of the workplace
- Kali Linux 2 VM (192.168.12.5)
- Lubuntu 12.04 VM (192.168.1.55)
15