Lab 3 - Vulnerability Scanning and Exploitation Instructions - Mar 4
Lab 3 - Vulnerability Scanning and Exploitation Instructions - Mar 4
WARNING:
Warning: Any use of penetration testing techniques on a live network could result in expulsion
and/or criminal prosecution. Techniques are to be used in lab environments, for educational
use only or on networks for which you have explicit permission to test its defenses.
Lesson Learning Outcomes: Upon completion of this lesson, students will be able to:
Demonstrate the use of different vulnerability scanning tools.
Identify vulnerabilities within a computer system.
Demonstrate the use of pre-built tools to exploit a vulnerability in a computer system.
Materials List:
Computers with Internet connection
Browsers: Firefox (preferred), Google Chrome, or Internet Explorer
Intro to Ethical Hacking lab environment
Introduction
In this lab we will explore methods of vulnerability scanning and exploitation using tools such
as SPARTA and Metasploit. Follow the steps below and answer all question in your own
words with as much detail as possible. Paste screen shots where requested. Include your
username in the filename.
Systems and tools needed:
Kali Linux (u: root, p: toor)
Metasploit2
Windows XP (SP2)
Ubuntu 12.04
Power down all other systems on your network.
Module Activity Description:
Part One: Vulnerability Scanning with SPARTA
Create a Filtered Report of the results and download as a pdf file. Review the report and
Based on the Scan Results, answer the following questions:
2. Which of your systems had the most vulnerabilities?
4. What CVE IDs are associated with the top vulnerability on your XP system?
6. Look at the top 2 vulnerabilities on the metasploit system. Describe how the scan
detected these vulnerabilities.
Module Activity Description:
Part Two: Vulnerability Detection with NMAP NSE
In this section, we will use prebuilt nmap NSE scripts to try and discover potential
vulnerabilities within our metasploit2 system. A list of all built in scripts can be found at
https://nmap.org/nsedoc/.
7. Determine the IP address of your metasploit2 system and record it here:
Run a service detection scan to determine the open ports and service info
nmap –sV <IP of system>
8. Paste a screen shot of the output.
Notice that Apache (httpd), Samba (smb), and NFS are services that are running on this system.
Let’s explore these.
Find which directories are accessible from NFS:
nmap --script nfs-ls <IP of system>
Try out some more scripts on your own. Find 2 that reveal some vulnerability information.
13. Paste screen shots and descriptions of the two scripts below.
Module Activity Description:
Part Three: Exploiting Vulnerabilities
In this section we will look at some examples of exploiting known vulnerabilities. Keep in
mind; these are very simple examples that should be patched on most systems. DO NOT
attempt to run these or any exploits on a system you are not authorized to do so on.
Above we discovered NFS directories that were available. Now we will attempt to mount the root
of the system to access these directories.
Now let’s see what we can access. Navigate to the msfadmin users home directory and find the
hidden ssh directory.
cd /tmp/nfs/home/msfadmin/.ssh
Open the authorized_keys file
Info: You just found the admin users ssh encryption key
Info: The last command gave you the password hash for the root user. This could come in
handy later.
Find another exploitable payload that will run against metasploitable2. (There are tons of
guides available on the Internet).
4. Provide screen shots of running the exploit. Then answer the following questions.
6. What is the CVE ID and description of the vulnerability that it took advantage of?
7. What were you able to access after successfully running the exploit?