RANDOM2Redo.docx

SEC 4030 Ethical Hacking
Term: Summer 2021

Lab Assignment 4 – Exploiting

Due Date: July 14 2021 by 5pm ET
Points Possible: 10

Name:

1. Overview

As an ethical hacker you are scanning the target network and identify a potentially vulnerable server. You do some research and find a vulnerability and exploit for the target system. You then launch the exploit to gain root level access to the target!

2. Initial Setup

Log into the Virginia Cyber Range Cyber Basics environment.

Task 1: Perform a network scan to identify a potentially vulnerable server

First identify your network using the route command. The network ID will be located under the word default on the left hand side of the table.

Question 1: What is your network ID?

Next, perform an nmap scan on your entire network, this will the target network. Use the following command, but replace “network_id” with your actual network ID.

nmap network_id/20

You will see the IP address of the hosts scanned and any ports that are open on the host. By default, nmap scans the 1000 most common ports. If you see a host with open ports of 139/tcp and 445/tcp, this is a potentially vulnerable target running Windows and a file sharing service (SMB). The IP address of this host will now become your target_ip.

Question 2: What is your target IP?

Task 2: Examine the details of the vulnerability

You have done some research on these open services and it looks like the best vulnerability to use for an exploit is going to be the SMB vulnerability CVE-2017-7494. Learn about this vulnerability at the National Vulnerability Database here:

https://nvd.nist.gov/vuln/detail/CVE-2017-7494

Examine the details of the CVE at the following link:

https://www.cvedetails.com/cve/CVE-2017-7494/?q=CVE-2017-7494

Use Google to find out the name of the Metasploit Module that can be used to exploit this CVE vulnerability.

Question 3: What is the name of the Metasploit Module?

Now that we have identified a vulnerability to exploit and know the Metasploit module name, it is time to get serious.

Task 3: Run Metasploit

Metasploit is a penetration testing framework that comes installed in Kali Linux. Metasploit commands are run from the command line.

First you need to start Metasploit Framework Console (msfconsole). There are several steps to properly starting the msfconsole.

First, you need to start the postgresql database service. This database is used by Metasploit to store information gathered via penetration testing activities. You will have to provide the student account password student when running this command.

service postgresql start

Second, you will have to initialize the msf database using the msfdb init command as follows. You will need to use the sudo command to run this command. The sudo command runs a command with root level privileges.

sudo msfdb init

Finally, you can start the Metasploit Framework Console by using the msfconsole command as follows:

msfconsole

The msfconsole will start and give you the msf> prompt once the startup has completed. While you are in the msfconsole, regular Linux commands will no longer work.

To see a list of commands that are available from the msf> prompt, type a ? and press enter.

The first command you will use is the search command which will allow you to look for information on the Metasploit exploit that you will use for this penetration test.

You can search for a CVE number or a Metasploit module name. Use the search command to look for the Metasploit module that corresponds to the vulnerability we discovered using the CVE number cve-2017-7494 using the following command from the msf> prompt:

search cve-2017-7494

The search command shows there is an exploit, the location of the exploit, disclosure date, the rank, and the description of the exploit. You can now use this information to exploit the target.

Question 4: What is the disclosure date and rank of the exploit?

Next you will use the use command to load the exploit as follows:

use exploit/linux/samba/is_known_pipename

When using the use command, you have to use the full path as shown in the name column of the search results.

The prompt will change to show the name of the exploit that was loaded.
Now use the options command to see the options for the exploit:

options

If you look at the options list, the first option RHOST is blank and is required. RHOST stands for Remote Host and is the IP address of the target system. Whenever you are attempting to exploit a target system, you always have to provide an RHOST.

You can use the set command to set the RHOST option using the following command. Remember the target_ip is the IP address of the target system identified in Question 2.

set rhost target_ip

Once the RHOST option is set, you can then use the exploit command to launch the exploit. If the exploit fails the first time, check to make sure the target IP address (RHOST) is correct using the options command and run the exploit again. If the exploit succeeds, you will get Command shell session 1 opened message. This means you have successfully executed the exploit against the target system.

After the Command shell session 1 opened message, you will just have a blinking cursor and no indication that you have entered a shell on the target system. Use the whoami command to see what account you are logged in as in the shell on the target system as follows:

whoami

Question 5: Paste a screenshot that shows your whoami here.

By the answer to whoami, you should know whether the exploit was successful. You should be able to run other commands such as pwd, ls, etc. to learn about your exploited target system.

The basic shell is a little difficult to work with as it gives you no prompt and no feedback if the command you execute fails. You can get a more usable shell by using a python script. Use the following command to create a more useful shell on the target system:

python -c ‘import pty; pty.spawn(“/bin/bash”)’

This command uses the python programming language to create a new bash shell. Bash is the default shell used in Linux.

Congratulations, if everything went well you now pwn the target system!

References

https://metasploit.help.rapid7.com/docs

©2019 Virginia Cyber Range. Created by Matthew Vogel. Modified by Angela Orebaugh (CC BY-NC-SA 4.0)

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code HAPPY