Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Wilmu vmware

18/11/2020 Client: arwaabdullah Deadline: 3 days

In this lab we are going to set up your Kali and Metasploitable VMs for use in our weekly labs.

We'll run the virtual machines, gather their IPs, and confirm they are able to send/receive traffic between each other.

There are only a few questions but be sure to answer them so the work you perform may be captured for grading purposes.

Preamble.

You will need to download your chosen Virtual Machine Manager (VM) choose the VM that works for your operating system

For Windows

http://www.vmware.com/ - Downloads – VMWare Player

https://www.virtualbox.org/wiki/Downloads

For OSX (Mac)

http://www.vmware.com/ - Downloads – VMWare Fusion (NOTE – This software is not free you can only download a 30 day trial)

https://www.virtualbox.org/wiki/Downloads

Next Download Kali Linux

https://www.kali.org/downloads/

Select Kali Linux 32 Bit and click the direct link for ‘ISO’

Download Metasploitable Linux (This is our target operating system)

https://sourceforge.net/projects/metasploitable/

Click the green button marked ‘download’

Next is installation

https://www.youtube.com/watch?v=a0X9-lCOsEo This Video will guide you through installing Metasploitable using virtual box – the process is similar for VMWare

https://www.youtube.com/watch?v=FVmWMogGX4Q This Video will guide you through installing Kali Linux in Virtual Box – the process is similar for VMWare

During the installation make sure that the password you select for the ‘root’ account is toor

During the installation you will be asked to give your kali VM a ‘hostname’ please make sure that you put your name as the hostname for the machine.

Class: SEC6070

Name:

Date:

1. Open VMware Workstation.

2. Start your Kali and Metasploitable VMs.

Both your Kali VM and your Metasploitable VM should be running.

3. Select Kali linux

4. Type this username at the login prompt: root

5. Type this password: toor

We need to change the default password because it's not secure.

While the password we're changing it to isn't necessarily secure (for the sake of simplicity in this class) we still need to change it on principal.

6. Open a shell. (Look for a small black box at the top left of your screen.)

7. Type: passwd

a. Paste your screenshot here:-

8. Type: wilmuabc (it will ask you to repeat the password)

9. Type: ifconfig

a. Paste your screenshot here:-

10. Record your IP address here:

ANSWER:

NOTE IN ALL FURTHER WORKSHEETS UNLESS OTHERWISE TOLD THIS WILL BE YOUR ‘LHOST’ OR LOCAL HOST

11. Let's double-check no firewall is running.

a. Type: iptables -L (All policies should be set to "ACCEPT".)

b. Paste your screenshot here:-

12. Press ctrl+alt to escape your Kali VM.

Now let's switch our focus to the Metasploitable VM.

13. At the user logon prompt type: msfadmin

14. At the password prompt type: msfadmin

This is an intentionally vulnerable system so there's no point in changing the password from the default.

15. Type: ifconfig

b. Paste your screenshot here:-

16. Record the IP address here:

NOTE IN ALL FURTHER WORKSHEETS UNLESS OTHERWISE TOLD THIS WILL BE YOUR ‘RHOST’ OR REMOTE HOST

Now we know the IP addresses of our Kali and our Metasploitable VMs.

Let's test connectivity.

17. You should still be at the Metasploitable prompt.

a. Type: ping {insert the IP address of your Kali VM}

b. Press ctrl+c to stop the ping.

c. Paste your screenshot here:-

Now let's verify connectivity from the Kali VM.

18. Switch your focus to the Kali VM. (Reminder: Press ctrl+alt to escape the Metasploitable VM.)

19. Click on "Applications-Internet-Firefox Web Browser".

20. Once Firefox opens type the IP address of your Metasploitable VM in the address field and navigate to it.

You should navigate to a running web service.

a. Paste your screenshot here:-

Listed on your webpage should be a list of vulnerable web services that we will be testing against later in the class

Once you have completed this worksheet please submit it for grading via the link on blackboard

Linux Primer with Kali

Class: SEC6070

Name:

Date:

This lab is meant to familiarize you with the Linux operating system.

While it is not meant to make you a Linux power user, it is meant to make you comfortable with moving around the operating system.

We won't go over the file system hierarchy or delve into the more technical aspects of how Linux works but we will go over common commands so you have a working knowledge of Linux.

Linux commands will still be provided to you in future labs but it is important that, as an IT professional, you memorize these commands.

*Special Note: Unlike Windows, Linux shell commands and paths are case sensitive.

1.Open VMware Workstation/Virtual Box and launch the Kali VM.

We'll start by learning to move around Linux.

2. Launch a shell. (It's the black box icon to the right of Applications, Places, System.)

a. Paste your screenshot here:-

3. Type: whoami (This is the account you're logged in with.)

a. Paste your screenshot here:-

4. Type: pwd (pwd stands for "present working directory")

a. Paste your screenshot here:-

5. Type: ls –alF

a. Paste your screenshot here:-

b. What does this command do?

c. What does the ‘switch’ –alF achieve?

6. Type: cd /

a. Where does this command put you in the file system ‘tree’?

7. Hit the up arrow on your keyboard and then hit it again.

Observe that it shows you your previous commands.

This is a big time saver.

8. Type: ls /usr/share

a. Paste your screenshot here:-

Notice all of the tools.

These are your penetration testing tools.

9. Type: cd .. (This will take back to your parent directory.)

10. Type: pwd

a. Paste your screenshot here:-

Where are you now?

11. Type: clear

a. What does this command do?

12. Type: history

a. Paste your screenshot here:-

b.What does history show you?

13. Type: {press the spacebar} date

14. Hit the up arrow twice and hit enter.

a. Paste your screenshot here:-

b. What didn't the history command show you?

c. Why is this important?

15. Type: clear

All software, drivers, drives, etc, are considered files in Linux.

There are many useful commands to perform searches and queries on files in a Linux operating system.

16. Type: locate gunzip

a. Paste your screenshot here:-

17. Type: find /usr/share | more (Hit ctrl+c to stop the output.)

a. Paste your screenshot here:-

18. Type: whereis msfconsole

a. Paste your screenshot here:-

19. Type: whatis motd

a. Paste your screenshot here:-

Linux has many text editors available for use:

20. Type: cat /usr/share/doc/funkload/examples/demo/cmf/passwords.txt

a. Paste your screenshot here:-

b. What did "cat" do?

c. Are able to edit the file?

21. Type: nano /usr/share/doc/funkload/examples/demo/cmf/passwords.txt

a. Paste your screenshot here:-

Nano is considered to be easier to use for users new to Linux text editors.

When you type you immediately begin editing the file.

Press ctrl+x to exit.

Press "n" to not save any changes.

Sometimes you need to learn more about commands you are not familiar with.

22. Type: man top

a. Paste your screenshot here:-

b. What does the man page description indicate the "top" program does?

c. Type: q

23. Type: info man

a. Paste your screenshot here:-

To exit type: q

(Sometime people find it easier to read info pages as opposed to man pages.)

24. Type: top -help

a. Paste your screenshot here:-

b. What is printed to the screen?

Let's look at a few Linux networking related commands that are useful to know:

25. Type: ifconfig

a. Paste your screenshot here:-

b. What is the IP address?

26. Type: route

a. Paste your screenshot here:-

b. What is the gateway?

27. Type: cat /etc/hostname

a. Paste your screenshot here:-

b. What is the hostname?

If your hostname is not your name

Type nano /etc/hosts

Delete ‘Kali’

Replace it with your own name

Save and exit

a. Paste your screenshot here:-

28. Type: cat /etc/resolv.conf

a. Paste your screenshot here:-

b. What is the address of the nameserver (aka DNS server):

29.Find the "sudoers" file.

Read its contents.

a. Paste your screenshot here:-

b. What is the exact location of the sudoers file?

c. What commands may members of the sudo groups execute?

30. Edit the hostname of your machine, type :nano /etc/hostname

delete ‘kali’

add your name in its place

press ctrl x

yes to save changes

enter to quit

a. Paste your screenshot here:-

There are many more commands used in the Linux operating system.

There are also multiple scripting languages available, the most common of which is BASH.

You are encouraged to continue learning more about the Linux operating system as it is responsible for running most of the machines we interact with on regular basis.

Once you have completed this worksheet please upload it via the link on blackboard for grading

Introduction to Metasploit - A Tour

Class: SEC6070

Name:

Date:

What is Metasploit?

Metasploit is an open source framework for exploitation that has transcended its humble beginnings and become a "penetration testing environment suite" - my interpretation. I say this because you are now able to use Metasploit to accomplish any task in the penetration testing phase and based on your findings you may choose a tool/methodology, modify an existing tool/methodology, or create a new tool/methodology to accomplish your goal.

While most penetration testing options like Canvas have additional options and features, none provide you with the freedom and flexibility that Metasploit does. So while Kali is a wonderful Linux-based operating system loaded with tools, a pentester has everything he or she needs in Metasploit. As you will soon learn in this course, Metasploit has reconnaissance tools (discovery and vulnerability scanners), malicious code generators, evasion apps so your exploit doesn't get caught by IPS or antivirus, password attack tools, and many, many more.

PLEASE DON’T CONFUSE METASPLOIT (THE FRAMEWORK) WITH METASPLOITABLE (THE VULNERABLE BY DESIGN OPERATING SYSTEM)

1.Open VMware and launch the Kali VM and login as root with your password wilmuabc.

2. Launch a terminal (shell). (It's the black box icon to the right of Applications, Places.)

3. Type: msfconsole

Wait patiently for Metasploit to load.

a. Once loaded paste your screenshot here: -

4. Open another terminal and type: env

a. Paste your screenshot here: -

(View the PATH variable. When you attempt to execute a program Linux looks at all of the paths in the PATH environment variable to find and execute the program. That's why you may type "msfconsole" and the program executes.)

5. If you visit the Rapid7 website (https://www.rapid7.com/) you will find you have the option to register for notifications, support, and updates of Kali.

Rapid7 has moved away from using SVN for code management to Git.

For our purpose, here it doesn't matter but if you enjoy working on the bleeding edge of distros you may want to register and upgrade to the latest version.

a. Paste your screenshot here: -

6. Switch your focus back to the Metasploit shell. Look at the information under the banner and answer the questions below about the various modules available.

6a. How many exploits does Metasploit have:

6b. How many auxiliary exploits does Metasploit have:

6c. How many post modules does Metasploit have:

6d. How many payloads does Metasploit have:

6e. How many encoders does Metasploit have:

6f. How many nops does Metasploit have:

Metasploit Modules Breakdown

I've defined Metasploit's modules below.

Take the time to read them so you have a better understanding of their purpose and use.

Exploits - Pre-packaged malicious executables that takes advantage of a vulnerability to gain access to a system and deliver a payload.

Payloads - Can be a variety of applications/configurations used to establish foothold on system post-exploitation. Examples are reverse shells that call home or stagers for further exploitation and persistence. Meterpreter is a particularly useful and commonly used payload shell.

Encoders - Obfuscates exploits and payloads so they can't be fingerprinted by AV or IDS/IPS definitions.

Auxiliary - Attack components such as DoS tools, buffer overflows, SQL injection apps, fuzzers, and more.

Post - Automation modules for post-exploitation. Tools to further establish access on a system or network like keystroke loggers and privilege escalators.

NOPs - NOP sled tools such as buffer overflow reference material for custom NOP sleds. For simplicity's sake we'll say NOP sleds tell a processor to do nothing for a specified number of clock cycles, thereby increasing the chances of your code executing successfully.

With that brief introduction behind us let's learn by doing.

*You may want to maximize your terminal to full screen.

7. Type: help (Notice the list of commands available to you in Metasploit.)

a. Paste your screenshot here:-

8. Type: show exploits (Wait patiently for the Metasploit database to be queried and print the results to your terminal.)

a. Paste your screenshot here:-

b. Notice the format: Name, Date, Rank, Description

c. What is the date of the "windows/http/sonicwall_scrutinizer_sqli" exploit?

d. What is its rank?

e. What is its description?

9. Encoders allow you to encode your payload so it doesn't trigger antivirus or IDS tools like McAfee's HBSS.

This is very important to know and understand because most AV and IDS tools aren't going to catch your payload if you encode it.

a. Type: show encoders

b. Paste your screenshot here:-

c. Find and document an encoder of your choice here:

10. Payloads are the deliveries we will make to the system we are exploiting.

a. Type: show payloads

b. Paste your screenshot here:-

c. Find and document a payload for the Mac OS here:

a. Paste your screenshot here:-

11. We will use auxiliary modules quite a bit. There are a variety of community provided penetration testing tools located here.

a. Type: show auxiliary

b. Paste your screenshot here:-

c. Does the auxiliary module contain scanners?

d. If so list them here :-

Now let's get down to business and pretend we are professional penetration testers researching a strategy to gain access to an industrial control system network such as a water treatment plant.

12. We need to find a Windows SCADA exploit.

a. Type every word after this colon: search windows/scada

b. Paste your screenshot here:-

13. Let's learn more about a particular module we found in our search results to confirm it will be useful to us.

a. Type: info windows/scada/moxa_mdmtool

b. Who provided this exploit?

c. What are the options available for this exploit?

d. What references are available?

e. What does the description tell us this module does?

14. This may be the exploit we need to compromise the system.

a. Type: use windows/scada/moxa_mdmtool

b. Paste your screenshot here:-

c. Type: show payloads

d. Document two payloads you would might use that are available for this exploit:

e. Paste your screenshot here:-

15. Type: show advanced

a. These advanced options, for the most part, won't normally be changed by you. You will want to change them in some cases though. Scroll down to the SSL option. It's currently set to false. If you were running a reverse shell out of a network you may want to enable SSL not only to potentially hide your activity but to also protect your client. The last thing you want to do expose the client's data to a third party because you transferred it in clear text over the internet.

16. Type: show options

a. Paste your screenshot here:-

b. These are the setting the exploit currently has.

17. Type: info

a. Paste your screenshot here:-

17. Type: help

a. Paste your screenshot here:-

b. What command would you type to verify a system is vulnerable to this exploit?

c. What command would use to execute the exploit?

19. Type: exit

Now let's take a look at how Metasploit's file system is organized.

20. Type: cd /usr/share/metasploit-framework/modules

a. Type: ls (You should recognize the high level organization.)

b. Paste your screenshot here:-

21. Type: cd exploits

a. Type: ls

b. Paste your screenshot here:-

(As you can see, you may drill down in each folder to view available tools Metasploit offers. Although this isn't necessary, it is good to understand how the Metasploit is organized for troubleshooting modules.)

You've gained a basic understanding of Metasploit's organization and how to explore this popular open source penetration testing tool suite. We'll gain a higher level of understanding and take part in a more advanced use of Metasploit in subsequent labs.

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Helping Hand
Quality Homework Helper
Buy Coursework Help
Top Quality Assignments
Top Essay Tutor
Writer Writer Name Offer Chat
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$60 Chat With Writer
Quality Homework Helper

ONLINE

Quality Homework Helper

Hi dear, I am ready to do your homework in a reasonable price.

$62 Chat With Writer
Buy Coursework Help

ONLINE

Buy Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$62 Chat With Writer
Top Quality Assignments

ONLINE

Top Quality Assignments

Hey, I have gone through your job posting and become very much interested in working with you.I can deliver professional content as per your requirements. I am a multi-skilled person with sound proficiency in the English language for being a native writer who worked on several similar projects of content writing and can deliver quality content to tight deadlines. I am available for both online and offline writing jobs with the promise of offering an incredibly responsive and supreme level of customer service. Thanks!

$55 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades.

$65 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Capital Budgeting Decisions - Character analysis jay gatsby - Examples of main points in a speech - Access control Assignment 5 - Resident evil 4 manic brent - Criminal justice decision making model steps - Understanding pathophysiology 1st edition - Introductory statistics homework answers - Blood music greg bear free pdf - Ujt triggering of scr - Australian rainfall and runoff a guide to flood estimation - How to reference gibbs reflective cycle - Financial Ratios Analysis and Comparison Paper - Lumo energy my account login - Based on this model, households earn income when purchase in resource markets. - Reduction of camphor lab report - 5 PAGES - APA EXPERT ONLY - Human Resources - No Extension - Herts grid for learning - Financial Statement Concepts - Core Solutions of SharePoint Server 2013 and Policy - The analytical frame of mind - When washing hands which of the following statements is incorrect - Discussion Board and Paper - The aliens have landed at our school - Imagonline - Respond to David post listed below: - Direct and indirect objects worksheet doc - Emerging and Alternative Generation Technologies - Rci canal boats england - What is a gatekeeper ppo - Gedling access road map - Problem#14 - Home depot customer satisfaction - Informative essay foundation of army leadership - Designing a team 200 word summary - Pain relievers and gain creators - Hermite and laguerre polynomials - Franchise times top 200 restaurant franchisees - Qrb 501 quantitative reasoning for business final exam - In leaves no step had trodden black figure of speech - Sd card esd protection - Dutch graphic artist escher - Project management recommendation ops 571 - SWOT ANALYSIS - Teaching plan - Simmons case study - Ir reflow temperature profile - Robbins contemporary human behavior theory - Speech - Management information system of walmart - Deakin master of landscape architecture - Stump grinder hire jewsons - Summarize the great flood of 1927's impact on mississippi - A girl pushes a kg lawn mower - Lab reflection questions - Gelds 48-60 - Unit 1 lab: cloud services - Chlorine has two naturally occurring isotopes - Gcu doctrinal statement - Need some questions answered from INTRO TO STATS - International Financial System - What is the noon sun angle on april 11 - A rocket blasts off and moves straight upward - Ka ba and akh - The 6 elements of music - C489 fmea table - The outcasts of poker flat characters - Miss clairol short story - Bertrand russell thought philosophy was important because - Case Study - Intercultural Management - 16742 e mason rd sidney oh 45365 - Hydrogen burns with a pop sound - 202080: Fall 2020 8B-ENG-1101-OB, Representations Pacific Life - 3 wire zone valve wiring diagram - Week 3 progress log - Discussion - Distinguished talent visa 858 australia rate of success - Claudette nevins cause of death - Medford mail tribune election results - Assignment 4 mobile devices and self service e commerce - Discussion Questions - Ordinary writing as opposed to poetry - Safety of genetically engineered foods persuasive speech - Week 5 Research Paper: Develop a Computer/Internet Security Policy - Health spa business plan - Eleanor rigby lyrics meaning - Group 4 project presentation - Divorce and remarriage four christian views pdf - Steven universe future episode 1 reddit - Mla style scavenger hunt answers - Intro to Public Administration - Vernon claims that his contract with ulani is voidable. if their contract is avoided - Lagard 39e programming instructions - Swot analysis disney parks and resorts - Preschool children _____ self esteem and _____ self concept - Kim anh vu adelaide - Canicula norma cantu - Assessment health and illness beliefs - Elements of traditional literature - Bcc city plan mapping