Exploiting Unix and Windows Systems
Exploiting Unix and Windows Systems
Assignment Instructions
Part 1: Exploit Windows and Unix Systems
Step 1: Setup the Network
In this assignment you will again use the nmap scanning engine, but this time from a different starting point.
After you download a Windows VM (WVM), you will get it going and the MVM. You will then use Armitage, which is a graphical user interface for Metasploit, which is a well know exploitation tool.
Windows XP Link:
https://drive.google.com/drive/folders/1bdnOcPLwdKbqjrp1t-p4y3UMQjG1cvSj?usp=share_link
NOTE: The permissions of this are such that you may have to request access from the instructor to OK it before you can download this.
When the file downloads, select right click it and select “View in folder” or open your download folder and click “Date Modified” until a down arrow is displayed. Your download should be on top of the “Name” column. Right click it and select “Extract All” from the context menu. Select Browse and navigate to the “My Virtual Machines” “Windows XP” folder (Create this folder if you do not have one already). Click Next and begin the extraction process.
When this file is uploaded, it is split into two files with the extensions .001 and .002. By default, 7-zip will combine them during the extraction process, as long as the filenames stay intact, and they are in the same folder and you click on the first one .001 to start the extraction process.
Start VMWare Workstation Player (VMWP) by clicking the shortcut. Select Open a Virtual Machine and navigate to the WVM you just downloaded. It might be in a folder a couple of levels from where you expect it to be. In the “Open Virtual Machine” be sure to select “All Supported Files.” You should then be able to open the file “Windows XP Professional.vmx.”
From the VMWP screen select the “Edit virtual machine settings” link near the bottom right. Depending on how much memory you have in your machine select somewhere between 512 MB and 1 GB for your WVM memory setting. Now Select the “Network Adapter” selection and Select the “Bridged: Connected directly to the physical network” setting. Now click on the “OK” button on the bottom right of the screen and “Play virtual machine” from the Windows XP home screen in VMWare.
The Windows virtual machine (WVM) will go through the boot process, and once it gets to the desktop screen select “Start” – “Run” and type in cmd.exe into the open textbox. At the command prompt type in “ipconfig/all” and take a screenshot of the resulting settings that are displayed. Be sure that the IP Address is visible on your screenshot. You can now minimize the WVM by clicking the “_” in the upper right of the screen.
From the VWWP home screen select your Metasploitable virtual machine (MVM) selection. Remember that “msfadmin” is both the username and the password. From the command prompt type the command “ifconfig” and write down the IP address.
Now start up your Kali Virtual Machine (KVM) remembering that username is root and the password is toor.
Once you are on the desktop open a command line terminal. You can do this by right clicking on the desktop and selecting “Open Terminal” from the bottom of the context menu or by selecting the terminal icon which is the second icon from the top on the toolbar on the left side of the Kali desktop.
Make sure you can ping both the WVM and the MVM, using their IP address from the procedures above. Again, you will need to specify the number of packets using the switch –c 4 between the ping command and the IP address of the VM’s.
Step 2: Start Armitage and Scan the Network
Using the command line terminal type in the following command: “service postgresql status.” Make sure the service is running. Note: In older versions of Kali both the postgresql service and the Metasploit service need to be started. In the distro, they normally do not need to be but it is a good idea to check the postgresql service. This might return an error message if it is not needed. Also, if it is not starting you might need to create the database schema by typing in “msfdb init” the first time you run Armitage. This database is used by Metasploit and Armitage to keep track of the host and services in the target network.
From the “Applications” menu in the upper right of the Kali desktop in the second column select “Favorites” and “Armitage” which should be the 5th selection from the top. Select “Connect” then “Yes” on the “Start Metasploit” screen. It can also be found on the “08-Exploitation Tools” menu. You might see some error messages on the “Progress” screen as the interface loads, that is OK.
Eventually the Armitage interface will load. From the “Hosts” menu drop down menu item select “Nmap Scan”. Then select “Quick Scan (OS detect). From the “Input” screen enter your network range using CIDR notation (see the example on the “Input” dialogue box if you have questions).
Note that when the scan starts a new tab with “nmap” appears next to the “Console” tab in the middle of the Armitage screen. Do not interact with your Kali VM until “Nmap done:” appears at the bottom of the screen. Click “OK” in the “Scan Complete” window. Take a screenshot of the bottom of the nmap tab printout and make sure that the number of hosts and the amount of time the scan took is visible in your screenshot.
Step 3: Attack Windows Host with Armitage
By default, Armitage displays the hosts in the upper right of the screen as icons. The IP addresses below will appear blurry because Armitage stacks them all on top of each other. Right click the display background and select “Auto-Layout” then “Circle”. That will spread out the icons. Now right click again and select “Auto-Layout” and “None” from the bottom of the context menu. This will allow you to arrange the icons and spread them out where you can see them better.
After you arrange the icons in rows, notice that the icons correspond to the operating system. Yellow penguins indicate Linux/Unix systems and Windows operating systems in blue. Also, more information comes by hovering your mouse over the icon, and different Windows systems have different Windows logos.
Click on the icon that corresponds to your WVM. You can verify this by the different icon and by the IP address. It should now have a green dotted line around it indicating that it is selected.
On the left side of the screen the “Exploits” window can be distinguished by its white background. Underneath the “Exploits” window in the textbox type in “ms08.” NOTE: Windows XP is referred to in Metasploit as ms08.
Now you should see several folders and possible exploits below them.
At the bottom the folders and exploits you should see “ms08_067_netapi” under a folder called “smb”. NOTE: smb refers to “Server Message Block” protocol, which is used for file and printer sharing on a network.
Double click on the “ms08_067_netapi” entry in the “Exploits” window. This brings up a window called “Attack IP address” where “IP address” is the IP address of the WVM that you selected earlier.
Read the explanation given in the first white textbox on the “Attack” dialog box. Note that exploits are being developed for newer Windows operating systems. Look over the settings but do not change them. Click the “Launch” button.
After a delay, a new tab appears in the bottom half the screen with entitled: “exploit.” Note also that the icon representing the WVM changes as well after the exploit is run. Right click the icon, select “Meterpreter 1” then “Interact” then “Command Shell.”
This opens a new tab in the console window. At the very bottom you should see a command prompt with a blinking cursor. Click on the cursor and type: “cd ..” with a space after the “d”. Do it again and from the root C:> prompt type in “dir”. Make a screen shot of the showing the directory of C:.
This type of navigation can be used for capturing the flag contests and proving to your target organizational contact that you breeched the targets network.
Step 4: Attack Linux with Armitage
Identify your MVM by looking for the IP address that came from the ifconfig command you ran earlier. Click it so that a green dashed line appears around it. On the left side of the screen the “Exploits” window can be distinguished by its white background. Underneath the “Exploits” window in the textbox type in “usermap_script.”
Select “Samba” and then “usermap_script”. Read about this attack in the “Attack IP address” dialog box. In your assignment doc type: “Samba versions that the usermap_script exploit applies to…” and type the versions in.
Double click on the “usermap_script” entry in the “Exploits” window. This brings up a window called “Attack IP address” where “IP address” is the IP address of the MVM that you selected earlier.
Click the “Launch” bottom at the bottom of the “Attack IP address” dialog box. Right click the exploited MVM icon and select “Shell 2” and “Interact”. Remember “Shell 2” might have a different numeric designation.
From the command prompt type: “cd /” then “cd bin” then “ls” and take a screenshot of the visible files.
Part 2: Questions
When Windows first released Windows 2000, a default install resulted in IIS being installed and running. Why do you think Microsoft was criticized for this? What are some vulnerabilities present in early versions of Microsoft’s Web server?
What are some of the problems that might results from only deploying a firewall at the perimeter of an organization? Do most Linux distros come with a firewall? If so, explain it. What are some of the features of Microsoft’s “Internet Connection Firewall”?
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.