Module 1 Lab

pdf

School

Northern Kentucky University *

*We aren’t endorsed by this school

Course

484

Subject

Information Systems

Date

Oct 30, 2023

Type

pdf

Pages

Uploaded by fawb1

Module 1: Lab Exercise Accessing Virtual Machine and Metasploit Basics MCY 670 Web Security Lab Report Submission Instructions You are required to submit a lab report, which should include comments, descriptions, and explanations of each step that you perform. You must also include a small write up on each of the segment, and the necessity of each tool that you will be exploring in this lab task. Include screenshots of each step that you complete along with the texts in your lab report. Submission requirements: Lab report File format : MSWord or pdf (preferred) Report requirements  Include your name and lab title at the top of the report.  Number the questions and answers and answer each question in your lab report in sequence.  For each response, include the required text as well as all necessary and appropriate screenshots while performing the task. Crop the screenshots as necessary so that the text in the images are properly visible. o You may use the Snipping Tool on Windows to take screenshots from your PC, by clipping the area on the virtual machine screen. If you are using a Mac PC, press and hold together: Shift, Command, and 4, to enable the selection cursor for capturing screenshots.  At the end of your report, write a brief reflection of the lab exercise o What was the most valuable feature of the lab? o What did you learn from this experience? o Which concepts and terminology could you relate from the theoretical content to this lab experience? o How did you prepare for this lab? o What changes are you considering in preparing for your next lab?  Use black font color for texts  If uploading an MSWord format file, view the uploaded file from Canvas to make sure that the layout of images and texts are not overlapping in the report. If the contents seem to have moved around, upload a pdf instead of an MSWord file.

1. Introduction to hands-on laboratory exercises We will have multiple hands-on laboratory exercises to help us explore concepts of web security. For the purpose of performing the exercises, which involve “risky” networking behavior, v irtual resources have been provided for ensuring that the rest of the institutional network is not unwantedly disrupted. The following individual virtual machines (VM) have been provided for each student  The attacker: A Kali Linux OS virtual machine instance  Target victim 1: A vulnerable Linux (Metasploitable) OS virtual machine instance  Target victim 2: A vulnerable Windows XP OS virtual machine instance You need to refer to the IP address document provided on Canvas to obtain the IP addresses assigned to each of your set of VMs and the username/password for each of the VM types. Important : You may be able to view other VMs (from other security courses as well) while scanning the network. DO NOT access the other VMs. You must be very careful whenever you are typing IP addresses and must always limit your experiments using the IP addresses of your own VM instances. 2. Accessing Virtual Machines There are three recommended ways for accessing the virtual machines provided for you. The virtual machines placed within a protected sub- network within NKU’s primary network. Figure 1: Flow chart showing the options for accessing VMs Detailed information regarding accessing VMs is provided in the following separate documents on Canvas:  Accessing Your VM  COI Student VM Access and Help Requests Method 1 Managing COIVCenter1 through a COI Labs desktop (HTML): Involves more steps but is failsafe and should be employed if methods 2 or 3 do not work. Follow the steps below in sequence for accessing your VM instances: 1. Point your web browser to https://view.nku.edu 2. Click “VMWare Horizon HTML Access” 3. Login with your NKU username and password 4. You will see some options listed as square icons. Select “ COI Labs ”. You will be presented with a new Windows desktop. 5. From the start menu, scroll down to VMware -> VMware Workstation Pro and launch the application. 6. Click “ Connect to a Remote Server ” 7. On the next dialog, the server name is “ coivcenter1.hh.nku.edu ”.

8. Your username should be provided in the format of NKU\username (make sure the NKU\ part precedes your username, without spaces). 9. When prompted to remember your login, select “Never for this host”. 10. Your VMs may be found by expanding the coivcenter1.hh.nku.edu object. Method 2 Managing COIVCenter1 through a COI Labs desktop (VMWare Horizon Client): Similar to Method 1 but accesses COI Labs directly through desktop application instead of a browser. Follow the steps below in sequence for accessing your VM instances: 1. Point your web browser to https://view.nku.edu 2. Click “ Install VMware Horizon Client ” 3. You will be presented with several download options. Click the “Go to Downloads” link next to “VMWare Horizon Client for Windows”. 4. Install VMWare Horizon on your desktop, accepting all defaults. 5. Start the Horizon client on your computer. 6. Select “ Add Server ”. 7. When prompted for a connection server, enter “ view.nku.edu ” and press Connect. 8. Use your NKU username and password. Your username should be provided in the format of NKU\username (make sure the NKU\ part precedes your username, without spaces). 9. Follow steps 4-10 from the Method 1 Method 3 Managing COIVCenter1 through web interface: Most direct method of administering COIVCenter1, as it bypasses COI Labs entirely. However, for this approach to work, you must be:  Connected to the NKU on-campus network OR  Connected to NKU network remotely via VPN. Follow the instructions in the links below to install the VPN client on your computer  Windows: https://servicedesk.nku.edu/TDClient/2436/Portal/KB/ArticleDet?ID=122619  Mac: https://servicedesk.nku.edu/TDClient/2436/Portal/KB/ArticleDet?ID=122619 Follow the steps below in sequence for accessing your VM instances: 1. Point your web browser to https://coivcenter.hh.nku.edu 2. VERY IMPORTANT: Click “Launch VSphere Client (HTML5)”. Do NOT click the Flex client as it does not always behave predictably. 3. Login with your NKU username and password. 4. Your VMs may be located via selecting the VMs and Templates tab at the top of the left-most pane. Figure 2: Screenshots for accessing VMs via Coivcenter URL

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

3. Working on Kali Linux VM Once you have logged into the VM portal, you can choose which VM interface to launch. For our lab exercises, we will be using the Kali Linux VM instance, posing as the attacker . All instructions are to be executed on the Kali Linux VM, unless otherwise stated. Launching applications  Click on the Kali Linux icon in the top-left corner of the screen to expand the application menu. From here, you can launch the command line interface terminal (Terminal Emulator), web browser, etc., as needed. Figure 3: Kali Linux desktop screenshot  You can also launch a command line terminal with the shortcut Ctrl+Atl+T keys pressed together. Basic Linux commands Below are some basic Linux commands that you can use from the command line terminal. Run the following commands from the command line terminal and look at the output.  Switch a terminal to super-user , called “root”, mode (admin mode)  sudo – s The terminal prompt will then change from student@cit-485-kali to root@cit485-kali. Important: Do note that when typing in any passwords, do not get confused if you do not see anything, as because command line terminals will not show what is being typed when entering any password.  Exit from the root mode  exit The terminal prompt will then change from root@cit485-kali to student@cit-485-kali  Find your current directory location  pwd  Move from one directory to another > cd PATH_TO_MOVE The cd stands for change directory , and you need to specify the path where to move.  cd / (Move to the root of the file system)  cd /home/ (Move to the home directory)  cd /home/student (Move to the /home/student directory)  cd .. (Move to one-level up from present directory)  See the files and directories presented in your current location  ls You can also use the command ls -l to view the list of files and directories in a listed output.  Terminate a command  ctrl+c

 See the IP address of your VM  ifconfig  Connect connectivity to another networked device  ping IP_ADDRESS_OF_ANOTHER_DEVICE Replace IP_ADDRESS_OF_ANOTHER_DEVICE with the IP of the device that you want to check. You may also websites (e.g. google.com ) to check Internet connectivity. The output shows responses received or will keep waiting. You can quit “ pinging ” using the termination command ( ctrl+c ).  Command auto-completion: To avoid mistyping paths, commands, etc., you can use the tab-key on your keyboard to auto- complete the half-typed text. Examples:  ifco [hit tab] > ifconfig  his [hit tab] > history  You may refer to the following URL for a list of useful and common Linux commands: https://linuxhint.com/kali_linux_-beginner_guide/ 4. Setting up VM IP Addresses The IP addresses assigned to your VMs need to be changed for the network connectivity to function properly. You will need to perform the following steps in order for the networking among the VMs to be set up correctly. The IP address and other information allocated to each student is listed in the IP address document provided on Canvas . The document will provide you with the following information:  Three different and unique IP addresses for your Kali VM, Metasploitable VM, and Windows VM  There are also three more IP addresses which are same for all VMs for everyone  Default gateway IP  Netmask address  Broadcast address Changing IP on the Metasploitable Linux VM You are provided with a script to automate the process of changing the IP address for the Metasploitable Linux VM. The script file is located in the /home/msfadmin/ directory on your VM.  Log in to your Metasploitable Linux VM using the provided username/password.  You will find that you are already in a command line terminal.  Use the cd command to go to this directory  cd /home/msfadmin/  The name of the script file is change-ip.sh . Use the ls command to make sure that the file is located there.  Run the following command to execute the script  sudo sh ./change-ip.sh IP_ADDRESS GATEWAY NETMASK BROADCAST Replace the IP_ADDRESS , GATEWAY , NETMASK , and BROADCAST items in the above command with the information from the IP address document provided on Canvas.  You will be prompted for the password (enter the password for the student account). Remember that you will not able to see anything as you type the password.  You will be prompted with the entered information, and if correct, enter y and hit return.  Successful execution of the script will change the IP address, and restart the networking.  Use the ping command to check if you can ping google.com  Use ctrl+c to stop pinging when you see responses for the ping. Changing IP on the Windows XP VM You have to change the IP address manually. Follow the following steps to change the networking configuration on the Windows VM.  Log in to your Windows XP VM using the provided username/password  Click Start > Control Panel > Network and Internet Connections > Network Connections  Right-click Local Area Connection > Click Properties  Select with a single-click Internet Protocol (TCP/IP) , and then click the Properties button  In the pop-up window, select Use the following IP address

 In the fields below, enter/change the IP address , Subnet mask , and Default gateway , with the information from the IP address document provided on Canvas.  Verify that Use the following DNS server addresses have the following information:  Preferred DNS server is set to 172.28.102.11  Alternate DNS server is set to 172.28.102.13  Click OK to close the current window, and then OK again to close the previous window.  After closing all windows, click Start > Command Prompt  In the command line terminal, use the ping command to check if you can ping google.com  You should see 4 ping responses and then it will terminate automatically. Changing IP on the Kali Linux VM You are provided with a script to automate the process of changing the IP address for the Kali Linux VM. The script file is located in the /home/student/ directory on your VM.  Log in to your Kali Linux VM using the provided username/password  Launch a command line terminal  Use the cd command to go to this directory  cd /home/student/  The name of the script file is change-ip.sh . Use the ls command to make sure that the file is located there.  Run the following command to execute the script  sudo sh ./change-ip.sh IP_ADDRESS GATEWAY NETMASK BROADCAST Replace the IP_ADDRESS , GATEWAY , NETMASK , and BROADCAST items in the above command with the information from the IP address document provided on Canvas.  You will be prompted for the password (enter the password for the student account). Remember that you will not able to see anything as you type the password.  You will be prompted with the entered information, and if correct, enter y and hit return.  Successful execution of the script will change the IP address, and restart the networking.  In the command line terminal, use the ping command to check if you can ping google.com  Use ctrl+c to stop pinging when you see responses for the ping.  From the command line, use the ping command to check and verify that your Kali VM can reach the other two VMs.  ping YOUR_METASPLOITABLE_VM_IP  ping YOUR_WINDOWS_VM_IP  You should be receiving successful ping response messages in both cases. Use ctrl+c to stop pinging when you see responses for the ping. 5. Running msfconsole Metasploit requires a working database connection. By default, it comes with a PostgreSQL configured with it. However, you are required to ensure that it is running, and then, start the Metasploit service.  sudo service postgresql start Next, you have to initialize the database, after which, you now launch the Metasploit console.  sudo msfdb init  msfconsole After you are in msfconsole, you will see the prompt msf> The first time the metasploit service is launched, it will create an msf database user and a database called msf . You can run the following command (in the msf> prompt) to verify the database connectivity:  db_status You can type various command names to execute on metasploit. Run the following command to view the options for the connect command.  help connect Use the exit or quit command to exit from the msfconsole application.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

6. Running Armitage Armitage is graphical interactive tool for Metasploit. We will primarily use Armitage for our labs (except some few external tools), using the UI and command-line interface. To run launch the program, run the following:  armitage Once you run the program, you will receive a prompt to connect to the engine. Click Connect . Next, you’ll receive another prompt to start Metasploit RPC Server. Click Yes . You’ll see a progress bar trying to connect to the engine and then to the database. Note : In case the database connection fails, you need to start the database service, and then start the metasploit service so that it initializes the database tables. After that, you can try again to run armitage. If it still does not run, restart the VM, and then try again. 7. Metasploit Utilities Metasploit utilities are direct interfaces to some features of the Metasploit framework. MSFVenom Msfpayload is deprecated and is now replaced by msfvenom. Msfvenom is a combination of msfpayload and msfencode. Run following to display the help options:  msfvenom – h You can also specify a package and see the available options for a given payload.  msfvenom – p windows/shell_reverse_tcp --list-options You can view the list the payloads or encoders available with MSFvenom  msfvenom – l payloads  msfvenom – l encoders  msfvenom – l archs You may make the maximize the command line terminal to full screen to be able to better view the output from the above commands. Nasm Shell The nasm shell is a utility provided by the Metasploit. The nasm utility is useful when trying to reverse engineer opcodes for assembly instructions/commands. First, locate nasm_shell.rb script with the locate command  cd /  locate nasm_shell The locate command i s useful for “searching” a name in all directories and sub -directories from the present working directory. Hence, the cd / command changes the working directory to the file system root, and then running the locate command searches the whole file system. My nasm_shell.rb was found in /usr/share/metasploit-framework/tools/exploit/nasm_shell.rb . Therefore, first, move to the directory where the file is located, and then launch the nasm shell.  cd /usr/share/metasploit-framework/tools/exploit/  ./nasm_shell.rb Note: It is a shell script, therefore, run it with the ./ operator…

Next, you’ll enter the nasm prompt, and you can request for opcodes for various assembly codes. You may try to find the opcod es for the following assembly language instructions:  nasm > jmp esp (This instruction makes a jump to a specific memory stack pointer) …… output snipped (You’ll see the output here)  nasm > fadd st0,st1 (This instruction updates memory register st0 to st0 + st1) …… output snipped (You’ll see the output here)