Bài Thực Hành Metasploit Framework Lesson 6 : Scan Metasploitable wish Nessus

---

Section 0. Background Information

1. Metasploitable 
   • Metasploitable is an intentionally vulnerable Linux virtual machine.
   • This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
   • http://www.offensive-security.com/metasploit-unleashed/Metasploitable
2. Pre-Requisite Lab
   • Metasploitable  : Lesson 1: Downloading and Configuring
   • NESSUS: Lesson 3: Scan with Nessus on BackTrack 5
    
3. What is Nessus?
   • Tenable Network Security provides enterprise-class solutions for continuous monitoring and visibility of vulnerabilities, configurations, user activity and system events that impact security and compliance.
   • Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture
4. Lab Notes
   • In this lab we will do the following:
     1. Run Internal Nessus Scan against the Metasploitable VM
     2. Review Nessus Report
     3. Download Nessus Report
5. Legal Disclaimer - Bài lab chỉ dùng cho mục đích học tập

Section 1. Start Up the Metasploitable VM

1. Start Up VMWare Player
   • Instructions:
     1. Click the Start Button
     2. Type Vmplayer in the search box
     3. Click on Vmplayer
   • 
2. Open a Virtual Machine
   • Instructions:
     1. Click on Open a Virtual Machine
   • 
3. Open the Metasploitable VM
   • Instructions:
     1. Navigate to where the Metasploitable VM is located
     2. Click on on the Metasploitable VM
     3. Click on the Open Button
   • 
4. Edit the Metasploitable VM
   • Instructions:
     1. Select Metasploitable2-Linux VM
     2. Click Edit virtual machine settings
   • 
5. Edit the Metasploitable VM
   • Instructions:
     1. Click on "Network Adapter NAT"
     2. Select the radio button "Bridged: Connected directly to the physical network"
     3. Click on the OK button
   • Warning:
     • By changing from NAT to Bridged opens the VM and network up to potential attacks.
     • To maintain a safe network, you could (1) skip this section and only use the host-only network, (2) unplug your router from the internet, (3) use an ACL to not allow traffic into your network, etc.
   • 
6. Play the Metasploitable VM
   • Instructions:
     1. Click on the Metasploitable VM
     2. Click on Play virtual machine
   • 

Section 2. Determine Metasploitable IP Address

1. Logging into Metasploitable
   • Instructions
     1. Username: msfadmin
     2. Password: msfadmin or whatever you changed it to in lesson 1.
   • 
2. Change the msfadmin password
   • Instructions:
     1. ifconfig -a
   • Note(FYI):
     • This is the IP Address of the Victim Machine.
     • My IP Address is 192.168.1.106.
     • Record your IP Address.
   • 

Section 4. Start Up the BackTrack5R1 VM

1. Start Up VMWare Player
   • Instructions:
     1. Click the Start Button
     2. Type Vmplayer in the search box
     3. Click on Vmplayer
   • 
2. Open a Virtual Machine
   • Instructions:
     1. Click on Open a Virtual Machine
   • 
3. Open the BackTrack5R1 VM
   • Instructions:
     1. Navigate to where the BackTrack5R1 VM is located
     2. Click on on the BackTrack5R1 VM
     3. Click on the Open Button
   • 
4. Edit the BackTrack5R1 VM
   • Instructions:
     1. Select BackTrack5R1 VM
     2. Click Edit virtual machine settings
   • 
5. Edit Virtual Machine Settings
   • Instructions:
     1. Click on Network Adapter
     2. Click on the Bridged Radio button
     3. Click on the OK Button
   • 
6. Play the BackTrack5R1 VM
   • Instructions:
     1. Click on the BackTrack5R1 VM
     2. Click on Play virtual machine
   • 
7. Login to BackTrack
   • Instructions:
     1. Login: root
     2. Password: toor or <whatever you changed it to>.
   • 
8. Bring up the GNOME
   • Instructions:
     1. Type startx
   • 
9. Start up a terminal window
   • Instructions:
     1. Click on the Terminal Window
   • 
10. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Note(FYI):
      • My IP address 192.168.1.111
      • In your case, it will probably be different.
      • This is the machine that will be use to attack the victim machine (Metasploitable).
    • 

Section 5. Start Up NESSUS

1. Start Nessus Service
   • Instructions:
     1. /etc/init.d/nessusd start
     2. ps -eaf | grep nessus | grep -v grep
        • ps -eaf: Show me all processes
        • | grep  nessus: Only show me nessus processes.
        • | grep -v grep: Do not show my actual grep process.
   • 

Section 5. Login To NESSUS

1. Start Firefox
   • Instructions:
     1. Start Firefox
   • 
2. Login to Nessus
   • Instructions:
     1. Place the following URL in the Firefox Browser.
        • https://localhost:8834/flash.html
     2. Username: <Supply Your Username>
     3. Password: <Supply Your Password>
     4. Click Log In
   • 
    
3. Nessus HomeFeed Message
   • Instructions:
     1. Click the OK Button
   • 

Section 6. Scan Metasploitable (Victim) with NESSUS

1. Create Scan
   • Instructions:
     1. Click on Scans
     2. Click on Add
   • 
2. Configure Scan
   • Instructions:
     1. Name: Metasploitable - Internal
     2. Type: Run Now
     3. Policy: Internal Network Scan
     4. Scan Targets: 192.168.1.106
     5. Click the Launch Button
   • Note(FYI):
     • Replace 192.168.1.106 with the Metasploitable IP Address obtained from (Section 2, Step 2).
   • 
3. View Scan
   • Instructions:
     1. Click on the Status Cell
   • 
4. View High Severity Alerts
   • Instructions:
     1. Click on the red number under the High Column
   • Note(FYI):
     • Wait until the progress bar reaches 100% before clicking on the high alert.
   • 
5. View CIFS Alerts
   • Instructions:
     1. For the CIFS row, click on the number under the high alert column
   • 
6. View Samba Alert
   • Instructions:
     1. Click on the Samba Alert
   • 
7. View Samba Report
   • Note(FYI):
     • Read through the alert report.
     • Notice at the very bottom of the report, NESSUS is kind enough to tell you which exploit tool to use.
   • 

Section 7. Download Nessus Report

1. Download Report
   • Instructions: (See Picture)
     1. Click on the Metaploitable - Internal Tab
     2. Click on Download Report Button
   • 
2. Select Download Report Type
   • Instructions: (See Picture)
     1. Download Format: Detailed HTML Report (by finding)
     2. Click on Submit Button
   • 

Section 8. Proof of Lab

1. Proof of Lab
   • Instructions:
     1. cd /opt/nessus/var/nessus/users/admin/files
     2. grep -i samba *results
     3. date
     4. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
   • Proof of Lab Instructions
     1. Press the <Ctrl> and <Alt> key at the same time.
     2. Press the <PrtScn> key.
     3. Paste into a word document
     4. Upload to website Www.AnToanThongTin.Edu.VN
   •