An toàn thông tin: Bài Thực Hành Metasploit Framework Lesson 1 : Downloading and Configuring

Thứ Ba, 19 tháng 11, 2013

Section 0. Background Information

Metasploitable
- Metasploitable is an intentionally vulnerable Linux virtual machine.
- This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
Reference Link
- http://www.offensive-security.com/metasploit-unleashed/Metasploitable
Lab Notes : (Trong tình huống thực hành các học viên có thể cài đặt BackTrack 5 R3, khi đó có sẳn ứng dụng Metasploit Framework được cài tích hợp sẳn, tuy nhiên nếu cài metasplot framework riêng trên 1 máy ảo chạy hệ điều Windows như XP hay Win 7 sẽ có hiệu suất tốt hơn)
- In this lab we will do the following:
  1. Download Metasploitable
  2. Configure the Metasploitable Network VM
  3. Change the msfadmin and root password
Legal Disclaimer : Bài lab chỉ dùng cho mục đích học tập

Section 1. Create a New Virtual Machine

Open Firefox
- Instructions
  1. Click on the Start Button
  2. Type "Firefox" in the search box
  3. Click on Mozilla Firefox
New Virtual Machine Wizard
- Instructions
  1. Place the following link in the address bar.
    - http://sourceforge.net/projects/metasploitable/files/Metasploitable2/metasploitable-linux-2.0.0.zip/download
  2. Click on the Save File radio button
  3. Click on the OK Button
Uncompress the metasploitable VM
- Instructions
  1. Navigate to where you downloaded the metasploitable VM
    - In my case, I saved it to an external USB hard drive.
  2. Right Click on metasploitable
  3. Click on Extract All...
Extract the metasploitable VM
- Instructions
  1. Extract the metasploitable VM to your desired location
    - In my case, I extracted it to an external USB hard drive.
  2. Click the Extract Button

Section 2. Start VMware Player

Start Up VMWare Player
- Instructions:
  1. Click the Start Button
  2. Type Vmplayer in the search box
  3. Click on Vmplayer
Open a Virtual Machine
- Instructions:
  1. Click on Open a Virtual Machine
Open the Metasploitable VM
- Instructions:
  1. Navigate to where the Metasploitable VM is located
  2. Click on on the Metasploitable VM
  3. Click on the Open Button
Edit the Metasploitable VM
- Instructions:
  1. Select Metasploitable2-Linux VM
  2. Click Edit virtual machine settings
Edit the Metasploitable VM
- Instructions:
  1. Click on "Network Adapter NAT"
  2. Select the radio button "Bridged: Connected directly to the physical network"
  3. Click on the OK button
- Warning:
  - By changing from NAT to Bridged opens the VM and network up to potential attacks.
  - To maintain a safe network, you could (1) skip this section and only use the host-only network, (2) unplug your router from the internet, (3) use an ACL to not allow traffic into your network, etc.
Play the Metasploitable VM
- Instructions:
  1. Click on the Metasploitable VM
  2. Click on Play virtual machine

Section 3. Changing Metasploitable Passwords

Logging into Metasploitable
- Instructions
  1. Username: msfadmin
  2. Password: msfadmin
Change the msfadmin password
- Instructions:
  1. sudo su -
  2. password for msfadmin: msfadmin
  3. passwd msfadmin
  4. Enter new UNIX password: <Supply New Password>
  5. Retype new UNIX password: <Supply Same Password>
Change the root password
- Instructions:
  1. passwd root
  2. Enter new UNIX password: Supply a new password
  3. Retype new UNIX password: Supply the same new password

Section 4. Proof of Lab

An toàn thông tin