Exploit a vulnerable service in order to 1- gain access and

UK Tutor Service, UK Assignment HelpUK Tutor Service
Post New Homework

HACK2200 Hacking and Exploits

Lab: Gaining Access

Introduction
In this lab we will exploit a vulnerable service in order to 1- gain access and 2- maintain access to the Metaspolitable 3 machine MS3UBUNTU.

1- To gain access we will learn how to use an auxiliary scanner to brute force account/password combination.

We will be using a known vulnerability in Metasploitable: ProFTPD-1.3.5 Backdoor.

We will be using the auxiliary/scanner/ftp/ftp_login scanner to brute force accounts/passwords that can login to the ProFTPD service.

2- Cracking a username and a password is not enough. The user can, and will, change the password at one point, in which case you will lose access. Instead, once you get a user's password, you should use it to generate ssh rsa keys for key-based login to the system. This will enable you to connect to the victim even after the user changed their password.

In this lab, we will create a public/private key pair and use it to initiate a session with the victim.

Part 1 - Gain Access

Part 2 - Maintain Access

Lab Setup
We will use the machines you prepared during the first week: 1- Kali Linux 2020.4 (KaliVM)
2- Metasploitable 3 Ubuntu (MS3UBUNTU)

Part 1 - Gaining Access

Step 1: Start the lab virtual machines

1. Start your Kali virtual machine (KaliVM), and Metaspolitable3 Ubuntu (MS3UBUNTU) machine.
2. On your KaliVM, change the terminal prompt to be your first name. You can do that using the following command:
(kali@kali)-[~] PS1='[`date "+%D"`] yourfirstname [`date "+%r"`] -[~]' Your terminal should look similar to the screen below.
Take a screenshot to replace the one below, and place it under Screenshot#1 in the
answer file.
All commands in the following tasks are to be run on your KaliVM, targeting your MS3UBUNTU VM. Your terminal prompt should be showing as per the instructions above.

Step 2: Use a scanner to scan ports on MS3UBUNTU
1. On your KaliVM, scan the MS3UBUNTU machine, using the following command, note that -p- will result in scanning ports 0-65536.
KaliVM# sudo nmap -p- -sS -sV [target IP address]
You should be seeing results similar to the one below.

In this lab, we will exploit the ProFTPD 1.3.5 service.

Step 3: Use a scanner to brute force a password (gaining access)

1. First, we will brute force the metasploitable box to get an ftp username/password. Start an msfconsole on your KaliVM, change the console prompt, and search the ftp scanner options:

2. Let's set the scanner options and set them:

Take a screenshot to replace the one below, and place it under Screenshot#2 in the answer file.

3. Run the scanner:
Msf6> run

After some time, you should be able to get a few successful username/password combinations.
Question 1: What username/password are you using for this lab from the list you have obtained from the scanner?

Step 4: Use the username/password combination you captured to login.
1. Now try to ftp to the Metasploitable box using one of these credentials you captured, and test if you can list the directories:

Part 2 - Maintaining Access

Step 1: Generate the ssh keys
1. First, generate the keys on your Kali linux machine. Type id_rsa when asked to enter a file in which to save the key (this will create the default key id_rsa). Leave the passphrase empty. Next, Add the id_rsa to your local machine identity:

Take a screenshot to replace the one below, and place it under Screenshot#3 in the answer file.

Step 2: Send the key to the victim machine and connect using that key.
1. Send the public key to the victim system to enable ssh key-based login.
FTP login with the username/password combination you have, then issue the send command to send the id_rsa.pub file:

2. You can also send your public key to the remote system (victim) using the ssh-copy- id command as shown below:
replace xxx with the username you captured in part 1 of this lab.
# ssh-copy-id -i ~/id_rsa.pub xxxx@[target IP address] -f

3. Connect to the victim machine through the ssh session, login to metasploitable 3 machine without the password prompt
# ssh xxx@[target IP address]
As shown in the screenshot below, the session did not ask for a password this time. Instead, it used the public key/private key to establish the session.
Take a screenshot to replace the one below, and place it under Screenshot#4 in the answer file.

Attachment:- Gaining Access.rar
Post New Homework

Post Feedback

Captcha

Tutor service in UK?

  • UK Assignment Help
  • UK Assessments Help
  • UK Custom Writing Services
  • Help with UK Studies
  • Paper/Essay Editing-Formatting
  • Management/Programming/Engineering Help
Order Now
Most Recent Posts
UK Perdisco Assignment Help, UK PERDISCO Practice Set Help
University of Brighton, Assignment Help, Tutor Help UK
University for the Creative Arts, Assignment Help UK
The University of Warwick, Assignment Help UK
University of Bradford Assignment Help, Tutor Service UK
University of Abertay Dundee, Assignment Help UK
The Arts University College of Bournemouth, Assignment Help
The University of Sheffield, Assignment Help, UK Tutors Help
The University of Bradfordshire, Assignment Help
University of Aberdeen, Assignment Help, UK Tutors

Popular Tags

Looking tutor’s service for getting help in UK studies or college assignments? Order Now