METASPLOIT€¦  · Web viewMETASPLOIT. Abstract. In this paper we explore the Rapid7 Metasploitable tutorial. METASPLOIT. Abstract. In this paper we explore the Rapid7 Metasploitable

METASPLOIT

ABSTRACTIn this paper we explore the Rapid7 Metasploitable tutorial.

Introduction

Using the Rapid7 tutorial—following a fair amount of trial and error—I was able to successfully

exploit vulnerabilities in Metasploitable by following the Rapid7 tutorial (Rapid7, 2018).

Metasploitable

First, I needed to start Metasploitable, my target machine, and then run ifconfig to get the

target machine’s IP address. The target IP address is displayed following inet addr: and is

192.168.56.101. This IP address will show up repeatedly in this paper, and confirms that I didn’t

just grabbed images off the Internet.

1

Information Gathering

Using the target IP address and the nmap and rcpinfo commands in Kali Linux, my attacker

machine, I was able to gather a good deal of information about Metasploitable. Metasploitable

had a large number of open ports (shown below).

2

rcpinfo and rlogin

rcpinfo provides further information about the target system, by giving us the services that are

running. This is where I started to run into difficulties. I was unable to run the rpcinfo

command. The error message in Kali Linux didn’t give me much information about the problem,

and nothing that I found on Google helped. It seemed that Linux couldn’t find rpcinfo or nfs,

which rpcinfo seems to depend on. After a great deal of trial and error, I discovered that I need

to update Kali. But I couldn’t get access to the Internet. So I discovered that I needed a wireless

adapter, and ordered one on Amazon. Once the device arrived—a couple days later—I

configured the virtual box image to be compatible with it, which was not trivial either.

Once my attacker machine could access the Internet, I successfully ran apt-get update. The I ran

apt-get install nfs-kernel-server, which installed the nfs and rpcbind libraries/dependencies that

I needed to run rcpinfo, rlogin, and the mount command required to gain remote access via SSH

(Banerjee, 2016). With Kali updated, and nfs-kernel-server installed, and after a week of trial

and error, I was

finally able to

run rlogin and

rcpinfo.

3

Gaining Remote Access

With information about the open ports and running services, it was time for my first major

exploit: gaining remote access on the target machine via the open SSH port. First, I needed to

generate a new public/private key pair with the ssh_keygen command.

4

Then, I needed to mount the key pair on the remote system, but since the mount -t nfs

command required nfs, I was at first unable to run it. (After successfully performing the updates

and installs that I discuss above, however, the mount -t nfs command ran successfully).

Finally, I was able to gain remote access via SSH.

I was also able to gain remote access with telnet.

5

Metasploit Exploits

So far, the exploits we’ve completed have used basic UNIX commands, but Metasploit has its

own commands, and built-in exploits that we can leverage. Metasploit comes packaged with

many exploit scripts than can be run simply by calling them.

First, however, I needed to get Metasploitable running. I found a video tutorial on YouTube that

showed me how to start the postgresql db that Metasploit depends on by typing service

6

postgresql start and then initializing it with msfdb init and finally typing msfconsole to start

Metasploit (Druin, 2016). The I could run the exploits in the Rapid7 tutorial.

7

8

Vulnerable Websites

As the tutorial states, Metasploitable also contains vulnerable websites that allow us to practice

web application penetration testing.

9

Other methods for compromising Metasploitable

10

There are methods for exploiting all of the open ports and services in Metasploitable—or any

target machine for that matter. In this assignment we focused on gaining remote access which

is, as the Rapid7 tutorial states, “the holy grail” for attackers (Rapid7, 2018). But since in the

real world gaining remote access is a somewhat rare achievement attackers must exploit other

commonly open ports such as FTP (File Transfer Protocol, Port 21), SMTP (Simple Mail Transfer

Protocol, Port 25), HTTP (Hypertext Transport Protocol) and HTTPS (HTTP over SSL), POP3 (Post

Office Protocol version 3, Port 110), Microsoft SQL Server ports (TCP port 1433 and UDP port

1434) (Beaver, 2017). If all ports are closed, attackers can still exploit an organization’s

vulnerable web applications, or use social engineering to gain information that can get them

into the network (e.g., credentials or IP addresses).

Conclusion

In conclusion, it took me a lot of time to configure the systems to complete the attacks/exploits

in the tutorial, but in the end, I was able to successfully perform all of them.

Works Cited

Banerjee, A. (2016, August 18). Kali Linux Repository Issue Solve [ "E: Unable to locate package" error solved ] New 2016. Retrieved from Youtube: https://www.youtube.com/watch?v=jdjK-jG4X10

Beaver, K. (2017). COMMONLY HACKED PORTS. Retrieved from Dummies.com: https://www.dummies.com/programming/networking/commonly-hacked-ports/

Druin, J. (2016, November 24). How to Start the Metasploit Framework Console (msfconsole). Retrieved from YouTube: https://www.youtube.com/watch?reload=9&v=83r7FXp9CX0

Rapid7. (2018). Metasploitable 2 Exploitability Guide. Retrieved from Rapid7: https://metasploit.help.rapid7.com/docs/metasploitable-2-exploitability-guide

11

12