Chapter 2 Getting Setup

“A journey of a thousand miles begins with a single step.” - Lao Tzu

2.1 Introduction

Welcome to your first step in your hacking journey. In this section we will setup your lab environment. In particular, we will setup two virtual machines:

  • Metasploitable Virtual Machine: The machine that you will hack.
  • Kali Linux Virtual Machine: The machine that contains the hacking tools discussed in this book.

2.2 Setting Up Metasploitable

In this section we will setup the Metasploitable VM.

Step 1: Download the the Metasploitable2 virtual machine from sourceforge https://sourceforge.net/projects/metasploitable/ Although there are new versions of Metasploitable available, we will be using this version because it is easier to setup.

Step 2: Unzip the metasploitable virtual machine.

Step 3: Download Virtual Box. https://www.virtualbox.org/wiki/Downloads. We will be using Virtual Box because it free for : Linux, Mac OS and Windows Machines

Step 4: Install Virtual Box. (Install the Oracle universal bus)

Screen shot of virtual box image

FIGURE 2.1: Screen shot of virtual box image

Step 5: Configure your virtual box network settings (Adding a new NAT Net- work). Go into your network preferences by clicking on File→Pref- erences→Network. Click on the little green box to the right to add a new NAT Network and then click OK.

Screen shot of adding a new Nat Network

FIGURE 2.2: Screen shot of adding a new Nat Network

Step 6: Configure the metasploitable machine network settings. Right click on the metasploitable machine from your list of machines on the left →Settings→Network. On Adapter 1, check the ’Enable Network Adapter’ box and set ’Attached to’ from the drop-down menu to Nat Network. Leave name as NatNetwork and click OK.

Step 7: Open the metasploitable virtual machine in the Oracle VM Virtual Box Manager.

Screen shot of configuring metasploitable Nat Network

FIGURE 2.3: Screen shot of configuring metasploitable Nat Network

2.3 Starting Kali Linux

You will also need to install Kali Linux in the virtual machine. Kali Linux is a distribution of Linux that contains a collection of penetration testing tools.

Step 1: You can download the Kali Linux virtual image from https://www.offensive- security.com/kali-linux-vm-vmware-virtualbox-image-download/. You will need to download the version suitable for your system.

Screen shot of configuring kali linux Nat Network

FIGURE 2.4: Screen shot of configuring kali linux Nat Network

Step 2: Configure the Kali Linux machine network settings. Right click on the Kali Linux machine from your list of machines on the left→Settings →Network. On Adapter 1, check the ’Enable Network Adapter’ box and set ’Attached to’ from the drop-down menu to Nat Network. Leave name as NatNetwork and click OK.

Step 3: Open the Kali Linux virtual machine in the Oracle VM Virtual Box Manager.

Kali Linux black screen problem… make sure PAE/NK box is checked in Settings -> General -> Processors. If problem persists fol- low the fix tutorial at https://community.linuxmint.com/tutorial/view/ `

Step 4: Once your machine starts, you should see the Kali Linux login screen below. Log-in in using the username: root and password: toor

Kali Linux Log-in Screen

FIGURE 2.5: Kali Linux Log-in Screen

Step 5: Now that your Kali Linux machine is up and running, you will also need to launch your metasploitable virtual machine so that you can attack it. Select Metasploitable Virtual Machine from the list in the Oracle VM Virtual Box Manager

Step 6: Wait for the terminal to finish loading. Your virtual machine should display the metasploitable logo. ( IMPORTANT: Your mouse pointer my disappear, this is because the VM has captured it. Press the Ctrl+Alt keys together to get your mouse back)

Metasploitable Virtual Machine After it has been started

FIGURE 2.6: Metasploitable Virtual Machine After it has been started

Step 7: Log-in in using the username: msfadmin and password: msfadmin

Great you have now successfully setup your environment. Let’s execute your first hack. Each hack in this manual will start with a goal. For example the goal for this exercise is:

Goal:Gain access to metasploitable server

2.3.1 Getting the IP address of the metasploitable server

The first step of most hacks is identifying the machine that we want to
connect to. Each machine is identified by a unique IP address. In this
section we will discover the IP address of the metasploitable server.

Step 1: Open the terminal on your Kali Linux machine by clicking the icon in top section of the menu.

Step 2: Type the following commandnetdiscover. The netdiscover tool searches multiple IP addresses on your network in an attempt to discover which ones are currently being used.

Step 3: After a couple of minutes netdiscover should have discovered the metas- ploitable server and its IP address. (IMPORTANT: This IP will be different for everyone. You need use the IP Address that is output in your terminal. Not the one from the picture. ) Great now that you have the IP Address you should be able to visit the Web pages that server is hosting.

The figure above shows the output of the netdiscover tool and the IP address of the metasploitable machine

FIGURE 2.7: The figure above shows the output of the netdiscover tool and the IP address of the metasploitable machine

The figure above shows terminal contain the IP-address of the machine

FIGURE 2.8: The figure above shows terminal contain the IP-address of the machine

Step 4: If you are unable to discover the IP address of the Metasploitable virtual machine using the steps above. You can login to the machine using the username: msfadmin and password: msfadmin.

Step 5: Once you have logged into the machine. Type the following command into the terminal:

ifconfig
You will see the IP address under an inet addr for the 'eth' (Ethernet)
portion of the output. Do not go with the ’lo’ (Link loopback) inet
addr. For example under the ’eth’ portion, you could have ’inet addr:
10.0.2.4...’ In this case, 10.0.2.4 is the IP address that you want. Refer
to Figure 1.

Step 6: Open the Kali Linux web browser

Step 7: Type the IP address that you obtained from netdiscover or metas- ploitable’s ifconfig output into the URL bar [Is that what you call it]. For example, if the metasploitable_IP_address that was output on my terminal is 10.0.2.4, then in my Kali Linux browser I would put the following: http://10.0.2. You should see the page in Figure 1.9:

Screen shot of metaploitable in kali linux browser

FIGURE 2.9: Screen shot of metaploitable in kali linux browser

2.4 Your First Hack

The way hackers gain access to machines is through vulnerabilities. You can think of these vulnerabilities as open doors to your system. Hackers leverage these open doors (vulnerabilities) to gain access to systems. The metasploitable server has a ftp vulnerability (described below). In this sec- tion of the lab you will exploit this vulnerability to gain access to the server.

Vulnerability:The Vulnerability that we are going to exploit in this lab is a “back door”. A back door is an intentional flaw that was addedto a system by an attacker that allows the attacker to gain access. In particular we are going to look at a vulnerability that was added by a
malicious developer to an open source UNIX ftp server called vsftpd.
The back door allowed the attacker to gain access to the terminal on the
vulnerable machine. The attack was activated when the attacker logged into the FTP using a
username ending in :) and an invalid password. Once the attacked was
activated it opened a reverse shell on port 6200.
Reverse Shell: A reverse shell is a malicious program that con-
nects to an attacker’s machine, allowing the attacker to execute terminal
commands on the compromised machine. In a later lab we will write a
reverse shell.

Step 1: Connect to the FTP server using telnet. Open the terminal on your Kali Linux Machine and type the following command:

root@kali: telnet [IPAddress of Your Metasploitable VM]
user Hacker:)
331 Please specify the password.
pass invalid
telnet> quit
Connection closed.

Step 2: Now that you activated the back door you can now login to get access to the terminal (Get Shell). By connecting to the “backdoor” that is running on 6200

root@Kali: telnet [IPAddress of venerable Machine] 6200 ls

Notice that it executes the ls command in the terminal of the compromised machine and returns the directory listing on the machine. Do you notice anything about the contents of the directory?

[TODO: request: Save funny image in virtual machine]

We have hidden a secret image in the file system on the metasploitable server. Now that you have access to the server’s file system. See if you can find the secret image. Once you have found the secret image, let the Ethical Hacking Lab Community know by tweeting it (???)

Fix: So how do we fix this vulnerability. Newer versions of vs- ftpd ftp server, have identified and patched these vulnerabilities, so the best way to secure this server is an updated version of vsftpd. sudo apt−get update vsftpd(The metasploitable machine is designed to be vulnerable so it not configured to support updates.)