Title Lab1.pdf ✅

1 Cyber Security Fundamentals Lab: Penetration testing with Kali Linux on Metasploitable 2 INDP2 - SUP’Com, 2021/2022 Pr. Slim REKHIS I. Lab Objective The aim of this lab is to experience ethical hacking in a virtual environment composed of two virtual machines: an attacker machine running Kali Linux (an Advanced Penetration Testing Linux distribution used for Penetration Testing) and a victim host running Metasploitable 2 (an intentionally vulnerable Ubuntu Linux virtual machine designed for testing common vulnerabilities). In this lab, you will: - Lean the penetration testing methodology. - Conduct port scanning and services enumeration on the target host. - Brute force the login page of a web application. - Exploit a command injection vulnerability on a vulnerable web server and gain an unprivileged access through a reverse shell execution. - Escalate privilege and become root user on the vulnerable machine. - Install a backdoor on the compromised host to maintain access. - Hide traces on the victim system by installing and configuring a rootkit. II. Penetration Testing Methodology To well understand the path/scenario that an attacker may use to target a victim system, we illustrate the different steps composing a comprehensive penetration test: - Step 1: Information Gathering: the attacker invests substantial time and efforts in gathering as much information as possible about the target. Information gathering can be passive (information collection about the target through publicly available sources such as social media and search engines, without making direct contact with the target) or active (use of specialized tools such as port scanners making direct contact with the target system). - Step 2: Enumeration: after obtaining preliminary overview of the target, the attacker moves further to know the exact services running on the target system (including types and versions) and other information such as users, shares, and DNS entries. Enumeration prepares a clearer blueprint of the target. - Step 3: Gaining Access: Based on the target blueprint obtained from the two previous phases, it's now time to exploit the vulnerabilities in the target system and gain access. Gaining access to this target system involves exploiting one or many of the vulnerabilities found during earlier stages and possibly bypassing the security controls deployed in the target system (such as antivirus, firewall, IDS, and IPS). - Step 4: Escalating privilege: Quite often, exploiting a vulnerability on the target gives limited access to the system. The aim of this phase is to obtain a root level access into the target. This can be achieved using various techniques to escalate privileges of the existing user. Once successful, the attacker obtains full control over the system with highest privileges and can possibly infiltrate deeper into it. - Step 5: Maintaining access: While a lot of effort has been taken in the previous steps to gain a root level access into the target system, all the work will be in vain if the target system will be restarted by the administrator. To avoid this, the attacker needs to make a provision for persistent access into the target system so that any restarts of the target system will not affect access. He can install a backdoor to maintain or ease future access.
2 - Step 6: Covering Tracks: It is quite possible that our previous activities could have triggered an alarm on the security systems of the target system. The incident response team may already be in action, tracing all the evidence that may lead back to the attacker. The attacker needs to clear all the tools, exploits, and backdoors that were uploaded on the target during the compromise. III. Lab configuration Two virtual hosts running Linux operating system are required to achieve this lab. The first is the attacker machine and is running Kali Linux (an Advanced Penetration Testing Linux distribution used for Penetration Testing). The second is the victim machine running Metasploitable 2 (an intentionally vulnerable Ubuntu Linux virtual machine designed for testing common vulnerabilities). The two network adapters of these machines are attached to a NAT Network, so that they can communicate to each other and talk to outside (main host, local network, and internet). Before configuring the VM adapters, create a NAT Network from the VirtualBox GUI. To do so, Open VirtualBox Preferences (File -> Preferences) and go to Network Tab. Then click on the + icon on right side (Adds new NAT network). Finally, assign this created NAT Networ.k to the adapter configuration of each VM. IV. Step 1: Information Gathering 1. Start the two VMs and then log in to the attacker machine. From the command line execute ifconfig command to determine the IP address/netmask of the attacker machine and netstat -r to determine the address of the gateway. In our case, the IP address of the attacker machine is 10.0.2.7, the IP network address is 10.0.2.0/24 and the gateway IP address is 10.0.2.1. WAN Attacker machine Kali Linux VM Victim machine Metasploitable 2 VM NAT Network Main Host
3 2. The next step is to start network discovery to find neighboring hosts using netmap tool. In the following command the option "-sn" takes as input an IP address or a range and checks if a host is online or not, by sending Address Resolution Protocol (ARP) requests (if the target subnet is local) or Internet Control Message Protocol (ICMP) requests (if the target subnet is remote). $ nmap -sn 10.0.2.0/24 From the obtained results we notice the existence of a machine having the IP address 10.0.2.5 3. Having determined the address of the neighboring host, we can scan it to identify its open ports using nmap, by choosing SYN Scan technique: $ Sudo nmap -sS 10.0.2.5 From the shown results, there are 23 open ports which can run vulnerable services.