University of North Texas Metasploit Framework Vulnerability Assesment
Description
Begin with a Vulnerability Scan on the Metasploitable 2 VM exactly as you did from the previous homework (steps 1-3 below). You do not have to re-do this portion if you don’t want to. The scan that you preformed from Lab 2 should have the info you need.
______________________________________________________
1. Download and setup Metasploitable 2 as a VM @
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ (Links to an external site.)
2. Run Metasploitable 2 and make sure it’s connected to your VM network… might take a bit of Linux shell power. I recommend separating your Kali and Metasploitable 2 VM’s so that they can only talk to each other and are not connected to the rest of your home network. You may need to break this initially in order to update and upgrade your Kali instance.
3. Use Kali to host a network vulnerability scanning tool (OpenVAS, Nessus, Nexpose, Retina, etc) to scan the Metasploitable 2 OS for vulnerabilities. DO NOT INCLUDE any of the rest of your home network. Output the results in a format that you can submit here and evaluate for future homework. No editing required this one time. The direct output from the tool will be acceptable. Analyze the results looking for major weaknesses and potential false positives .
______________________________________________________
4. From the result from step 3, identify the SAMBA service. Alternatively, if your tool does not catch the SAMBA vulnerability, note that. You can then get this result via a simple nmap scan either external to or within Metasploit. Exploit Metasploitable 2 via a SAMBA vulnerability using Metasploit from your Kali machine.
TIP: In order to do this, you will first need to determine what version of SAMBA is running on on Metasploitable 2 (auxiliary/scanner/smb/smb_version) and then identify and appropriate vulnerability for this version. (Hint: exploit/multi/samba/usermap_script)
***YOU MUST LIST THE RESOURCE THAT YOU USED TO IDENTIFY THIS VULNERABILITY. This needs to be independent of any walkthroughs or tutorials for Metasploitable*** (exploit/multi/samba/usermap_script)
5. Demonstrate that this exploit actually gives you some level of control over the Metasploitable 2 machine via your Kali box. Showing that you can perform “root” functions would be a good example of this.
6. Create a BRIEF report showing the output from your vulnerability scan identifying the SAMBA vulnerability and showing a few screenshots with descriptions of your execution of Metasploit to exploit the vulnerability.
Get your college paper done by experts
Do my question How much will it cost?Place an order in 3 easy steps. Takes less than 5 mins.
Leave a Reply
Want to join the discussion?Feel free to contribute!