ComputerSecurityStudent (CSS) [Login] [Join Now]




|SECURITY TOOLS >> Metasploitable Project >> Exploits >> Current Page |Views: 221102

(Metasploitable Project: Lesson 1)

{ Downloading, Configuring & Make Forensics Ready }


Section 0. Background Information
  1. Metasploitable 
    • Metasploitable is an intentionally vulnerable Linux virtual machine.
    • This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.

  2. Lime Forensics
    • LiME is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network.

  3. Dwarfdump
    • Dwarfdump is an application using libdwarf to print dwarf information in a human readable format.

  4. Volatility Framework
    • The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.

  5. Reference Link
  6. Lab Notes
    • In this lab we will do the following:
      1. Download Metasploitable
      2. Configure the Metasploitable Network VM
      3. Change the msfadmin and root password
      4. Install Lime Forensics
      5. Install Dwarfdump
      6. Install Volatility
      7. Create a Volatility Metaploitable Profile

  7. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.

Section 1: Create a New Virtual Machine
  1. Open Firefox
    • Instructions
      1. Click on the Start Button
      2. Type "Firefox" in the search box
      3. Click on Mozilla Firefox

     

  2. New Virtual Machine Wizard

     

  3. Uncompress the metasploitable VM
    • Instructions
      1. Navigate to where you downloaded the metasploitable VM
        • In my case, I saved it to an external USB hard drive.
      2. Right Click on metasploitable
      3. Click on Extract All...

     

  4. Extract the metasploitable VM
    • Instructions
      1. Extract the metasploitable VM to your desired location
        • In my case, I extracted it to an external USB hard drive.
      2. Click the Extract Button

 

Section 2: Start VMware Player
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer

     

  2. Open a Virtual Machine
    • Instructions:
      1. Click on Open a Virtual Machine

     

  3. Open the Metasploitable VM
    • Instructions:
      1. Navigate to where the Metasploitable VM is located
      2. Click on on the Metasploitable VM
      3. Click on the Open Button

     

  4. Edit the Metasploitable VM
    • Instructions:
      1. Select Metasploitable2-Linux VM
      2. Click Edit virtual machine settings

     

  5. Edit the Metasploitable VM
    • Instructions:
      1. Click on "Network Adapter NAT"
      2. Select the radio button "Bridged: Connected directly to the physical network"
      3. Click on the OK button
    • Warning:
      • By changing from NAT to Bridged opens the VM and network up to potential attacks.
      • To maintain a safe network, you could (1) skip this section and only use the host-only network, (2) unplug your router from the internet, (3) use an ACL to not allow traffic into your network, etc.

     

  6. Play the Metasploitable VM
    • Instructions:
      1. Click on the Metasploitable VM
      2. Click on Play virtual machine

 

Section 3: Changing Metasploitable Passwords
  1. Logging into Metasploitable
    • Instructions
      1. Username: msfadmin
      2. Password: msfadmin

     

  2. Change the msfadmin password
    • Instructions:
      1. sudo su -
      2. password for msfadmin: msfadmin
      3. passwd msfadmin
      4. Enter new UNIX password: <Supply New Password>
      5. Retype new UNIX password: <Supply Same Password>

     

  3. Change the root password
    • Instructions:
      1. passwd root
      2. Enter new UNIX password: Supply a new password
      3. Retype new UNIX password: Supply the same new password

 

Section 4: Update Repository Package List
  1. Logging into Metasploitable
    • Instructions
      1. cd /etc/apt
      2. cp sources.list sources.list.BKP
      3. ls -l sources.list*
    • Notes(FYI)
      1. The /etc/apt directory contains Ubuntu Package Management configuration files.
      2. It's always good to make a backup of an important file, before modifying them.
      3. The sources.list file lists the 'sources' from which packages can be obtained.

     

  2. View the Repositories
    • Instructions
      1. grep -v "^#" sources.list | head -20
    • Notes(FYI)
      1. grep is a utility that allows you to search for strings (and much more) in a file.
      2. In (grep -v "^#"), the (-v) is used to ignore lines that start with (^) the number sign (#).
      3. sources.list is the file that I am searching.
      4. The pipe (|) is used to add on an additional command.
      5. head -20, displays the first 20 lines.

     

  3. Comment Out the Repositories
    • Instructions
      1. sed -i 's/.*/#&/g' /etc/apt/sources.list
      2. grep -v "^#" sources.list | wc -l
        • Where there "-l" is a lower case L.
      3. tail -5 sources.list
    • Notes(FYI)
      1. sed, is a stream editor for filtering and transforming text.
        • sed -i, is an in-place update to the file (sources.list).
        • In ('s/.*/#&/g'), the (s) is a substitution operator.
        • In ('s/.*/#&/g'), the (.) matches one character, but not a newline.
        • In ('s/.*/#&/g'), the (*) matches zero or more characters.
        • In ('s/.*/#&/g'), the (#) is the character that I want to place in front of every line that starts with a character.
        • In ('s/.*/#&/g'), the (&) saves the search string so it can be remembered in the replacement string.
        • In ('s/.*/#&/g'), the (g) is as global substitution operator.
        • In summary, place a "#" sign in the starting position of each line.
      2. wc, means to print a newline, word, and/or byte counts for each file.
        • wc -l, means to count the number of lines.
        • In (grep -v "^#"), the (-v) is used to ignore lines that start with (^) the number sign (#).
        • In summary, count the number of lines that do NOT start with a (#) character,,, and the result is 0,,, which was the goal.

     

  4. Get Links to Old Patch Repository
    • Instructions
      1. cd /etc/apt
      2. wget http://www.computersecuritystudent.com/SECURITY_TOOLS/METASPLOITABLE/EXPLOIT/lesson1/deb.txt
      3. cat deb.txt
    • Notes(FYI)
      1. The deb.txt file contains links to the old Ubuntu Patch Repository.

     

  5. Append Old Patch Repository to sources.list
    • Instructions
      1. ls -l sources.list
      2. ls -l deb.txt
      3. cat deb.txt >> sources.list
      4. tail -5 sources.list
    • Notes(FYI)
      1. We are using (cat) and the append operator (>>) to add the contents of the deb.txt file onto the end of the sources.list file.

     

  6. Update the Apt Package Repository
    • Instructions
      1. apt-get update
    • Notes(FYI)
      1. apt-get update downloads the package lists from the repositories and "updates" them to get information on the newest versions of packages and their dependencies.

     

  7. Install Linux Headers
    • Instructions
      1. apt-get install linux-headers-2.6.24-16-server
      2. Do you want to continue [Y/n]? Y
    • Notes(FYI)
      1. Header files in the Linux kernel are used for two purposes: (1) to define interfaces between components of the kernel, and (2) to define interfaces between the kernel and user space.

     

  8. Install Zip
    • Instructions
      1. apt-get install zip
    • Notes(FYI)
      1. zip is a compression and file packaging utility.

     

Section 5: Install Lime Forensics
  1. Download Lime Forensics
    • Instructions
      1. cd /var/tmp
      2. wget http://www.computersecuritystudent.com/DOWNLOADS/lime-forensics-1.1-r17.tar.gz

     

  2. Untar and Make Lime
    • Instructions
      1. tar zxvf lime*.tar.gz
      2. cd src/
      3. make
    • Notes(FYI)
      1. In this case, the tar program is used to unzip(z), and verbosely(v)extract(x) the file(f) lime*.tar.gz.
      2. make is a utility for building and maintaining groups of programs (and other types of files) from source code.  The purpose of the make utility is to determine automatically which pieces of a large program need to be re-compiled, and issue the commands necessary to recompile them.

 

Section 6: Install dwarfdump
  1. Download libelf
    • Instructions
      1. apt-get install libelfg0-dev
    • Note(FYI)
      1. libelf provides routines to access and manipulate ELF object files.  This development library is needed because we will compile dwarfdump.

     

  2. Download libdwarf
    • Instructions
      1. cd /var/tmp
      2. wget http://www.computersecuritystudent.com/SECURITY_TOOLS/METASPLOITABLE/EXPLOIT/lesson1/libdwarf-20140208.tar.gz
    • Note(FYI)
      1. Libdwarf is a C library intended to simplify reading (and writing) applications using DWARF2, DWARF3. 
      2. Dwarfdump is an application using libdwarf to print dwarf information in a human readable format. 
      3. DWARF is a widely used, standardized debugging data format. DWARF was originally designed along with Executable and Linkable Format (ELF), although it is independent of object file formats.

     

  3. Install libdwarf
    • Instructions
      1. tar zxvf libdwarf-20140208.tar.gz
    • Note(FYI)
      1. The tar program is used to create, modify, and access files archived in the tar format.
        • -z, This option tells tar to read or write archives through gzip, allowing tar to directly operate on several kinds of compressed archives transparently.
        • -x, Exact.
        • -v, Operate verbosely.
        • -f, Specify the file.

     

  4. Configure libdwarf
    • Instructions
      1. cd /var/tmp/dwarf-20140208
      2. ls
      3. ./configure
    • Note(FYI)
      1. Change directory to the /var/tmp/dwarf-20140208 directory.
      2. List Directory Contents
      3. The configure script basically consists of many lines which are used to check some details about the machine on which the software is going to be installed. This script checks for lots of dependencies on your system.  The main job of the configure script is to create a 'Makefile'.

     

  5. Make libdwarf
    • Instructions
      1. make
    • Note(FYI)
      1. Make is a utility that automatically builds executable programs and libraries from source code by reading files called makefiles which specify how to derive the target program.  make would use the directions present in the Makefile and proceed with the installation. The Makefile indicates the sequence, that Linux must follow to build various components / sub-programs of your software. The sequence depends on the way the software is designed as well as many other factors.

     

  6. Place dwarfdump
    • Instructions
      1. cp dwarfdump/dwarfdump /usr/bin
      2. which dwarfdump
    • Note(FYI)
      1. Copy dwarfdump to the /usr/bin directory
      2. which, displays the command location.

 

Section 7: Download, Install, and Configure Volatility Profile
  1. Download Volatility
    • Instructions
      1. cd /var/tmp
      2. wget --no-check-certificate http://www.computersecuritystudent.com/SECURITY_TOOLS/METASPLOITABLE/EXPLOIT/lesson1/volatility-2.3.1.tar.gz

     

  2. Un-tar Volatility
    • Instructions
      1. tar zxvf volatility-2.3.1.tar.gz

     

  3. Create module.dwarf
    • Instructions
      1. cd /var/tmp/volatility-2.3.1/tools/linux
      2. make
      3. ls -l module.dwarf

     

  4. Create Volatility Metasploitable Profile
    • Instructions
      1. cd /
      2. zip /var/www/UBUNTU-MSF804.zip /var/tmp/volatility-2.3.1/tools/linux/module.dwarf /boot/System.map-2.6.24-16-server
        • The   represents a space.
      3. ls -l /var/www/UBUNTU-MSF804.zip

 

Section 8: Proof of Lab
  1. Proof of Lab
    • Instructions
      1. grep "password changed" /var/log/auth.log
      2. ls -l /var/www/UBUNTU-MSF804.zip
      3. date
      4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth