ComputerSecurityStudent (CSS) [Login] [Join Now]


|SECURITY TOOLS >> Metasploitable Project >> Exploits >> Current Page |Views: 43033

(Metasploitable Project: Lesson 6)

{ Scan Metasploitable wish Nessus }

Section 0. Background Information
  1. Metasploitable 
  2. Pre-Requisite Lab  
  3. What is Nessus?
    • Tenable Network Security provides enterprise-class solutions for continuous monitoring and visibility of vulnerabilities, configurations, user activity and system events that impact security and compliance.
    • Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture

  4. Lab Notes
    • In this lab we will do the following:
      1. Run Internal Nessus Scan against the Metasploitable VM
      2. Review Nessus Report
      3. Download Nessus Report

  5. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.

 

Section 1: Start Up the Metasploitable VM
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer

     

  2. Open a Virtual Machine
    • Instructions:
      1. Click on Open a Virtual Machine

     

  3. Open the Metasploitable VM
    • Instructions:
      1. Navigate to where the Metasploitable VM is located
      2. Click on on the Metasploitable VM
      3. Click on the Open Button

     

  4. Edit the Metasploitable VM
    • Instructions:
      1. Select Metasploitable2-Linux VM
      2. Click Edit virtual machine settings

     

  5. Edit the Metasploitable VM
    • Instructions:
      1. Click on "Network Adapter NAT"
      2. Select the radio button "Bridged: Connected directly to the physical network"
      3. Click on the OK button
    • Warning:
      • By changing from NAT to Bridged opens the VM and network up to potential attacks.
      • To maintain a safe network, you could (1) skip this section and only use the host-only network, (2) unplug your router from the internet, (3) use an ACL to not allow traffic into your network, etc.

     

  6. Play the Metasploitable VM
    • Instructions:
      1. Click on the Metasploitable VM
      2. Click on Play virtual machine

 

Section 2: Determine Metasploitable IP Address
  1. Logging into Metasploitable
    • Instructions
      1. Username: msfadmin
      2. Password: msfadmin or whatever you changed it to in lesson 1.

     

  2. Change the msfadmin password
    • Instructions:
      1. ifconfig -a
      2. Record Your IP Address
    • Note(FYI):
      • #1, (ifconfig -a) displays all interfaces which are currently available.
      • My IP Address is 192.168.1.91

 

Section 4: Start Up the BackTrack5R1 VM
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer

     

  2. Open a Virtual Machine
    • Instructions:
      1. Click on Open a Virtual Machine

     

  3. Open the BackTrack5R1 VM
    • Instructions:
      1. Navigate to where the BackTrack5R1 VM is located
      2. Click on on the BackTrack5R1 VM
      3. Click on the Open Button

     

  4. Edit the BackTrack5R1 VM
    • Instructions:
      1. Select BackTrack5R1 VM
      2. Click Edit virtual machine settings

     

  5. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

     

  6. Play the BackTrack5R1 VM
    • Instructions:
      1. Click on the BackTrack5R1 VM
      2. Click on Play virtual machine

     

  7. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.

     

  8. Bring up the GNOME
    • Instructions:
      1. Type startx

     

  9. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window

     

  10. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
      2. Record Your IP Address
    • Note(FYI):
      • #1, (ifconfig -a), display all interfaces which are currently available.
      • #2, In my case, my IP address 192.168.1.72.

 

Section 5: Start Up NESSUS
  1. Start Nessus Service
    • Instructions:
      1. /etc/init.d/nessusd start
      2. ps -eaf | grep nessus | grep -v grep
        • ps -eaf: Show me all processes
        • | grep  nessus: Only show me nessus processes.
        • | grep -v grep: Do not show my actual grep process.

 

Section 5: Login To NESSUS
  1. Start Firefox Instance
    • Instructions:
      1. cd /root/firefox/
      2. ./firefox https://127.0.0.1:8834 &
      3. Firefox will soon pop up.
    • Note(FYI):
      • We start Firefox this way, because this is our upgraded instance of Firefox that is compatible with the newest version of Nessus.
      • Command #1, Use (cd) to change directory into (/root/firefox).
      • Command #2, Execute Firefox and Open Nessus (https://127.0.0.1:8834).  Use (&) to send the process to the background and return a command prompt.
     
  2. Invalid Certificate Warning
    • Instructions:
      1. Click the Advanced Button
      2. Click the Add Exception Button
    • Note(FYI):
      • You are receiving this message because Nessus uses a self-signed certificate that is required for the HTTPS protocol. 
      • In other circumstance, it is would be in your best interest to not proceed.
     
  3. Invalid Certificate Warning
    • Instructions:
      1. Check the Permanently store this exception checkbox
      2. Click the Confirm Security Exception Button

     

  4. Login To Nessus
    • Instructions:
      1. Login: admin
      2. Password: Supply Password
      3. Click the Sign In Button
    •  

 

Section 6: Scan Metasploitable (Victim) with NESSUS
  1. Create Scan
    • Instructions:
      1. Click on Scans
      2. Click on the New Scan button

     

  2. Scanner Templates
    • Instructions:
      1. Click on Basic Network Scan

     

  3. Configure Scan
    • Instructions:
      1. Name: metasploitable2
      2. Description: metasploitable2
      3. Folder: My Scans
      4. Scan Targets: 192.168.1.91
      5. Click the Save Button
    • Note(FYI):
      • Replace 192.168.1.91 with the Metasploitable IP Address obtained from (Section 2, Step 2).

     

  4. Launch Scan
    • Instructions:
      1. Click Arrow Icon to Launch Scan

     

  5. View Running Scan
    • Instructions:
      1. Click the running icon to view the active scan
    • Note(FYI):
      • It will take between 3 to 5 minutes for the running icon to turn into a completed icon .

     

Section 7: View Nessus Results
  1. View Vulnerabilities
    • Instructions:
      1. Click on Vulnerabilities
    • Notes(FYI):
      • Red represents the highest vulnerabilities.  Blue represents the lower vulnerabilities.

     

  2. Viewing the Vulnerabilities
    • Instructions:
      1. Notice the scan indicates how many vulnerabilities were found.
        • In my case, there were 104.
      2. The red vulnerabilities are the highest severity.
      3. Click on Rogue Shell Backdoor Detection
    • Note(FYI):
      • A pen tester will have a big smile on their face, if a Rogue Shell Backdoor shows up on the radar.

     

  3. Rogue Shell Backdoor Detection (Description, Solution)
    • Instructions:
      1. Read the Description
      2. Read the Solution
      3. Notice root access was accomplished
    • Note(FYI):
      • #3, Any ideas on how Nessus got root access?

 

Section 8: Download Nessus Report
  1. Produce Report
    • Instructions:
      1. Click on Export Drop Down Menu
      2. Click on CSV

     

  2. Save Report
    • Instructions:
      1. Select the Save File radio button
      2. Click on OK button

 

Section 9: Rogue Shell Backdoor Exploit
  1. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window

     

  2. Accomplish Root Access
    • Note(FYI):
      • Replace 192.168.1.91 with the Metasploitable IP Address obtained from (Section 2, Step 2).
    • Instructions:
      1. nc 192.168.1.91 1524
      2. netstat -naop | grep 1524
      3. whomai
      4. exit
    • Note(FYI):
      • #1, Use NetCat (nc) to connect to Metasploitable (192.168.1.91) over the Rough Shell Backdoor Port (1524).
      • #2, Use (netstat) to do the following: (-n) Show numerical addresses;(-a) Show both listening and non-listening sockets; (-o) Include information related to networking timers; and (-p) Show the PID and name of the program to which each socket belongs.  Notice the ESTABLISHED connection.
      • #3, Use (whoami) to print effective userid.
      • #4, Use (exit) to terminal shell/session to Metasploitable.

 

Section 10: Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. cd /root/Downloads
      2. ls -lrt
      3. grep -i "critical" metasploitable2* | head -3
      4. date
      5. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth