Thursday, 12 January 2012

Next in Metasploit…

Today we are going to continue with our Metasploit walkthrough.

The current version of Metasploit has a Web managed vulnerability scanner incorporated into the Project page of the web server. Starting with the project we created yesterday, we will scan the local network for vulnerabilities.

To do this, open the “Overview” tab under the Project page.

image

Select and click “Scan”. This tab is on the left hand side of the page under the “Discovery” column.

image

Here we can start a scan. To do this, enter the target addresses or networks into the data field on the page. by clicking “Show Advanced Options” you can exclude addresses and change the way the scan is run.

It is always a good idea to exclude the system you are running the scan from if you are scanning the local network. If you do not, it could be that you crash the machine and loss all of the work you have completed thus far.

Once you have selected all of the networks and configured the scan (including exclusions) click “Launch Scan” to start nmap.

image

This will take some time, but you can follow the progress of the scan in the page (displayed below).

image

Metasploit uses NMap as the default scanner. This is far less powerful than a full vulnerability scanner such as Nessus, but will do for our purposes today.

Once the scan has completed, it will display a green tick and say “Complete.”

image

For automated exploitation, you will need a Metasploit Pro license (the commercial version). I will run through this today (there is a trail license available) and continue with the free version tomorrow.

image

You can see from the image above that we have several services and a few hosts.

From here we can either go to exploits or brute-force.

image

Clicking brute-force allows us to manage credentials and configure which services we will try and break into. Metasploit is not the best brute-forcer, so I will not spend too much time here (and will go into alternatives another time).

Automated Exploit Settings

Clicking Exploit on the main page takes you to the Automated Exploit page. Here you can just click (or configure the exploit and payload in a more traditional manner).

Once that has been done (and you should have a look through the options and learn what the different exploits and payloads are (for another post) you can click “Exploit” and begin the process.

image

This is a messy approach and we really need to scan and select to make sure we do things right. This is really a script kiddies wet dream, though in reality it is far less effective than actually knowing what you are doing.

Tomorrow… Back to the free version.

To do this, we need a vulnerable service and for that I may have to transgress into Nessus … We will see.

But, when you do have a potentially vulnerable service, the next step is to select the module to use to exploit. To start this, click on Modules and enter a search term.

image

Here I have searched for RPC. You can see the results listed below:

image

I clicked a SAMBA vulnerability and then we can start to configure the host and payload details.

image

More tomorrow.

Wednesday, 11 January 2012

Applications to study with CSU close soon

The first study session for CSU's Doctor of Information Technology courses starts on the 27th of February, so get in fast to start study in 2012.

Apply Online by January 31st

Follow the Online Application Guide or contact us (In Australia 1300 885 685 or admissions@itmasters.edu.au) if you need any assistance.

Don't forget:

  • Applicants without a Bachelor Degree may still gain entry into a Masters Degree or Graduate Certificate based on work experience
  • Your Industry Certifications may qualify you for subject exemptions

If you want to check your level of credit or eligibility before you apply, complete our Credit & Eligibility Assessment and we will contact you with the results.

We look forwards to hearing from you soon.

Starting Metasploit

Well, we have installed Metasploit and now we need to start configuring it to run.
First, as we have created a self-signed certificate, it is necessary to accept the validity of it. If you do not like this you can add the cert to the browsers list of trusted certs, but that is something for another time.


Click “Yes” to continue.
From here we will need to setup a new user (at least one).



You can see I have filled this into the form displayed in the image above. What matters is that you have a username and password that you will remember and not forget. Also, the “Password confirmation must contain letters, numbers, and at least one special character”.

If you have a personal firewall and anti-virus – you may have to disable them. At the least it is likely that you will have a hard time configuring all of the exceptions. This is why using a distro is a good idea.
 
Click “Create Account” on the lower right hand side of the screen and move onto registering and Activating Metasploit




Clicking “Register your Metasploit license here!” will take you to the “Rapid7” website where you can select either the free (community) or commercial (Metasploit Pro) version. We will be using the free version for this exercise.



Enter your email and click “Go” to continue. A Product Key will be sent in email.



Enter the product key into the website and click on the “Next”tab:
Click “Activate License” to load the new license and start using Metasploit.



You will see below that we are redirected to our local instance.


Also notice that the product is activated as it displays “Activation Successful”.

New Project
We are now ready to start exploiting systems. Let us start by clicking “New Project” and setting up the project we wish to run.



After filling out the details, we are ready to start with clicking “Create Project”:




Tomorrow we will continue this with scanning and selecting a system to exploit. If you already know that a system exists (such as from the results of a Nessus scan) with a potential vulnerability, we can use Metasploit to validate it.

This is important. Unless you have the time and money to fix ALL vulnerabilities found using a vulnerability scanner (such as OpenVAS or Nessus) it will be essential that you priorities the findings based on risk. This means you will need to validate the potential vulnerabilities discovered. This is what Metasploit does.

It is difficult to argue if an exploit can occur or not once you have a video of breaking into the site. It also allows you to show just how Easy/Hard a particular exploit would be.
The process is a four (4) step one and will incorporate the following:

  1. Select the platform or application that you seek to exploit
  2. Select the exploit to use
  3. Select the payload (shellcode or other)
  4. Run and load the exploit
Tomorrow we will run the scan and actually break into a system.