If you can see this check that

Main Page

Week 6A - Exploitation

Exploiting using MSF

This practical runs an XP target, which you can attack with metasploit. Due to the complexities of the framework, "check button" tutorials were proving to be quite challenging, so for now we are using a pdf tutorial this week. However this tutorial starts the lab up ready for you to do the paper tutorial in linuxzoo.

To reset all the check buttons from a previous attempt click here

Question 1: Target 2

Press this button to ready your machine for running the virtual machine targets. If your machine is reset or you reboot then you may have to press this button again.

Note that this target can take (quite) a few minutes to boot, as it has many processes running many services.

Tests - not attempted
Script ready UNTESTED
Target network UNTESTED

The machine can take a few minutes to warm up. Press the test button to see if it is running fully. So long as the network of the target is running, you can continue for a few questions until you need the XP target.

Tests - not attempted
Target 2 network running UNTESTED
Target 2 all services running UNTESTED

Question 2: Network Device

Target 1 lies somewhere in - This time use "ip route show" and find out the device name on your machine which would be used to handle packets going to target 1. You can identify it by looking at the output, finding the line involved with the target subnet, and looking for the "dev".

Target network device:

Tests - not attempted

What is your machine's IP number on the target network?

Your IP:

Tests - not attempted

Question 3: Network scanning with nmap

Use nmap to sweep the target network, and identify the IP address of target 1. Use the appropriate flags to keep this scan efficient.

Target IP:

Tests - not attempted
target ip UNTESTED

On the target machine, list the first 3 port numbers found in numerical order using a standard nmap portscan of the common ports open on the target.

Open port 1
Open port 2
Open port 3

Tests - not attempted
first port UNTESTED
second port UNTESTED
third port UNTESTED

Question 4: Metasplot shell

First you need to run the postgress database. Start the postgress database.

service postgresql start

Tests - not attempted
postgress db running UNTESTED

Start the metasploit service.

service metasploit start

Tests - not attempted
metasploit service running UNTESTED
msf4 folder configured UNTESTED

Start the metasploit console. This can be a long long wait! Can sit there for 5 minutes appearing not to do anything!! The services also use a lot of CPU time initially while they are initialising. After a while response times seem to get a lot better.


Tests - not attempted
metasploit console process UNTESTED
msf4 folder configured UNTESTED

Switch to the pdf tutorial

Tests - not attempted
Done show options on expoit UNTESTED

Question 5: Target 2 off


Pressing this button deletes your target machine. If you want to use the target again after pressing this button, go to the first check button above and press that, which will restart the target.

Only use this if your target is dead. This may happen if you launch a metasploit expoit at the target which causes part of the target to crash. But if you use then and then restart the target, you need to wait 5 minutes while the target boots again. Dont use this button without careful thought!

Tests - not attempted
Script ready UNTESTED
Target 2 off UNTESTED
Target network off UNTESTED

Centos 7 intro: Paths | BasicShell | Search
Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net SELinux1 SELinux2 fwall DNS diag Apache1 Apache2 log Mail
Caine 10.0: Essentials | Basic | Search | Acquisition | SysIntro | grep | MBR | GPT | FAT | NTFS | FRMeta | FRTools | Browser | Mock Exam |
CPD: Cygwin | Paths | Files and head/tail | Find and regex | Sort | Log Analysis
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Kali 2020-4: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7 | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions

Linuxzoo created by Gordon Russell.
@ Copyright 2004-2023 Edinburgh Napier University