Class 2 Lab 1 ‐ Investigate the Network - Justin-Boyd/Ethical-Hacking-Class GitHub Wiki
- Download the EH-02-L1-environment.ova file provided in the Extra Files section of your course in Canvas. Note: If you encounter issues, please try a different browser.
- Open the VirtualBox application and click File and then Import Appliance.
- Click the folder icon to the right of the box under Source.
- Select the EH-02-L1-environment.ova file you downloaded from the Extra Files section of your course in Canvas. Click Open.
- Verify the file is listed in the box under Source. Change the MAC Address Policy settings to Generate new MAC addresses for all network adapters. Make sure to also uncheck all USB Controller boxes for each VirtualBox and then click Import.
- It will take a few minutes for the virtual machines to import. When the installation is complete, the VMs listed in the screenshot below should be available to you.
-
Begin by powering on the pfSense virtual machine. Let this VM finish booting before powering on the others. PfSense will provide DHCP services to the other VMs in the OVA. The subnet provided to the internal network is 192.168.1.0/24, and the VM network adapters are configured as follows:
-
PfSense:
- Adapter 1: Bridged
- Adapter 2: Internal network: PFSense Network
-
Kali Linux (named kalik):
- Adapter 1: Internal network: PFSense Network
-
Metasploitable:
- Adapter 1: Internal network: PFSense Network
-
The usernames and passwords needed to work within these virtual machines are as follows:
-
PFSense:
- Username: admin
- Password: pfsense
-
Kali Linux (kalik):
- Username: root
- Password: toor
-
Metasploitable:
- Username: msfadmin
- Password: msfadmin
- Start the kalik and Metasploitable VMs. Log in to their consoles. Use ifconfig to determine the IP addresses of these two virtual machines and note them. The IP address for pfSense is 192.168.1.1.
- From a terminal window within your Kali VM, ping the IP address of the Metasploitable VM to verify you have connectivity between the two machines.
- Once the Kali machine is on the network, we want to perform a network scan with a ping sweep. The format is as follows:
- nmap [option] {target specifications}
- The target specifications can be host names, IPs, networks, and more
nmap -sP [Metasploitable IP]
- Now that you have found your target, perform a TCP SYN scan under Scan Techniques. Run this against your Metasploitable VM’s IP address. You should note the open TCP ports. We will run a few more scans to do more reconnaissance. If needed, use the - -help tag to find the command.
nmap -sS [Metasploitable IP]
- Now, let’s run a service/version scan. With this scan, you will have more detail on the TCP open ports, including their service/version. If needed, use the - -help tag to find the command.
nmap -sV [Metasploitable IP]
- Let’s run one last scan on the OS. If needed, use the - -help tag to find the command under OS Detection. You should note (at the end) the device, OS version, and other details.
nmap -O [Metasploitable IP]
- Now, we will focus on our target with a specific port. Use nmap to scan port 80. If needed, use the - -help tag to find the command under Port Specification.
nmap -p80 [Metasploitable IP]
- Nmap has scripts that can be used to check for vulnerability. You can find the scripts in the /usr/share/nmap/scripts path, which can be recalled from the textbook. In this folder, we need to find the ftp-vsftpdbackdoor.nse script.
cd /usr/share/nmap/scripts
ls -l | grep ftp-vsftp
- Now that you have the proper script, let’s run it against our target. To run the script, use nmap –script [script] [Metasploitable IP]
nmap --script ftp-vsftpd-backdoor.nse [Metasploitable IP]
- Run Wireshark by typing it in the terminal to monitor the network’s traffic.
- Perform a service/version scan with Nmap on the Metasploitable machine and examine the traffic. (Refer to Task 2, Step 3 if necessary.) Which TCP flag was used in the scan, and what is its function?
Answer
SYN
- In Wireshark, use the display filter to look at the TCP ports in Metasploitable.
tcp.flags.syn==1 && ip.src==[Metasploitable IP]