Changes

Jump to: navigation, search

SEC520/labs/Lab 3

2,293 bytes removed, 16:23, 31 January 2018
no edit summary
<h1> <span class="mw-headline">Scanning, Enumeration &amp; Vulnerability Testing</span></h1>
<a name="Introduction" id="Introduction"></a><h2> <span class="mw-headline">Introduction</span></h2>
This lab focuses on identifying and exploiteng a server's vulnerabilities in order to gain access to that system. Information assembled in the reconnaissance phase provides the data used in the <b>scanning &amp; enumeration</b> phases.
<br><br>
</ol></dd></dl>
<br>
<a name="Objectives" id="Objectives"></a><h2> <span class="mw-headline">Objectives</span></h2>
<ol>
<li>Use the <b>nmap</b> utility to verify that a targeted server is active (running).</li>
<p><br>
</p>
<a name="Required_Materials_.28Bring_to_All_Labs.29" id="Required_Materials_.28Bring_to_All_Labs.29"></a><h2> <span class="mw-headline">Required Materials (Bring to All Labs)</span></h2>
<ul>
<li> <b>SATA Hard Disk</b> (in removable disk tray).
<p><br>
</p>
<a name="Prerequisites" id="Prerequisites"></a><h2> <span class="mw-headline">Prerequisites</span></h2> <ul><li> <a href="[https://scs.senecac.on.ca/%7Efac/sec520/labs/SEC520_Lab_2.html">SEC520 Lab 2</a>]
</li></ul>
<p><br>
</p>
<a name="Linux_Command_Online_Reference" id="Linux_Command_Online_Reference"></a><h2> <span class="mw-headline">Online Tools and References</span></h2>
<table cellpadding="12">
<tbody><tr valign="top">
<td>
<ul>
<li><a href="[http://linuxmanpages.com/man1/nmap.1.php" target="_new">nmap</a>]</li> <li><a href="[http://www.howtoforge.com/useful-uses-of-netcat" target="_new">netcat</a>]</li>
</ul>
</td>
<td>
<ul>
<li><a href="[http://www.symantec.com/connect/articles/introduction-nessus" target="_new">nessus</a>]</li> <li><a href="[http://www.ehacking.net/2011/10/metasploit-tutorials-from-beginner-to.html" target="_new">Metasploit Framework</a>]</li>
</ul>
</td>
<td>
<ul>
<li><a href="[http://linuxmanpages.com/" target="_new">Online Linux Manpages</a>]</li>
</ul>
</td>
<p><br>
</p>
<a name="Resources_on_the_web" id="Resources_on_the_web"></a><h2> <span class="mw-headline">Course Notes / Resources</span></h2>
<ul>
<li><a href="[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w2_l1.odp" target="_new">odp</a> ] | <a href="[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w2_l1.pdf" target="_new">pdf</a> ] | <a href="[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w2_l1.ppt" target="_new">ppt </a>](Slides: Scanning &amp; Enumeration)</li> <li><a href="[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w2_l2.odp" target="_new">odp</a> ] | <a href="[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w2_l2.pdf" target="_new">pdf</a> ] | <a href="[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w2_l2.ppt" target="_new">ppt </a>](Slides: Vulnerability Testing)</li> <li><a href="[http://www.youtube.com/watch?v=_Ch0RJlHFBo" target="_new"> Scanning 1</a> ] | <a href="[http://www.youtube.com/watch?v=WKLNAAt57Wg" target="_new">Scanning 2</a> ] | <a href="[http://www.youtube.com/watch?v=_Ch0RJlHFBo" target="_new">Enumeration</a> ] |<a href="[https://www.youtube.com/watch?v=FMgAIfcPsyw" target="_new">Vulnerability Testing - Overview</a> ] (YouTube Videos)</li> <li><a href="[http://www.youtube.com/watch?v=BDTLdCllfr4" target="_blank">Installing Nessus in Kali Linux</a> ] (YouTube Video)</li> <li><a href="[http://www.youtube.com/watch?v=QjuyasD1aBE" target="_blank">Using Nessus in Kali Linux</a> ] (YouTube Video)</li> <li><a href="[http://www.youtube.com/watch?v=WlZuq6Vj5AI" target="_blank">Using Metasploit Pro in Kali Linux</a> ] (YouTube Video)</li> <li><a href="[http://www.youtube.com/watch?v=xErWWX2jllU" target="_blank">Use Armitage to Exploit Multiple Machines in Kali Linux</a> ] (YouTube Video)</li> <li><a href="[http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&amp;recCount=50&amp;recPointer=0&amp;bibId=315433" target="_new">Penetration Tester's Open Source Toolkit (E-book)</a> ] (Chapter 3)</li>
</ul>
<p><br>
</p>
<a name="Performing_Lab_2" id="Performing_Lab_2"></a><h1> <span class="mw-headline">Performing Lab 3</span></h1> <a name="Task1" id="Investigation_1:_How_to_Perform_a_Fedora_DVD_Install_on_Your_Removable_Hard_Drive"></a><h2> <span class="mw-headline">Task #1: Verifying Server is Active</span></h2>
<br>
After the <i>reconnaissance</i> phase, it is important to verify that
</p>
<br><br>
<a name="Task2" d="Investigation_2:_How_many_file_packages_and_files_are_installed_on_the_system.3F"></a><h2> <span class="mw-headline">Task #2: Various Scanning Techniques</span></h2>
<br>
Now that we have verified that our targeted IP Addresses are active, we
<a name="Task3" d="Investigation_2:_How_many_file_packages_and_files_are_installed_on_the_system.3F"></a><h2> <span class="mw-headline">Task #3: Enumeration Techniques</span></h2>
<br>
<br>
<a name="Task4" d="Investigation_2:_How_many_file_packages_and_files_are_installed_on_the_system.3F"></a><h2> <span class="mw-headline">Task #4: Identifying Server Vulnerabilities Using Nessus</span></h2>
This section will reap the benefits from the previous phases of penetration testing you have performed in the previous labs. You
<ol>
<br />
<li>First you should register a free account on the <b>Nessus Website</b> in order to download plugins (and run the nessus server). To register, go to the following URL, and select home use: <a href="[http://www.nessus.org/register/" target="_new">http://www.nessus.org/register/</a>]. Once you complete the registration form, an e-mail will be sent with a "one-time" ACTIVATION_CODE_# (you will need this in an up-coming step).<br /><br /></li>
<li>Next, in your host machine, open a shell terminal and issue the following command to install the <b>gdebi</b> application to allow you to automatically download and install debian packages by clicking on a .deb file link:<br /><b>sudo apt-get install gdebi</b><br /><br /></li>
</ol>
<br>
<ol>
<li value="3">Next go to the following website: <a href="[http://www.tenable.com/products/nessus/nessus-download-agreement" target="_new">http://www.tenable.com/products/nessus/nessus-download-agreement</a>]<br /> (select to download a version for <b>Debian</b> for your appropriate OS: 32-bit or 64-bit).</li>
<li>A dialog box will appear to allow you to save the file. Note the directory where you have saved the deb file.</li><li>In the <b>Administration</b> menu, selec the <b>Gdebi Package Manager</b>. Click the <b>File</b> menu, and <b>open</b> and then select the downloaded deb file. Allow the program to install the Nessus package.</li>
<li>Allow the installation to complete (it may take a long time to download the newest plugins).<br /><br /></li>
<li>Prior to starting the Nessus server, you need to register this application. <b>Use the registration/activiation code (provided from e-mail you received from above procedure)</b> by issuing the command:<br /><b>sudo /opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx</b><br /> (i.e. xxxx-xxxx-xxxx-xxxx represents activation-code contained in received e-mail message)</b><br /><br /></li>
<li>Issue the following command to start the Nessus server: <b>sudo service nessusd start</b><br /><br /></li>
<li>You can run the Nessus client application in order to connect to the Nessus server (recommended) by web-browser. Simply launch a web-browser and type the following URL: <b><a href="[https://127.0.0.1:8834/" target="_new">https://127.0.0.1:8834/</a>]</b></li>
</ol>
<a name="Task5" d="Investigation_2:_How_many_file_packages_and_files_are_installed_on_the_system.3F"></a><h2> <span class="mw-headline">Task #5: Accessing Vulnerable Servers Using Metasploit</span></h2>
<b>Metasploit</b> is a framework (collection of utilities) for penetration testing. This framework acts as
<ol>
<li>For <u>both</u> vulnerable machines, log-in as a regular-user.</li>
<li>To obtain the Proprietary version of Metasploit, you need to register first. Here is the link to Metasploit Pro website: <br><a href="[https://www.rapid7.com/products/metasploit/metasploit-community-registration.jsp" target="_blank">https://www.rapid7.com/products/metasploit/metasploit-community-registration.jsp</a>]</li>
<li>You will presented with a form to fill-out your personal information, and then you are required to <b>create account</b>. Make certain to apply for the free (community edition). During that process, you will be required to fill out information (including e-mail) in order to get an activation code.</li>
<li>At some point, you will be redirected to another screen to download the file for Metaspoit Pro. Once downloaded, you need to add execution permissions for the downloaded file, and run the file from the shell.</li>
<br />
<ol>
<li value="10">Refer to the <b>YouTube Video</b> on how to use both <b>Nessus</b> and <b>Metasploit</b> to penetrate the target server(s):<br /><br /><a href="[http://www.youtube.com/watch?v=WlZuq6Vj5AI" target="_blank">Kali Linux - Security by Penetration Testing Tutorial: Metasploit Pro</a>]<br /><br /></li>
</ol>
<br />
<li>Issue the command: <b>which armitage</b> to confirm that this application exists on this server. If there is no pathname to that application, issue the command: <b>apt-get install armitage</b> (make certain application has been installed).</li>
<li>While logged on as root, issue the command: <b>armitage</b></li>
<li>Refer to the following YouTube video to learn how to use armitage to scan and run exploitation attacks:<br /><br /><a href="[https://www.youtube.com/watch?v=j7uLBzULOE0&feature=youtu.be" target="_blank">Use Armitage to Exploit Multiple Machines in Kali Linux</a>]<br /><br /></li>
<li>Note the differences between using armitage and the proprietory application Metasploit Pro in your lab log-book.</li>
</ol>
{{Admon/important|Additional Practice with Metasploit (Optional)|
If you were not able to access the Fedora Core 5 machine, you can always perform a Google search to find out techniques to help to access the machine. You ca
n also create another VM using a more vulnerable Linux Distribution (like Metasploitable: <a href="[http://www.rapid7.com/resources/videos/test-metasploit-wit h-metasploitable.jsp" target="_blank">Download Metasploitable OS</a>]<br /><br />Another thing to consider is to learn how to use the Metasploit command conso le to learn how to load and launch singluar attacks (resource: <a href="[http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands" target="_ blank">MSF Console Commands</a>]
|}}
<br>
</ol>
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; padding-left: 45px;"> <div style="float: left; margin-left: -40px;"><a href="https://scs.senecac.on.ca/wiki/index.php{{Admon/File:Important.png" class="image" title="Important.png"><img alt="" src="SEC520_Lab_1_files/Idea.png" height="35" border="0" width="35"></a></div> <div><b>tip|Preparing for Lab #4</b><br>|
Now that you have learned to pentrate a network server, you will learn now to protect (<i>harden</i>) the server. We will learn how to harden the Linux server first, and then learn how to harden the Windows 2003 server (in a later lab).
<br /><br />
<br /><br />
In Virtualbox, you can install a downloaded Fedora image as a <b>virtual file</b>. You will learn how to perform this in lab4. In the meantime, you can download the most recent version of the Fedora install DVD image from (32-bit or 64-bit):<br />
<a href="[http://mirrors.fedoraproject.org/publiclist/Fedora/17/" target="_new">https://getfedora.org/en/workstation/</a>]
<br /><br />
</div></div>|}}
<br />
<ol>
<a name="Completing_the_Lab" id="Completing_the_Lab"></a><h1> <span class="mw-headline"> Completing the Lab </span></h1>
<p><b>Arrange evidence for each of these items on your screen, then ask
your instructor to review them and sign off on the lab's completion:</b>
<p><br>
</p>
<a name="Preparing_for_Quizzes" id="Preparing_for_Quizzes"></a><h1> <span class="mw-headline"> Preparing for Quizzes </span></h1>
<ol>
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/131187"

Navigation menu