Bài Thực Hành Metasploit Framework Lesson 1 : Downloading and Configuring

Section 0. Background Information
  1. Metasploitable
    • Metasploitable is an intentionally vulnerable Linux virtual machine.
    • This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
  2. Reference Link
  3. Lab Notes : (Trong tình huống thực hành các học viên có thể cài đặt BackTrack 5 R3, khi đó có sẳn ứng dụng Metasploit Framework được cài tích hợp sẳn, tuy nhiên nếu cài metasplot framework riêng trên 1 máy ảo chạy hệ điều Windows như XP hay Win 7 sẽ có hiệu suất tốt hơn)
    • In this lab we will do the following:
      1. Download Metasploitable
      2. Configure the Metasploitable Network VM
      3. Change the msfadmin and root password
  4. Legal Disclaimer : Bài lab chỉ dùng cho mục đích học tập

 

Section 1. Create a New Virtual Machine
  1. Open Firefox
    • Instructions
      1. Click vào nút Bắt đầu
      2. Gõ ” Firefox ” trong hộp tìm kiếm
      3. Bấm vào Mozilla Firefox
  2. New Virtual Machine Wizard
  3. Uncompress the metasploitable VM
    • Instructions
      1. Navigate to where you downloaded the metasploitable VM
        • In my case, I saved it to an external USB hard drive.
      2. Right Click on metasploitable
      3. Click on Extract All…
  4. Extract the metasploitable VM
    • Instructions
      1. Extract the metasploitable VM to your desired location
        • In my case, I extracted it to an external USB hard drive.
      2. Click the Extract Button

 

Section 2. Start VMware Player
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer
  2. Open a Virtual Machine
    • Instructions:
      1. Click on Open a Virtual Machine
  3. Open the Metasploitable VM
    • Instructions:
      1. Navigate to where the Metasploitable VM is located
      2. Click on on the Metasploitable VM
      3. Click on the Open Button
  4. Edit the Metasploitable VM
    • Instructions:
      1. Select Metasploitable2-Linux VM
      2. Click Edit virtual machine settings
  5. Edit the Metasploitable VM
    • Instructions:
      1. Click on “Network Adapter NAT”
      2. Select the radio button “Bridged: Connected directly to the physical network”
      3. Click on the OK button
    • Warning:
      • By changing from NAT to Bridged opens the VM and network up to potential attacks.
      • To maintain a safe network, you could (1) skip this section and only use the host-only network, (2) unplug your router from the internet, (3) use an ACL to not allow traffic into your network, etc.
  6. Play the Metasploitable VM
    • Instructions:
      1. Click on the Metasploitable VM
      2. Click on Play virtual machine

 

Section 3. Changing Metasploitable Passwords
  1. Logging into Metasploitable
    • Instructions
      1. Username: msfadmin
      2. Password: msfadmin
  2. Change the msfadmin password
    • Instructions:
      1. sudo su –
      2. password for msfadmin: msfadmin
      3. passwd msfadmin
      4. Enter new UNIX password: <Supply New Password>
      5. Retype new UNIX password: <Supply Same Password>
  3. Change the root password
    • Instructions:
      1. passwd root
      2. Enter new UNIX password: Supply a new password
      3. Retype new UNIX password: Supply the same new password

 

Section 4. Proof of Lab
  1. Proof of Lab
    • Proof of Lab Instructions
      1. cd /var/log
      2. grep “password changed” auth.log
      3. date
      4. echo “Your Name”
        • Replace the string “Your Name” with your actual name.
        • e.g., echo “John Gray”
      5. Press the <Ctrl> and <Alt> key at the same time.
      6. Press the <PrtScn> key.
      7. Paste into a word document
      8. Upload to website Www.AnToanThongTin.Edu.Vn
Advertisements