Import the VM provided in the file HackingLab.ova into your local Virtual Box lab (select the option “Include all network adapter MAC addresses” when importing). Make sure your own Kali Linux VM can communicate with all the other VM in the lab by means of the internal network (try nmap -sn XXXXXXXXXX/24, because inbound pings are filtered out by default in Windows). Then, answer the questions below, giving an explanation of how or why even if not explicitly asked.
Part A: Checking the environment
1. Snort is already installed in the Debian client. Log in in atlantis and check the default configuration with the command “sudo snort -T -i INTERFACE -c CONFIGURATION_FILE”. What the argument -T is for? What command did you exactly use?
1. Verify that a process snort is running. What the home network is?
Part B: Basic Snort rules
Reference tutorial: https:
esources.infosecinstitute.com/topic/snort-rules-workshop-part-one
1. Show the last line of /etc/snort
ules/telnet.rules (you can use tail). Then, show the value of EXTERNAL_NET, which is set in /etc/snort/snort.conf (you can use grep with -i to avoid writing in capitals). Would this rule be triggered if an internal user tries a telnet connection to a host in Internet? Why or why not?
1. Determine the final value of TELNET_SERVERS.
1. Show the last line of virus.rules and determine if it would be triggered when a Gmail client user clicks on an attachment with malware that matches the content section of the rule.
Import the VM provided in the file Herzing-Metasploitable.ova into your local Virtual Box lab. Make sure your own Kali Linux VM can communicate with the imported VM by means of the internal network. Then, answer the questions below, giving an explanation of how or why even if not explicitly asked.
Reference tutorial: https:
docs.rapid7.com/metasploit/metasploitable-2-exploitability-guide
1. Enumerate the services and ports using nmap. Capture a screenshot.
1. Focus on FTP and perform an aggressive scan. Capture a screenshot.
1. Go to Exploit Database (https:
www.exploit-db.com/) and search for the service and version. What vulnerability would you highlight? Capture a screenshot of your findings.
1. To exploit this vulnerability, you could download the Python code and execute it in Kali Linux against your Metasploitable VM. Explore the Python code for now, looking for Python tutorials if necessary. How the target IP address is specified to the script? What port is opened to access the backdoor?
1. Nevertheless, you are about using Metasploit Framework instead. From there, search all exploits related to vsftpd. Use the module in the result, specifying the right target host. Then, exploit it. Capture a screenshot showing all the process.
1. To quit the session you obtained, just execute “exit”. Sessions can also be left in background to interact with them later. Repeat the vsftpd exploit and, within the session, execute “background”. Then, from the msf6 prompt, execute “sessions” to check them. To interact with a particular one, execute “sessions -i ID”. Capture a screenshot of showing the session left in background, and getting back to it.
1. Exploit the IRC vulnerability as explained in the link at the top. You will probably will not be successful because the payload was not specified. Capture a screenshot of the commands used, specifically “show options”.
1. The possible payloads are listed with “show payloads”. Set the payload to “payload/cmd/unix
everse”, then try again. What is the issue now? Set it co
ectly and execute “show options” before the last try. Capture a screenshot.
1. After successfully exploiting the vulnerability, a socket is created. What is the port in your Kali VM? Capture a screenshot of the shell command “netstat -an | grep PORT”.
1. If the exploit worked, you should be able to interact with a shell in Metasploitable, although no prompt is shown. Capture a screenshot of the shell commands “id” and “date” in the obtained session.
1. How can you be aware of any vulnerability in a system like these you just exploited? Name two tools that you could use.
1. What mitigation works best? How can you ensure the vulnerability was co
ectly fixed?