Fire up your Kali attacker machine and your new
metaploitable 2 machine.
Seeing a black screen with white text when firing up metasploitable
2? You are in the right place. Metaploitable 2 has no GUI for you to click
around. Its full CLI which will help you improve your command line skills.
Here’s how your screen should look like:
Switch to your attacker machine. Let’s start a host discover scan to find out metaploitable's IP address.
Ping Sweep to discover Live Hosts
Enter command: nmap -sP -PI <<your network address/24>
4 hosts show up on the result. Let’s analyze this, it can’t
be the address with “.1” and “.254” and it can’t also be the “.133” because that’s
your attacker machine. We have a host with “.128” and we know there is no other
machine running which means it is the metasploitable machine. Your IP addresses
may vary but the logic still applies.
So we now know where our target is. Lets look for open
ports, services and operating system that is running on our target.
Open Ports, Services and OS discovery
Enter command: nmap -sV -O -p 0-65535 <<target IP
address>>
This command with the “-p” flag tells nmap to scan all 65535
ports on the target. Remember a normal scan only scans 1000 ports. And a full
port scan makes more noise than a normal scan because it attempts to establish
connections with much more ports.
Now we can see all open ports, what services are running on
them, their versions and the operating system.
Carefully look at the services that are open. For example, FTP is
open. FTP (File Transfer Protocol) is used to send and receive files over a network.
We could potentially use this protocol and maybe retrieve some
local files from that host, or send in a keylogger to record the user's keyboard activity to gather passwords and other information.
Questions to ask yourself:-
1. Can I interact with the FTP service on port 21?
2. Can I access the service using any default credentials?
3. What version is the service? Is it the latest?
4. Google any known exploits for that service version?
Activate your google searching skills and try to answer these questions
by yourself first. In our next tutorial we will dig deeper on the FTP service.
-Jayesh Kerai (@secjay)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.