Difference: CisLab62014 (2 vs. 3)

Revision 32014-03-14 - JimSkon

Line: 1 to 1
 
META TOPICPARENT name="ComputerInformationSecurity2014"

Lab 6

Using Metasploit to find weaknesses and penetrate systems

Line: 28 to 29
  Commands
Changed:
<
<
msf > help
msf > search <search term>
msf > show exploits
msf > use <path to exploit> //as indicated by the show exploits command
msf exploit( exploit name) > //the command prompt displays the loaded exploit
msf exploit( exploit name) > show payloads
msf exploit( exploit name) > set PAYLOAD <path to payload> //as indicated by the show payloads command
msf exploit( exploit name) > show options
>
>
msf > help
msf > search <search term>
msf > show exploits
msf > use <path to exploit> //as indicated by the show exploits command
msf exploit( exploit name) > //the command prompt displays the loaded exploit
msf exploit( exploit name) > show payloads
msf exploit( exploit name) > set PAYLOAD <path to payload> //as indicated by the show payloads command
msf exploit( exploit name) > show options
  Based on the output of the show options command you will need to input some options. Some of the options will have default settings already configured. RHOST and RPORT stands for remote host (target computer) and remote port and LHOST and LPORT stand for local host (your computer) and local port.
Changed:
<
<
msf exploit( exploit name) > set RHOST <ip address>
msf exploit( exploit name) > set RPORT <port number>
msf exploit( exploit name) > set LHOST <ip address>
msf exploit( exploit name) > set LPORT <port number>
msf exploit( exploit name) > exploit //launches the exploit
>
>
msf exploit( exploit name) > set RHOST <ip address>
msf exploit( exploit name) > set RPORT <port number>
msf exploit( exploit name) > set LHOST <ip address>
msf exploit( exploit name) > set LPORT <port number>
msf exploit( exploit name) > exploit //launches the exploit
 

Resources:

Line: 42 to 43
  \ No newline at end of file
Added:
>
>

Lab Steps

Step 1 - Startup Kali and Metasploitable 2

  1. Start and login to Kali
  2. Start and login to Metesploitable 2
  3. Make sure both VMs are running behind the NAT
  4. Use ifconfig to find Metesploitable 2's IP address. Record it.
  5. Make sure both systems can ping each other

Step 2 - Use Kali and Metasploit to find a weakness and exploit it

  1. For this step, follow the instructions here
  2. In the instructions, tey are using Backtrack, but you will use Kali
  3. You can bypass the first 4 sections, and start with section 5
  4. Follow all the instructions, and make the exploit work.
  5. Document your work with commands and screenshots in a Word file.

Step 4 - Do it again on your own

  1. Reading the resources, and from what you learned, find and exploit 2 more weaknesses. Document your work, and give screenshots of your successful steps.
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback