Lab 6 - Using BackTrack and Metasploitable to do penetration testing part 1

Overview

The goal of this lab is to explore the use of BackTrack and Metasploitable as a penetration testing tool. This is a major with MANY functions, we will only scratch th surface of the possibilities. This is a Part 1 of a multi-part lab, so make sure you get all this done THIS WEEK.

You will install two premade VMWARE virtual machines on your systems. One is BackTrack, a version of Ubuntu Linux with a comprehensive suite of tools for testing penetration. One of the tools is Metasploit, which we will be looking in more detail. The other machine is Metisploitable, a versiuon of Ubuntu specifically designed as a test hacking target. Thus one virtual machine will safely attack the other without involving the outside world. Since these are VMWARE virtual machines you will need to install VMWARE workstation. I have created accounts for youat the MVNU VMWARE webstore, where you can download VMWARE Workstation.

Since you will need the two premade virtual machines, Backtrack and Metisploitable to run this experiment, you will need copies. These are VERY large. I will have a DVD's you can copy this from.

The problem is the SIZE of the virtual machines, and the fact that the lab computers have only 1GB. There are three options:

  1. Use two lab computers, one for each VM ( BackTrack on one Metasploitable on the other. In this case you will need 32-bit versions of everything.
  2. Use your own computer
  3. Use a Dell Latitude E6400 computer (bound for Belize). I can set you up with one per team.
As mentioned in class, doing penetration testing is worthless without keeping detailed notes. I will expect you to turn in a COMPLETE log of everythihg you do, PLUS detailed comments at each step. Also, below I ask questions I want you to anser for full credit.

NOTE: This lab invloves use of very powerful amd dangerous tools. If you use these tools inapproriately, you could subject to criminal prosecution. You will also fail this class!

Steps

Step 0: Get the files

Get the flash drive from the instructor. It has the following files:

  • BT5R2-GNOME-VM-32.7z - 32-bit Backtrack Must be extracted with 7zip.
  • BT5R2-GNOME-VM-64.7z - 64-bit Backtrack Must be extracted with 7zip.
  • Metasploitable - A directory containing a VM image of this vulerable Linux OS.
  • VMware-Workstation-Full-8.0.0-471780.x86_64.bundle - VMWare Workstation 8 install image.
  • VMware-Workstation-8.0-for-64-bit-Linux-SerialNumber.txt - A working key for VMware Workstation 8
Create a folder called "Penetration" on the desktop. Copy over the BackTrack version appropriate, alone with Metasploitable and the VMWare files. This is about 5GB.

Step 1: Install VMWARE Workstation

Goto the VMWARE MVNU WebStore

You all have accounts on the VMWARE webstore, as listed below. Unless you have already logged in, you don't have a password. Go to login, and click on the "forgotten password" link, and enteryou your username (as below) to create a new password.

Username Email Name User Groups (Expiry Dates)
avarner avarner@mvnu.edu Varner, Andrew

  • Students (2013-04-19)
gkindle gkindle@mvnu.edu Kindle, Greg
  • Students (2013-04-19)
gtaylor gtaylor@mvnu.edu Taylor, Grant
  • Students (2013-04-17)
  • Students/Faculty/Staff (2013-04-17)
jtennefo jtennefo@mvnu.edu Tennefoss, Josh
  • Students (2013-04-19)
jwetzel1 jwetzel1@mvnu.edu Wetzel, Josh
  • Students (2013-04-19)
jwright3 jwright3@mvnu.edu Wright, Jacob
  • Students (2013-04-19)
kevina kadams1@mvnu.edu Adams, Kevin
  • Students (2012-10-24)
mhartzle mhartzle@mvnu.edu Hartzler, Marcus
  • Students (2012-05-23)
  • Students/Faculty/Staff (2012-05-23)
mkraly mkraly@mvnu.edu Kraly, Matt
  • Students (2013-04-19)
mwasil mwasil@mvnu.edu Wasil, Mark
  • Students (2013-04-19)
tylern tnelson@mvnu.edu Nelson, Tyler
  • Students (2012-10-24)
ZachBennett zbennet1@mvnu.edu Bennett, Zach
  • Students (2013-04-17)
  • Staff (2013-04-17)
  • Students/Faculty/Staff (2013-04-17)

If you are using a lab computer or a Dell E6400, you will need to get Workstation 7 32-bit. If you are using your own laptop, and it supports full 64-bit virtualization, you can use workstation 8 64-bit (assuming you have a 64-bit processor).

Download VMWARE Workstation, and copy the license code you will recieve. Install the software on your computer, and enter the license code (good a year).

I have VMWare on a Flash drive. Get a copy, unzip (if Zipped), make executable ( chmod 777 file). Then sudo ./VM.... to install.

There is also a text file in on the flash with the license code for VMWare Workstation. You will need to enter that in once you get VMWare up and running.

Make sure you can run VMWARE workstation now.

Step 2: Install BackTrack 5

Get a copy from the DVD or flash in class. The file is only 2GB, but is compressed with 7zip. Once expanded it is 12.2GB. You will need to install 7zip:. Goto the software center, and search for and install 7zip. Then you can expand the Backtrack VM. Note that on the Dell E6400, you MUST use the 32-bit image.

You can then start Workstation. Select "File/Open", and browse to the folder containing BackTrack, openning the ".vmx" file.

Before you start the machine go to "VM/Settings". Select "Network Adapter" and set to "Host-Only". This will create a private network that the host shares ONLY with the VMs and the host, keeping you work safe. You would have to set it for "Bridged" mode to test other machines (e.g. if you are using two lab machines).

New you should be able to start the machine!

Step 3: Install Metasploitable

As above, I have a DVD or flash with it on it. Do just as above, including with the network setup.

See if you can get it up and running.

Step 4: Your first Exploit, breaking in through Samba.

You will carefully follow the instructions on this page: Rooting Metaspoitable

Changes from the instructions:

There are a few important notes to follow below, as that page is based on BackTrack 4, and we are using backtrack 5.

  • You MUST find the IP addresses of you two machines using the ifconfig commands. Use these IP addresses, NOT the ones in the exercise. LHOST will the Backtrack 's IP, and RHOST will be Metasplooitable 's IP address.
  • I have to do the following to get the msfconsole to run in terminal:
    cd /opt/metasploit/msf3
    msfconsole
Questions (also remember to document everything for full credit):
  1. Explain exactly what it is you are actually doing here?
  2. What is the significance of being "root" on the compromised machine?
  3. If the Samba vulnerability was patched, what are some other roptions you could try to find a vulnerability?

Step 5: Easy Shells

Next you will follow the steps on this page: Easy Shells

Again document everything.

Changes from the instructions:

If you have a problem with John the Ripper, try these instructions to install it:

http://tolearnfree.blogspot.com/2009/09/how-to-install-john-ripper-1731-on.html

The actual software can be downloaded from here: john-1.7.3.1.tar.gz: John The Ripper

You will need to follow the instructions to build it. Then you will need to run the unshadow (and other) commands from the /opt/john-1.7.3.1/run directory.

Questions:
  1. What is the Shadow file, and how are we using it?
  2. What exact does Jack the Ripper do? How does it work?
  3. Why is this exploit useful, can't we just do what was on step 4?
  4. What does this teach you about password security?
-- JimSkon - 2012-04-15

Topic attachments
I Attachment Action Size Date Who Comment
Gzgz john-1.7.3.1.tar.gz manage 795.8 K 2012-04-19 - 18:56 JimSkon John The Ripper
Gzgz john-1.7.8.tar.gz manage 1.5 K 2012-04-19 - 18:51 JimSkon John The Ripper
Topic revision: r5 - 2012-04-25 - JimSkon
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback