Silver Oak College of

Engineering and Technology

SILVER OAK UNIVERSITY

BACHELOR OF ENGINEERING

Metasploit
3rd SEMESTER

Laboratory Manual

COMPUTER ENGINEERING
Prepared by: Rushabh Vipulkumar Patel
Roll No: CS-A-O47
Enrollment No: 200103072050
DEPARTMENT OF COMPUTER ENGINEERING

VISION
To be recognized for the quality education and research in the field of COMPUTER ENGINEERING known for its
accomplished graduates.

MISSION
1. Continually improve the standard of our graduates by engaging in innovative teaching learning methods with
high caliber motivated faculty members keeping in-line with the rapid technological advancements.
2. Promote and support research activities over a wide range of academic interests among students and staff for
growth of individual knowledge and continuous learning.
3. Provide an education system that promotes innovation, creativity, entrepreneurial spirit, leadership as well as
freedom of thought with emphasis on professionalism and ethical behavior.

PROGRAM EDUCATIONAL OBJECTIVES (PEO):

PEO1: To provide fundamental knowledge of science and engineering for an IT professional and to equip them
with proficiency of mathematical foundations and algorithmic principles and inculcate competent problem-solving
ability.
PEO2: To implant ability in creativity & design of IT systems and transmit knowledge and skills to analyze,
design, test and implement various software applications.
PEO3: To exhibit leadership capability, triggering social and economical commitment and inculcate community
services.
PEO4: To inculcate professional-social ethics, teamwork in students and acquaint them with requisite technical
and managerial skills to attain a successful career.

PROGRAM OUTCOMES (POs):

Engineering Graduates will be able to:
Engineering knowledge: Apply the knowledge of mathematics, science, engineering fundamentals, and an
engineering specialization to the solution of complex engineering problems.
Problem analysis: Identify, formulate, review research literature, and analyze complex engineering problems
reaching substantiated conclusions using first principles of mathematics, natural sciences, and engineering
sciences.
Design/development of solutions: Design solutions for complex engineering problems and design system
components or processes that meet the specified needs with appropriate consideration for the public health and
safety, and the cultural, societal, and environmental considerations.
Conduct investigations of complex problems: Use research-based knowledge and research methods including
design of experiments, analysis and interpretation of data, and synthesis of the information to provide valid
conclusions.
Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern engineering and IT
tools including prediction and modeling to complex engineering activities with an understanding of the limitations.
The engineer and society: Apply reasoning informed by the contextual knowledge to assess societal, health,
safety, legal and cultural issues and the consequent responsibilities relevant to the professional engineering
practice.
Environment and sustainability: Understand the impact of the professional engineering solutions in societal and
environmental contexts, and demonstrate the knowledge of, and need for sustainable development.
Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms of the
engineering practice.
Individual and team work: Function effectively as an individual, and as a member or leader in diverse teams, and
in multidisciplinary settings.
Communication: Communicate effectively on complex engineering activities with the engineering community and
with society at large, such as, being able to comprehend and write effective reports and design documentation,
make effective presentations, and give and receive clear instructions.
Project management and finance: Demonstrate knowledge and understanding of the engineering and
management principles and apply these to one’s own work, as a member and leader in a team, to manage projects
and in multidisciplinary environments.
Life-long learning: Recognize the need for, and have the preparation and ability to engage in independent and life-
long learning in the broadest context of technological change.
TABLE OF CONTENT
Page No Sign Remarks
Sr.
Experiment Title
No
From To

1 Installing Kali Linux in VirtualBox.

Execute filesystem and network commands in

2
linux

3 Perform nmap scans in Metasploit

4 Configure database in Metasploit.

Perform SMB enumeration in a network using

5
Metasploit.

6 Perform password sniffing using MITM

7 Perform windows exploitation using Metasploit.

Exploit windows using MSFVENOM and dump

8
the Hashes from SAM.

Perform Privilege escalation attack on exploited

9
windows machine

Generate malicious .docx file using Metasploit

10
MACRO exploits.
PRACTICAL – 1
AIM: Installing Kali Linux in VirtualBox.
Virtualizing Kali Linux inside of VirtualBox allows you to have a Kali VM. This is a great way to use Kali, as it is
separate from the host, allows you to interact with other VMs (as well as the host machine and other machines on
the network), and allows you to revert to snapshots.
Note: Please demonstrate the installation using OVA and ISO both.

Practical: (please add proper screenshots)

STEPS:
Step:1

Step:2
Step:3

If you have 32 bit pc/laptop go to 32-bit and download Ova file

And same process for 64-bit shown upper

Step:4
  Add both satting on Bidirectional
Step5:
Change Network on Bridged Adapter
PRACTICAL-2
AIM: - Execute filesystem and network commands in linux.
A file system is a logical collection of files on a partition or disk. A partition is a container for information
and can span an entire hard drive if desired.
Your hard drive can have various partitions which usually contain only one file system, such as one file
system housing the /file system or another containing the /home file system.
One file system per partition allows for the logical maintenance and management of differing file
systems.
Everything in Unix is considered to be a file, including physical devices such as DVD-ROMs, USB
devices, and floppy drives.
Directory Structure
Unix uses a hierarchical file system structure, much like an upside-down tree, with root (/) at the base of
the file system and all other directories spreading from there.
A Unix filesystem is a collection of files and directories that has the following properties −
It has a root directory (/) that contains other files and directories.
Each file or directory is uniquely identified by its name, the directory in which it resides, and a unique
identifier, typically called an inode.
By convention, the root directory has an inode number of 2 and the lost+found directory has
an inode number of 3. Inode numbers 0 and 1 are not used. File inode numbers can be seen by
specifying the -i option to ls command.
It is self-contained. There are no dependencies between one filesystem and another.

Sr.No. Command & Description

1 cat filename: Displays a filename

2 cd dirname: Moves you to the identified directory

3 cp file1 file2: Copies one file/directory to the specified location

4 file filename: Identifies the file type (binary, text, etc)

5 find filename dir: Finds a file/directory

6 head filename: Shows the beginning of a file

7 less filename: Browses through a file from the end or the beginning

8 ls dirname: Shows the contents of the directory specified

9 mkdir dirname: Creates the specified directory

10 more filename: Browses through a file from the beginning to the end
 11 mv file1 file2: Moves the location of, or renames a file/directory

12 Pwd: Shows the current directory the user is in

13 rm filename: Removes a file

14 rmdir dirname: Removes a directory

15 tail filename: Shows the end of a file

16 touch filename: Creates a blank file or modifies an existing file or its attributes

17 whereis filename: Shows the location of a file

18 which filename: Shows the location of a file if it is in your PATH

Linux Networking Commands
Every computer is connected to some other computer through a network whether internally or externally to
exchange some information. This network can be small as some computers connected in your home or office or can
be large or complicated as in large University or the entire Internet.
Maintaining a system's network is a task of System/Network administrator. Their task includes network
configuration and troubleshooting.

Here is a list of Networking and Troubleshooting commands:

ifconfig Display and manipulate route and network interfaces.

ip It is a replacement of ifconfig command.

traceroute Network troubleshooting utility.

tracepath Similar to traceroute but doesn't require root privileges.

ping To check connectivity between two nodes.

netstat Display connection information.

ss It is a replacement of netstat.

dig Query DNS related information.

nslookup Find DNS related query.

route Shows and manipulate IP routing table.

host Performs DNS lookups.

 arp View or add contents of the kernel's ARP table.

iwconfig Used to configure wireless network interface.

hostname To identify a network name.

curl or wget To download a file from internet.

mtr Combines ping and tracepath into a single command.

whois Will tell you about the website's whois.

ifplugstatus Tells whether a cable is plugged in or not.

Practical Code:
File System Commands:

References:
https://www.tutorialspoint.com/unix/unix-file-system.htm
https://www.javatpoint.com/linux-networking-commands
PRACTICAL-3
AIM: Perform nmap scan using metasploit.
NMAP & DB_NMAP
We can use the db_nmap command to run Nmap against our targets and our scan results would then be stored
automatically in our database. However, if you also wish to import the scan results into another application or
framework later, you will likely want to export the scan results in XML format. It is always nice to have all three
Nmap outputs (xml, grepable, and normal). So we can run the Nmap scan using the -oA flag followed by the
desired filename to generate the three output files, then issue the db_import command to populate the Metasploit
database.
Run Nmap with the options you would normally use from the command line. If we wished for our scan to be saved
to our database, we would omit the output flag and use db_nmap. 

Practical Code:

Output:
References:
https://www.offensive-security.com/metasploit-unleashed/port-scanning/
PRACTICAL-4

AIM: Configure database in Metasploit.

STORE INFORMATION IN A DATABASE

USING METASPLOIT
When conducting a penetration test, it is frequently a challenge to keep track of everything you
have done on (or to) the target network. This is where having a database configured can be a great
timesaver. Metasploit has built-in support for the PostgreSQL database system.
The system allows quick and easy access to scan information and gives us the ability to import and
export scan results from various third party tools. We can also use this information to configure
module options rather quickly. Most importantly, it keeps our results clean and organized.

Practical Code:
References:
https://www.offensive-security.com/metasploit-unleashed/database-introduction/
https://www.offensive-security.com/metasploit-unleashed/using-databases/
PRACTICAL-5
AIM: Perform SMB enumeration using Metasploit.

Practical Code:
Output:

References:
https://asecuritysite.com/subjects/chapter48
https://www.offensive-security.com/metasploit-unleashed/scanner-smb-auxiliary-modules/
PRACTICAL-6

AIM: Perform password sniffing using MITM

What is MITM attack
A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation
between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if
a normal exchange of information is underway.
The goal of an attack is to steal personal information, such as login credentials, account details and credit card
numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other
websites where logging in is required.
Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund
transfers or an illicit password change.
Additionally, it can be used to gain a foothold inside a secured perimeter during the infiltration stage of
an advanced persistent threat (APT) assault.
Broadly speaking, a MITM attack is the equivalent of a mailman opening your bank statement, writing down your
account details and then resealing the envelope and delivering it.

Practical Code:
Output:
References:

https://pentestmag.com/ettercap-tutorial-for-windows/
PRACTICAL-7
AIM: Perform windows exploitation using Metasploit. (keylogging, camera control, VNC)

USING A KEYLOGGER WITH METASPLOIT

After you have exploited a system there are two different approaches you can take, either smash and grab or low
and slow.
Low and slow can lead to a ton of great information, if you have the patience and discipline. One tool you can use
for low and slow information gathering is the keystroke logger script with Meterpreter. This tool is very well
designed, allowing you to capture all keyboard input from the system, without writing anything to disk, leaving a
minimal forensic footprint for investigators to later follow up on. Perfect for getting passwords, user accounts, and
all sorts of other valuable information.

Practical Code:

Output:
References:

https://www.offensive-security.com/metasploit-unleashed/keylogging/
https://w0rm32.blogspot.com/2020/05/exploiting-windows-10-latest-update.html

PRACTICAL-8
AIM: Exploit windows using MSFVENOM and dump the hashes from SAM.
Practical Code:
 Output:

References:

https://w0rm32.blogspot.com/2020/05/exploiting-windows-10-latest-update.html

PRACTICAL-9
AIM: Perform Privilege escalation attack on exploited windows machine (UAC bypass)

Practical Code:

Output:
References:
https://w0rm32.blogspot.com/2020/05/windows-10-uac-bypass.html

PRACTICAL-10

AIM: Generate malicious .docx file using Metasploit MACRO exploits.

How macro malware works

Macro malware hides in Microsoft Office files and are delivered as email attachments or inside ZIP files. These files use names
that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more.

Macro malware was common several years ago because macros ran automatically whenever a document was opened. However, in
recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince users to turn on
macros so that their malware can run. They do this by showing fake warnings when a malicious document is opened.

Practical Code:

Output:
References:
https://w0rm32.blogspot.com/2020/08/macro-based-malware-updated.html