Professional Documents
Culture Documents
Metasploit
3rd SEMESTER
Laboratory Manual
COMPUTER ENGINEERING
Prepared by: Rushabh Vipulkumar Patel
Roll No: CS-A-O47
Enrollment No: 200103072050
DEPARTMENT OF COMPUTER ENGINEERING
VISION
To be recognized for the quality education and research in the field of COMPUTER ENGINEERING known for its
accomplished graduates.
MISSION
1. Continually improve the standard of our graduates by engaging in innovative teaching learning methods with
high caliber motivated faculty members keeping in-line with the rapid technological advancements.
2. Promote and support research activities over a wide range of academic interests among students and staff for
growth of individual knowledge and continuous learning.
3. Provide an education system that promotes innovation, creativity, entrepreneurial spirit, leadership as well as
freedom of thought with emphasis on professionalism and ethical behavior.
STEPS:
Step:1
Step:2
Step:3
Step:4
Add both satting on Bidirectional
Step5:
Change Network on Bridged Adapter
PRACTICAL-2
AIM: - Execute filesystem and network commands in linux.
A file system is a logical collection of files on a partition or disk. A partition is a container for information
and can span an entire hard drive if desired.
Your hard drive can have various partitions which usually contain only one file system, such as one file
system housing the /file system or another containing the /home file system.
One file system per partition allows for the logical maintenance and management of differing file
systems.
Everything in Unix is considered to be a file, including physical devices such as DVD-ROMs, USB
devices, and floppy drives.
Directory Structure
Unix uses a hierarchical file system structure, much like an upside-down tree, with root (/) at the base of
the file system and all other directories spreading from there.
A Unix filesystem is a collection of files and directories that has the following properties −
It has a root directory (/) that contains other files and directories.
Each file or directory is uniquely identified by its name, the directory in which it resides, and a unique
identifier, typically called an inode.
By convention, the root directory has an inode number of 2 and the lost+found directory has
an inode number of 3. Inode numbers 0 and 1 are not used. File inode numbers can be seen by
specifying the -i option to ls command.
It is self-contained. There are no dependencies between one filesystem and another.
7 less filename: Browses through a file from the end or the beginning
10 more filename: Browses through a file from the beginning to the end
11 mv file1 file2: Moves the location of, or renames a file/directory
16 touch filename: Creates a blank file or modifies an existing file or its attributes
ss It is a replacement of netstat.
Practical Code:
File System Commands:
References:
https://www.tutorialspoint.com/unix/unix-file-system.htm
https://www.javatpoint.com/linux-networking-commands
PRACTICAL-3
AIM: Perform nmap scan using metasploit.
NMAP & DB_NMAP
We can use the db_nmap command to run Nmap against our targets and our scan results would then be stored
automatically in our database. However, if you also wish to import the scan results into another application or
framework later, you will likely want to export the scan results in XML format. It is always nice to have all three
Nmap outputs (xml, grepable, and normal). So we can run the Nmap scan using the -oA flag followed by the
desired filename to generate the three output files, then issue the db_import command to populate the Metasploit
database.
Run Nmap with the options you would normally use from the command line. If we wished for our scan to be saved
to our database, we would omit the output flag and use db_nmap.
Practical Code:
Output:
References:
https://www.offensive-security.com/metasploit-unleashed/port-scanning/
PRACTICAL-4
Practical Code:
References:
https://www.offensive-security.com/metasploit-unleashed/database-introduction/
https://www.offensive-security.com/metasploit-unleashed/using-databases/
PRACTICAL-5
AIM: Perform SMB enumeration using Metasploit.
Practical Code:
Output:
References:
https://asecuritysite.com/subjects/chapter48
https://www.offensive-security.com/metasploit-unleashed/scanner-smb-auxiliary-modules/
PRACTICAL-6
Practical Code:
Output:
References:
https://pentestmag.com/ettercap-tutorial-for-windows/
PRACTICAL-7
AIM: Perform windows exploitation using Metasploit. (keylogging, camera control, VNC)
Practical Code:
Output:
References:
https://www.offensive-security.com/metasploit-unleashed/keylogging/
https://w0rm32.blogspot.com/2020/05/exploiting-windows-10-latest-update.html
PRACTICAL-8
AIM: Exploit windows using MSFVENOM and dump the hashes from SAM.
Practical Code:
Output:
References:
https://w0rm32.blogspot.com/2020/05/exploiting-windows-10-latest-update.html
PRACTICAL-9
AIM: Perform Privilege escalation attack on exploited windows machine (UAC bypass)
Practical Code:
Output:
References:
https://w0rm32.blogspot.com/2020/05/windows-10-uac-bypass.html
PRACTICAL-10
Macro malware hides in Microsoft Office files and are delivered as email attachments or inside ZIP files. These files use names
that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more.
Macro malware was common several years ago because macros ran automatically whenever a document was opened. However, in
recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince users to turn on
macros so that their malware can run. They do this by showing fake warnings when a malicious document is opened.
Practical Code:
Output:
References:
https://w0rm32.blogspot.com/2020/08/macro-based-malware-updated.html