Lab Assignment – 3 (Metasploit framework and Port Scan TCP)

Introduction to Metasploit

Using the command, we demonstrated how to launch the PostgreSQL server and use
Metasploit.

 “service postgresql start”

 “service postgresql status”

RESULTS:

1. The server had trouble starting up correctly.

2. Tried the "msfupdate" command, but it was deprecated, so I tried the
following commands instead.
 Kali is updated by using "apt install update."
 APT instals the Metasploit Framework. - updating Metasploit
3. A database for the Metasploit framework was then created using the
following commands:
 "systemctl start postgresql"
 "msfdb"
 "msfdb init"
 Fig. A database named “msf” was created

4. Still with no luck, tried to start the Metasploit framework console in

the terminal to check whether it works. For that, we used the below
command:
 “msfconsole”
1. "help" - The help command lists every command in the Metasploit framework
along with an explanation of what it does.

2. "version" - The version command displays the Metasploit version that

is currently in use.

3. "banner" - The banner command shows the banner that appears when msfconsole
is launched.

4. "sessions" - Displays how many active sessions there are.

NOTE: To view the list of commands starting with a specific letter, use "tab"
5. “info” – Gives all the information like the name, the module in which it is
available, the platform in which it works and is developed, and other details to
the user.
6. “use” – Navigates to the path and opens the tool.

7. 7. “set” – sets the value of the flag with the argument passed in the command.

8. “show options” – shows the options that are available for the particular tool.

9. “run” – runs the tool with the options that have been set by default or
altered by the user.
ABOUT REVERSE TCP LEARNING

We discovered reverse tcp while investigating the Metasploit framework. Therefore, we

ran the command "info payload/windows/meterpreter/reverse tcp" to learn more about it.
where the tool's storage path is "payload/windows/meterpreter". The same screenshot
and its associated output are provided below.
The tool's name is "Windows Meterpreter," and according to the output, it is kept in
the "payloads" module.
It was created for "Windows OS" and "x86" architecture.
- In addition, we can see the flags the tool supports, which are

 “LHOST” which is the flag to specify the IP of the target that has to be
listened to and
 “LPORT” which is the port number that the tool has to be listening to.
 The description mentions what the tool actually does.

PORTSCANNER FOR TCP EDUCATION

The "auxiliary" module of the Metasploit framework contains the portscanner.

Therefore, we use the command "use auxiliary/scanner/portscan/tcp" to use the TCP
protocol's portscanner.
This leads to the tool's console, which is depicted below.

The command "display options" lists all of the flags that are available and their
default value settings in a nice table style along with the flags descriptions, making
it easy for us to understand and use the flags that are available for the tool.

As we can see from the above screenshot, the “PORTS” flag is set to “1-10000”,
“RHOSTS” is not set, “THREADS” is set to 1 and so on. And also, we can see the
description of the particular flags too.

TASK

Let us try out to listen to our kali vms’ ip and check are there any ports open for
the TCP protocol.
This is done by setting the “RHOSTS” to the IP address of my kali machine.

1. To know the IP address of my kali, I typed “ifconfig” in the terminal and got
my IP as “192.168.153.128”.

2. To set the “RHOSTS” to the IP that we want, use the command “set RHOSTS”.

3. Additionally, we can reduce the number of ports that has to be scanned from
10000 to 3000 in order to reduce the time taken for the scan to happen, which
is done by using the command, “set PORTS 1-3000”.

4. And also, we can set the number of threads to a higher number than 1. I have
used 64 here. The higher the number of threads, the faster the scan
completes. The following command can be used to set the threads, “set
THREADS”.

5. Now, checking if all the options have been updated properly by using the
“show options” command again.

6. Once verified, use the “run” command to run the tool.

7. From the above screenshot, it can be viewed that none of my ports from 1-3000
are open for TCP protocol.

8. Hence, I am trying the port scan again but this time for my host, which is
a windows machine, whose IP I found out by typing, “ipconfig” in the
command prompt and found to be “192.168.32.1”.

9. Hence, I reset the “RHOSTS” flag to the above IP of my Windows machine by using
the command, “set RHOSTS 192.168.32.1” and the port scan again by using the
command “run”.
From the above screenshot, we can see that 139, 135, 445, 902, 912, 1042 and 1043
ports are open for TCP protocol communication.
UDP
Google DNS server: 8.8.8.8
Metasploit VM: 192.168.189.128

FTP:

Kali IP
Making the wordlist for bruteforcing:
Displaying the wordlist and setting the wordlist for bruteforcing

Running the tool

The image up top demonstrates that anonymous login did not succeed even though it
should have.
The port is closed since the ftp server is not working, which is the problem.
checking to see if the FTP port is operational.

It can be seen from the image above that the FTP port is not operational.
Examining the workstation to see if an FTP server is installed.

Both scripts failed to output anything, indicating that the system does not contain an
FTP server.
SETUP OF A FTP SERVER

"apt-get install vsftpd" is the command to use to install vsftpd.

determining whether anonymous user login is enabled by looking at the.conf file of

vsftpd.
Login for anonymous users is disabled. Now, by modifying the "vsftpd.conf" file, we
must set it to allow anonymous user login.
/etc/vsftpd.conf nano
Edit the "NO" to "YES" in the "anonymous enable" line.
Now, save the file and then start the server.

The tcp port and the telnet connection after starting the server, and both are open.
Running the tool in my Metasploit again.

From here, we are able to login to the FTP using anonymous user and also as the kali
user.
Metasploitable vm: 192.168.189.128

HTTP
SMPT

SSH

Determining whether or not my SSH server is operating.

I'm going to install my SSH server right now using "apt-get install SSH" because my
SSH isn't connected.

In order to configure the SSH server, perform the following procedures after replacing
the old SSH keys with the new ones:
1. Using the commands "update-rc.d -f ssh delete" and "update-rc.d -f ssh
defaults," removing any existing run levels and adding default ones.
2. Using "cd /etc/ssh" to get to the SSH directory
3. Using the command "mkdir original defualt keys" to create a new directory to
house the original SSH keys.

4. Using the command "mv ssh host_* original default keys," moving the original
keys to the new directory original default keys, which begins with ssh host_.
5. Launch the SSH server now by typing "service ssh start."
Now that my SSH server has started, I am gonna try log-in using my Metasploit
ssh_login.