Labs Introduction

The lab exercises below are designed to enhance your understanding of the material we have covered in class. Due to the
short duration of this course as part of a micro-credential, the exercises listed are not for marks. While it is strongly
recommended that students complete these exercises to enhance your learning, they are entirely optional.

Part 1 - Setting Up Your Kali Lab Environment

1. Download and install VMWare Workstation Player (Free)
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-PLAYER-
1702&productId=1377&rPId=104734
2. Download the Kali Linux image for VMWare
3. https://www.kali.org/get-kali/#kali-virtual-machines
Additional documentation with step by step: https://www.kali.org/docs/virtualization/install-vmware-guest-
vm/
4. At first login your username is ‘kali’ and password ‘kali’
5. Change password by running the ‘passwd root’ command from the terminal
6. Ensure your VM networking is set to ‘Bridged’ and not ‘NAT’
7. Spend a few minutes exploring the various tools on the system and it’s overall layout

Part 2 – Get Familiar with Nmap and Port Scanning

1. Nmap is already installed in Kali
2. Run both TCP SYN scans and TCP Connect Scans, are there any differences?
3. Try running a UDP scan, does it take longer, or is it quicker? Why?
4. Explore the Nmap NSE scripts, try using a manual script against a system.
You can experiment on your own home (internal network) or leverage the scanme.nmap.org host that is available for
public use. Do not scan your work networks, or an internet bound system that you do not have permission to test.

Part 3 – Hosting Files with Python

A useful tool during this class will be to quickly spin up a web server to test scripts. Python3 has a module that can host a
web server with a single command.
Open the Terminal
Determine your Kali IP: root@kali:~# ifconfig eth0 | grep inet
Create a temporary directory: root@kali:~# mkdir fsct_websrv
Navigate to that directory: root@kali:~# cd fsct_websrv/
Create a simple HTML file: root@kali:~/fsct_websrv# echo "This is my website" > index.html
Run a Python HTTP Server: root@kali:~/fsct_websrv# python3 -m http.server 7201
View your site at http://your_ip_from_step_2:7201/ from another system on your local network

Part 4 - Social Engineering Toolkit (SET) Site Cloner

Get familiar with the Social Engineering Toolkit (SET) by running one of the popular modules for phishing testing and
simulation known as the site cloner. Use the in-class demo as a reference or follow the steps from the following link:
https://medium.com/@nancyjohn_95536/using-set-tool-kit-to-perform-website-cloning-in-kali-linux-67fa01c92af9
1. Run the site cloner tool on a website of your choosing (with a login portal)
2. Launch the cloned page on your workstation
3. Simulate the actions of the “victim” by visiting your landing page directly from your host (or by using another
computer/device in the same network)
4. Attempt to capture credentials

Part 5 – Wireless Password Cracking

1. Download the sample capture here
This capture file contains a 4-way handshake from a WPA2 de-authentication attack

2. Utilize Wireshark to conduct an analysis of the capture

 3. Utilize Aircrack-ng (included on Kali Linux) to obtain the original WPA2 password

Hint: You will need to use a wordlist to launch the password cracking operation. Kali Linux comes with a wordlist called
‘rockyou’ which is located in the ‘/usr/share/wordlists/’ directory on your Kali VM.
Hint 2: The commands needed to obtain the plaintext password are already included in the lecture slides. You simply
need to determine which command is relevant here.

Part 6 – Metasploitable and Metasploit

The objective of this lab is to get familiar using Metasploit against a vulnerable VM.
Download Metasploitable2 from the following link: https://docs.rapid7.com/metasploit/metasploitable-2 and
install it on VMWare Player

Using your Kali Linux VM, exploit the vsFTPD vulnerability to get a shell
Please note since Metasploitable2 isn’t Windows based, you will need to run a generic Unix shell instead of
Meterpreter

Follow a standard penetration testing process for this exploit:

a. Launch Nmap against your Metasploitable host and discover the vsFTPD service
i. Determine the IP address for Metasploitable by running ifconfig from the VM

ii. You will need to enumerate the version of vsFTPD from Nmap (using the Kali VM)

b. Utilize Metasploit’s search feature to find the appropriate exploit

c. Search the appropriate payload types and get a Unix shell

i. NOTE: It will look like nothing happened after seeing ‘Command shell session 1 opened’ but you can
type commands if the exploit worked

Your Kali Linux and Metasploitable2 VM’s will need to be on the same network for this lab to work