You should have some basic experience in using the command line of a linux box.
initial start up metasploitable
Load VirtualBox and launch the Metasploitable machine by selecting it and clicking Start. When Metasploitable has finished loading, you will see the following screen:
log in to metasploit
You can login with the username: msfadmin and password: msfadmin
metasploitable login: msfadmin
Once logged in, you will be presented with the metasploitable command prompt:
Now that we are logged in, let’s try running a few commands.
to print the working directory (ie, show us where we are in the system), type
The output should be:
to list the contents of the current directory type
The output should be:
This tells us there is a directory called ‘vulnerable’ in the msfadmin directory.
prepare a flag to capture
We will stay in the msfadmin directory and create a text file called target.txt. This will be our target when we attempt to hack the machine.
create a text file called target.txt type:
This will create an empty text file called target.txt within the msfadmin directory.
In order to put some data into the text file, we need to open it with Linux’s text editor program: nano.
to open the file with the editor type:
At this point, you will be presented with the nano text editor, and you can type in some data.
Lots of Secret Stuff
Now we need to save this and exit the nano text editor.
Press ctrl+o and then enter to save the file. Press ctrl+x to exit nano.
You should now be presented with your command prompt once again
We can now type ls to list the contents of directory to confirm that the file has been created:
If we type cat target.txt, it should output the contents of the file:
test network connections: metasploitable
Next, we will take a look at the network configuration. Type:
This shows some network information about the machine.
Eth0 and lo are the different network ports on the machine.
Note that the inet address of this machine is ‘10.0.2.4’: this is the IP address of the metasploitable machine. (This guide assumes you are familiar with how IP addresses work). The IP address on your VM may be different; if this is the case, take a note of it and use it whenever the guide refers to this one.
We will need the IP address when targeting the machine from Kali.
Now, let’s leave the metasploitable machine for now, but don’t shut it down; the machine needs to be running in order for us to hack into it.
network connection kali
Launch your Kali VM from VirtualBox and log in using username: kali and password: kali.
We will cover the practical aspects of the penetration testing process. As you will be aware from your studies, the main steps in a penetration test are:
Assuming we have conducted some passive / active reconnaissance on our target, this may have yielded some IP addresses for us to aim our attacks at.
In Kali, launch a terminal window (icon in the menu bar, top left) and type the command ifconfig
This will output the network information of the Kali machine. It should look something like this:
You will note that the IP address of this machine is 10.0.2.6 (yours may differ slightly); this is the address of the attack machine.
At this point, it is worth taking a written note of both of these IP addresses; in this case, our victim IP is 10.0.2.4, and our attack/Kali IP is 10.0.2.6. It is important not to get these mixed up.
If either of your IP addresses are different, simply swap these as appropriate when carrying out the following steps.
You will note that the IP addresses for both machines are very similar, both starting with ‘10.0.2’; this shows that both machines are on the same network.
We can check that the machines can ‘see’ each other using the ping command. When you ‘ping’ a remote computer, your machine will send some data packets to the target, and the target will respond with an acknowledgement. This proves there is a live connection between the machines. In the Kali terminal, type: ping 10.0.2.4
You should see that data packets (64 bytes received...) from the target machine start arriving. This means the machine is live on the network.
Kali will continue to ‘ping’ the target until you tell it to stop. You can do this by pressing ctrl+z
(If your ping was unsuccessful, this means there is probably an issue with your network settings for one or both of your VMs. Carefully check the settings are exactly as stated earlier in this guide. You will need to shut the machines down in order to do this, as VirtualBox is unable to change network settings while the VM is running.)
using nmap to scan a target
NMap is a tool built into Kali Linux that allows us to perform network analysis and gain some useful information
about our target machine(s).
We will use NMap to perform some active reconnaissance/port scanning of our target.
Open a terminal window in Kali and type nmap –help
Typing--help will instruct the program to output a list of helpful commands along with descriptions of what they
do. This can be very helpful.
You will notice that one of the options we can use with NMap is ‘–v’. This means that NMap will be verbose with its output, and provide more detailed information than it would normally.
Another useful option is ‘–A’. This will instruct NMap to attempt to detect the operating system running on the
target machine. This is a very useful thing to know for the exploitation stage, as you will see shortly.
So in order to instruct NMap to perform a scan of our target, we would type the command:
nmap –v –A 10.0.2.4
NMap will now start performing network analysis and port scanning of the target. This may take a few minutes, and your screen will look very busy and complicated. NMap will let you know when it has completed.
As the scan progresses, NMap will detect open ports on the target and attempt to identify what services are running on these ports. NMap should also detect what OS is running on the target machine.