网络安全代写 | FIT3031 Penetration Testing Week11 Lab
The exercises are designed for students to finish in an individual capacity. The exercises are not designed to be completed in tutorial sessions but rather to give you some tasks and a starting point to continue and complete on your own.
In this lab we will perform a penetration test on Internal-Server. The target container is created by Rapid7 (https://docs.rapid7.com/metasploit/metasploitable-2/) for practicing penetration testing.
The purpose is to introduce basic penetration testing tools: NMAP and Metasploit.
We will use the Week11 lab setup (DNS server doesn’t have to be in Corporate LAN). Open SecureCorp network configuration in GNS3 (do not start the nodes yet).
We will add another attacker in the network, this is just to work efficiently in this lab. Right-click on Internal-Server and click on duplicate. Change the hostname of the newly created container to Attacker-2, and connect it to Switch3. Your Corporate LAN configuration should look like below:
Start the all nodes. Open terminal on Attacker-2 and install smbclient which is used to browse files on Samba shares, execute the following command and when prompted for configuration files, select “Keep current”:
apt-get install smbclient
We will be using this container for Metasploit. Install Metasploit using the following command (single line), use apt install curl if curl is not installed. This installation may take some time,you can move to the next section.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall
• Service Enumeration
We can use NMAP, a port scanner, for service enumeration. This is the first step of enumeration; we want to find out the services running on the target machine. We will use -p- ag, which is used to scan all TCP ports (0-65535), without this ag NMAP will only scan commonly used ports. You can also try NMAP with -A ag, which is used for OS detection, version detection, script scanning, and traceroute. Please read nmap manual (type man nmap on terminal) for more information about nmap options/ ags. Assuming the target IP is 10.10.10.189, use Attacker-2 to run NMAP: