Hello, if you have any need, please feel free to consult us, this is my wechat: wx91due

Power up your Kali Linux and Metasploitable VM

Exploitation  

1. Exploitation of the Metasploitable Virtual Machine

- Note: If you had any difficulties scanning your Metasploitable VM in previous labs, reload a new image.

- Use one or several of the tools and vulnerability scanners we covered in this course (nc, nmap, NSE, Nessus, and GVM) to uncover vulnerabilities in your Metasploitable VM.  (You should already have this information from previous labs.)

- Using the Metasploit Framework (MSF) and/or Armitage, successfully exploit three vulnerabilities in the Metasploitalbe VM. Focus on critical and high-risk vulnerabilities.  You cannot use the examples in the class slides or vulnerabilities demonstrated in class, but these are good to make sure your process is correct.

- You do not get credit for:

1) exploiting the bind shell listening on port TCP port 1524.

2) exploiting the Samba vulnerability.

3) using the php_cgi_arg_injection exploit or associated vulnerability.

These were given and demonstrated in class.

Document your three exploitations by providing three Demonstration Narratives, similar in format to the narratives in Offensive Security’s Sample Penetration Test Report (2013) in the Week 15 folder on Blackboard. Cover each of these items for each narrative:

1) What vulnerability are you exploiting? Explain in text.

2) How did you discover the vulnerability? Explain in text with one required screenshot from your tool or technique.

3) What Metasploit exploit did you use? Explain in text.

4) What Metasploit payload did you set? Explain in text.

5) For your third exploit only, you must successfully use Meterpreter as your payload and include a screen shot of successfully using some Meterpreter basic commands. Include a screenshot.

6) Provide a screen capture of ‘show options’ after you set required variables.

7) Provide a screen capture of the successful exploit. Each of the three exploit screen captures must also show your name and date in the terminal window.

8) References: To get credit for this assignment, you must document all resources used (except the textbook, Metasploit Unleashed, and my class material provided this semester), or include the statement, “I did not use any outside material, references, or assistance to complete this assignment.”