HW04: Intro to Metasploit due Tue 14 Feb 13:20

In this assignment you will begin to learn basic usage of Metasploit.


In this assignment we will do some poking around in metasploit and establish database access as well as learn to utilize workspaces. In VirtualBox go ahead and launch your Kali server as well as the Metasploitable3 Linux (MS3L) host. IMPORTANT: One of the commands you will use in this assignment will take a couple of hours to complete so be sure you schedule your time accordingly.

Update Kali

It is good to keep Kali up-to-date. Also, we'll verify that the metasploit framework is installed. Open a terminal window and issue these commands:
sudo apt update
sudo apt install metasploit-framework
sudo apt upgrade

Prime the Pump

Before we jump in with specific commands you need to take some time to get a big picture of how to work with Metasploit. We'll be using the msfconsole interface.

Read the first page at https://www.offensive-security.com/metasploit-unleashed/Msfconsole/

Then click to the next page and skim the various commands and what they do.

If you haven't done so already, watch this video:


Play Around a Bit

Launch the msfconsole program and then play around with it for a bit including these tasks:

Enable Database Services

It will be helpful for us to have Metasploit connected to a database so we can save results of some actions without having to re-run time-consuming commands. As an example, suppose you run a very slow (i.e., stealthy) nmap command that returns a list of open ports. You may be referring to this result for a week or so as you systematically probe the network in hopes of finding a vulnerability. By connecting Metasploit to a database you can automatically store the results of some commands and then refer to them over and over.

To perform initial setup for the database do these commands which will start the database, instruct Kali to start then database when it boots up again in the future:

  1. Exit msfconsole (quit)
  2. Start database: sudo systemctl start postgresql.service
  3. Start database on boot: sudo systemctl enable postgresql.service
  4. Initialize database: sudo msfdb init
  5. Relaunch msfconsole.
  6. Check status of database: db_status (Should say “Connected to msf.”)
  7. See list of db commands: help database

Spend a moment to read the list of database commands available in msfconsole. We'll be especially intereted in the workspace command.

Using Workspaces in Metasploit

Take a moment to read this page: https://www.ceos3c.com/hacking/metasploit-how-to-use-workspaces-and/

Create (on you local computer ... i.e., NOT in Kali) a text document named hw4.txt and record the commands you enter to accomplish the tasks below as well as your answers to questions in the instructions below. Then do these commands from your msfconsole:

  1. (1 pts) List available workspaces. Write the command you used in the text file.
  2. (1 pts) Create a new workspace called ms3w. Write
  3. (1 pts) Verify that ms3w is set as your current workspace. In the text file say how you verified it.
  4. Enter this command (but replace MS3LIP with the IP number of your MS3L host): db_nmap -sS -sV -O -PN -p- MS3WIP --privileged

    NOTE: You can press enter at the msfconsole to get a report for how much progress has been made on the command. This command will take quite some time to complete. How long did it take for this command to complete? (1 pts)

  5. (1 pts) How long did it take for that command to complete?
  6. (6 pts) What do each of the switches in that command mean?
  7. Use the services command to see a list of ports discovered by db_nmap in the previous step. How long did it take for this command to complete? (1 pts)

  8. (1 pts) Create a new workspace named ms3l and work in it.
  9. (3 pts) Now you should run the db_nmap command on the MS3L machine using the same options as above except with these two changes:
    • Instead of running the command on ALL the ports, have it run only scan the following ports (which we discovered in homework 2): 21, 22, 80, 445, 631, 3000, 3306 , 3500, 6697, 8080, 8181.
    • Add the -T2 option to the command so that the command runs in a more stealthy mode.

    Write down the full command that you typed to accomplish this action.

  10. Verify you can use the services command to view the MS3L services and detected versions. Then switch back to the ms3w workspace before continuing.

    Use the services -h command to see options for services. What do the -c and -S switches accomplish in this command? (2 pts)

  11. (3 pts) Use the services command with both of the aforementioned switches to show the port number and port name only and limit the result to show only items matching: http

    Then paste into your text document the output of the services command with the switches applied.

  12. (1 pts) Use the vulns -h command to learn about it. What does the vulns command do?

  13. (2 pts) Use the vulns command to report all vulnerabilities associated with the port typically used with the SSH protocol. In your text document show the command you used and paste in the results of the output of the command. NOTE: We are expecting this to be blank because we haven't stored vulnerabilities in our local database yet (more on that in future homework).

Upon completion of this assignment, upload your text document to this Canvas assignment.