Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Contents
Abstract ......................................................................................................................................................... 3
Section 1: Box One Spider ........................................................................................................................ 4
Reconnaissance ......................................................................................................................................... 4
Figure 1: Port scan of Spider................................................................................................................. 4
Attack Method .......................................................................................................................................... 4
Figure 2: Exploit used ........................................................................................................................... 5
Figure 3: Payload used .......................................................................................................................... 5
Figure 4: Loading payload into exploit ................................................................................................. 6
Results ....................................................................................................................................................... 6
Figure 5: Directory found in system ..................................................................................................... 7
Figure 6: Completed test of box ............................................................................................................ 7
Section 2: Box Two Fox ............................................................................................................................ 8
Reconnaissance ......................................................................................................................................... 8
Figure 7: Scan of 192.168.37.90 ........................................................................................................... 8
Figure 8: FTP server 192.168.37.30 ..................................................................................................... 9
Figure 9: Easy chat server ..................................................................................................................... 9
Attack Method ........................................................................................................................................ 10
Figure 10: Used metasploit to access chat server................................................................................ 10
Results ..................................................................................................................................................... 10
Figure 11: Found secret....................................................................................................................... 11
Figure 12:Got Fox ............................................................................................................................... 11
Section 3: Box Three Owl ....................................................................................................................... 12
Reconnaissance ....................................................................................................................................... 12
Figure 13: Found open port ................................................................................................................. 12
Attack Method ........................................................................................................................................ 12
Figure 13: Exploits used ..................................................................................................................... 13
Figure 14: got into FTP server ............................................................................................................ 13
Results ..................................................................................................................................................... 13
Figure 15: Got Owl ............................................................................................................................. 14
Section 4: Box four Mongoose ................................................................................................................ 14
Reconnaissance ....................................................................................................................................... 14
1
Abstract
This paper outlines the methods used in order to gain access to the seven boxes that have been
set up in the virtual environment. We were required to try and gain access to each of the system
and determine key information about each system. This information includes the operating
system, system name, port access, and any other interesting pieces of data that can be found on
the systems. In addition to this we documented the methods and tools used to access the data.
Each section of this report outlines the methods and tools used to access that system specific
system as well as the data that was found on the system. It has a detailed report of the attack
methods used to open the systems including the specific data for that network.
Over the course of this paper we will outline all the steps that were taken to complete the
challenge that was given to us.
Attack Method
After we determined that port 80 was the best way to get into the box. We used metasploit in
Kali Linux to find an exploit for HTTP ports. The ms08_067_netapi TCP exploit was used to
gain access to the system. Referee to Figure 2 for exploit used. Next we determind the
windows/meterpreter/reverse http payload would work best with the exploit being used. Referrer
4
to figure 3 and 4 for payload. With the payload set with set in the exploit we were ready to
launch the attack against the system. After we were in we launched a metatrpreter shell in the
box to gain control of it. With the attack complete we began searching the system for the data we
needed to move on.
Results
We were able to successfully gain access to the box using the reverse TCP exploit on the HTTP
port 80. Once we had control we used the ip config command line prompt and found some
interesting data. There was a second sub directory on the system with and IP address of
192.168.37.90. This is the address to the next box on our list to hack into. After that we were
able to start running the scans for the next box. Referrer to figure 6 for box one completion.
Attack Method
For this box we used a reverse TCP exploit using Kali Linux to access the easy chat server. After
we were in we launched a metaprefer shell to take control of the system. Referrer to figure 10 for
metasploit results. After we had control we used the ifconfig command prompt to search the
server directory. Once we were able to use the directory we could see all of the files that sear
saved on the system.
Results
The attack phase of the test was successful. We were able to view the directory and search the
files on the server to find secretfile.txt. Referrer to figure 11 for directory list. Once we found
10
our target we were able to move on to the next system fox. Referrer to figure 12 for
completion results.
Figure 11: Found secret
11
Attack Method
We used the easyftp_cwd_fixert exploit to access the server. Referrer to figure 13 for exploit
read out. The payload we selected was a reverse http payload. This gave us access to the system
and root access. Once we gained access to system 32 we were able to view the directory and start
searching for the our files.
12
Results
Our attack against Owl was successful and we were able to search the directory for the files we
need to move on. In the directory we found the secretfile2.txt file. From there we completed
the lab and were able to move on to the next system.
13
14
Attack Method
We used a mssql exploit and brute force to gain access to the system. Referrer to figure 18 for
brute force list. For the brute force password we used hydra in Kali Linux to launch the attack
against the system. We accidentally preformed a DDoS attack against the server a few times but
after a few hours we were able to access the system. The attack was successful in braking the
into the system. Referrer to figure 17 for success results.
15
Results
The brute force attack by hydra was successful in braking into the system. Referrer to figure 20
for success results. After we were in began to launch a metasploit shell to take control of the
system. Once we had control of the system we were able to give ourselves administration access.
After that we started looking through the files and found secretfile3.txt. Referrer to figure 19
for completion. Once we had the file we moved onto the next system
16
17
Attack Method
For Frog we tried a Hydra attack to brute force the password. We created a word list called
rockyou.txt with a possible password results. Referrer to figures 22 and 23 for attack details.
Once we had access to the system we found a password and email that allow us to upgrade our
privileges to administration le vel. After a few hours we managed to find all brake the password
and gain root access to the system. Once we were in we opened a metasploit shell and took
control of the system we used ipconfig /all to view all the users on the system. Referrer to figure
26 for command prompt. Now that the attack is ready to go we can launch it and see what
happens.
18
19
20
Results
Our brute force attack on the system was successful. We learned the password was one of the
emails addresses we found backwards. Referrer to figure 24 for results of hydra attack. In
gaining control of the system we also learned that there is another server on the 192.168.37.0/24
network that was hidden from our early scans. We also found that the other servers are now
useless and cannot help us brake into the hidden server only Frog can. Referrer to figure 26 for
hidden server finding. Now we can plan out the last phase of the attack.
Figure 24: Hydra successful
21
22
Attack Method
Our attack on Lion was successful! In order to attack Lion we had to pivot through Frog to find
Lion first. After we found it we were able to use metasploit in Kali Linux to gain access to the
system. We used a psexec exploit with an auxiliary TCP payload to get into system on port 445.
Referrer to figure 27 for exploits. Referrer to figure 28 for port access information. From here we
were able to gain administrative access and view the files on the system.
Figure27 : Exploit used
23
Results
We were able to locate and hack into the hidden system Lion. All we were able to view all the
files on the system and locate the lastsecretfile.txt using the ipconfig /all command line prompt.
Referrer to figure 30 for files found. We successfully took control of the final box completing the
last lab. Referrer to figure 31 for completion.
24
Overall Results
We have successfully completed every aspect of the lab that was assigned. All box including the
hidden system Lion have been hacked into. Each box required a different method of attack in
order gain access. This final was the most difficult and fun test we have ever done.
25