this is it

this is it



Ethical Hacking Principles and Practice Page 1 of 3 Lab 8: Post Exploitation Preliminaries Refer to Lectures 7, 8 and 9 slides. Tasks Turn on Kali VM and Windows 7 VM. You should keep Metasploitable2 turned off, which is not needed in this lab. Log into Kali VM, and start a terminal. Log into Win7 initially as 'Alex' (password: alex123). Then, complete the following tasks. Write your answers for all questions to your lab report. 1. Privilege Escalation. 1.1 Follow Lecture 7 client-side exploitation slides to exploit the IE browser on Win7 VM to obtain a Meterpreter shell. Since you log into Win7 with the account 'Alex', the Meterpreter shell you get should also has the privilege of 'Alex'. Grab a screenshot to prove this. The screenshot should show the result of executing the following commands: 'getuid' and 'hashdump'. Note that the 'hashdump' command should not be successful, as it needs SYSTEM privilege to run. 1.2 Follow Lecture 8 slides to escalate the privilege to 'NT Authority/System'. You should use a local exploit to achieve this. The difference from the lecture is that you should use 'ms18_8120_win32k_privesc' as the local exploit instead. a) Type all command lines to achieve the above into your lab report. b) Grab a screenshot to prove your success. The screenshot should show the result of executing the following commands: 'getuid' and 'pwd'. Note: The local exploit may take some time to succeed. You may need to wait for up to 10 minutes to see the Meterpreter session opened. Please be patient in this case. 1.3 Follow Lecture 8 slides to kill the Meterpreter session obtained in Task 1.1, while keeping the session obtained in Task 1.2. a) Type all command lines to achieve the above into your lab report. b) Grab a screenshot to prove your success. This screenshot should include the result of executing the command 'sessions' under msfconsole. 2. Information Gathering. Exit msfconsole and start it again, such that all previous handlers and Meterpreter sessions die. Also, restart the Win7 VM (this is necessary) and login as ‘Admin’. Then, follow Lecture 6 slides to exploit the SMB vuln on Win7 VM to obtain a reverse Meterpreter shell with account 'NT Authority/System'. 2.1 In the meterpreter session obtained above, enter the command 'sysinfo'. a) Grab a screenshot showing the output of ‘sysinfo’. b) Explain each line of the output in your own words. Ethical Hacking Principles and Practice Page 2 of 3 2.2 Enter another Meterpreter command 'hashdump'. a) Grab a screenshot showing the output of ‘hashdump’. b) Based on this output, how many users accounts are currently available on the Win7 VM? Hint: count the number of lines in the output. c) What are their account names? Hint: the names appear in the first column of each line, with columns separated by ‘:’. 3. Installing backdoors. 3.1 Using the Meterpreter session obtained in Task 2, install a server-mode netcat backdoor at Win7 VM by following Lecture 9 slides. a) Type all your command lines to achieve the above into your lab report. b) Exit msfconsole such that all its handlers and Meterpreter sessions die. c) Reboot the Win7 VM and login with ‘Admin’ account. Then, run ‘nc’ in client mode at Kali to connect to the backdoor at Win7. Grab a screenshot on Kali terminal to prove the connection is successful. This screenshot should show the following: • The client-mode netcat at Kali displays the command shell of Win7. • The result of executing the command: 'whoami'. • The result of executing the command: ‘netstat -a -p tcp’, which should show an established connection between the client-mode netcat at Kali and the backdoor at Win7. The connection should use the server-side port you specified when installing the backdoor. Exit the nc session. No need to write anything into the report. 3.2 Restart the Win7 VM to make it neat for this task. At Kali, exploit the SMB vuln on Win7 VM again to obtain a Meterpreter shell with account 'NT Authority/System'. With this Meterpreter session, invoke a Windows command shell and delete the backdoor entry in Windows Registry installed in 3.1. Then, install a client-mode netcat backdoor this time at Win7 VM. Follow the sketchy steps on the alternative method in Lecture 9 slides to complete this. a) Type all your command lines to achieve the above into your lab report. b) Exit msfconsole such that all its handlers and Meterpreter sessions die. c) Restart the Win7 VM and login with ‘Admin’ account. Then, grab a screenshot on Kali terminal to prove your backdoor has connected to Kali successfully. This screenshot should show the following: • The server-mode netcat at Kali receives the connection from the client-mode netcat at Win7 and shows the command shell of Win7. • The result of executing the command: 'echo %USERDOMAIN%\%USERNAME%'. • The result of executing the command: ‘netstat -a -p tcp’, which should show an established connection between the server-mode netcat at Kali and the client-mode netcat at Win7. The client-mode netcat should use a very large port number. 4. Removing traces. 4.1 In a Kali terminal, enter ‘cd /var/log’, where the log files are located. a) How many files with the extension ‘.log’ are under this directory? (Hint: you can use ‘ls -l *.log’ and then count the number of files, or use Ethical Hacking Principles and Practice Page 3 of 3 ‘ls -l *.log | wc –l ’ to count it for you.) b) When you use ‘ls -l’ to list files in a directory, which option you should add to it in order to sort the list of files by the time of modification? (Hint: you can use ‘man ls’ to find out.) c) Use the option you figure out in b) to list all the ‘.log’ files in /var/log, sorted by the time of modification. Grab a screenshot to prove the correctness of your command line. 4.2 In Win7 VM, login as Admin. Use ‘Event Viewer’ to examine the events of the ‘System’ and ‘Application’ categories under the 'Windows Logs' respectively. a) How many events are logged under each category? b) Grab a screenshot of each of them to prove your answer. Note: To start Event Viewer, click 'Start'  'Run'  enter 'eventvwr' 4.3 In Kali VM, use a Meterpreter session as described in Task 2 to execute the ‘clearev’ command. Grab a screenshot of the output of this command. 4.4 In Win7 VM, use ‘Event Viewer’ to examine the events under the ‘System’ and ‘Application’ categories again. a) How many events are present under each category now? b) Grab a screenshot of each of them to prove your answer. Last but very important: First shutdown and then power off all your three VMs. Our school's cloud is under heavy load, as you can see your VMs may not respond to you quickly. Therefore, if you are not using them, you should have them shutdown and power off.
May 26, 2022
SOLUTION.PDF

Get Answer To This Question

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here