In this activity, you will play the role of an independent penetration tester hired by GoodCorp Inc. to perform security tests against their CEO’s workstation.
The CEO claims to have passwords that are long and complex and therefore unhackable.
You are tasked with gaining access to the CEO's computer and using a Meterpreter session to search for two files that contain the stringsrecipeandseceretfile.
recipe
seceretfile
The deliverable for this engagement will be in the form of a report labeledReport.docx.
Report.docx
IEUser:Passw0rd!
Start Server
A penetration tester's job is not just to gain access and find a file. Pentesters need to find all vulnerabilities, and document and report them to the client. It's quite possible that the CEO's workstation has multiple vulnerabilities.
If a specific exploit doesn't work, that doesn't necessarily mean that the target service isn't vulnerable. It's possible that something could be wrong with the exploit script itself. Remember, not all exploit scripts are right for every situation.
The scope of this engagement is limited to the CEO's workstation only. You are not permitted to scan any other IP addresses or exploit anything other than the CEO's IP address.
The CEO has a busy schedule and cannot have the computer offline for an extended period of time. Therefore, denial of service and brute force attacks are prohibited.
After you gain access to the CEO’s computer, you may read and access any file, but you cannot delete them. Nor are you allowed to make any configurations changes to the computer.
Since you've already been provided access to the network, OSINT won't be necessary.
For this week's homework, please use the following VM setup:
root:toor
NOTE: You will need to login to theDVW10VM and start theicecastservice prior to beginning this activity using the following procedure:
icecast
Once you complete this assignment, submit your findings in the following document:
You've been provided full access to the network and are getting ping responses from the CEO’s workstation.
Perform a service and version scan using Nmap to determine which services are up and running:
Run the Nmap command that performs a service and version scan against the target.
Answer:
From the previous step, we see that the Icecast service is running. Let's start by attacking that service. Search for any Icecast exploits:
Run the SearchSploit commands to show available Icecast exploits.
Now that we know which exploits are available to us, let's start Metasploit:
Run the command that starts Metasploit:
Search for the Icecast module and load it for use.
Run the command to search for the Icecast module:
Run the command to use the Icecast module:
Note:Instead of copying the entire path to the module, you can use the number in front of it.
Set theRHOSTto the target machine.
RHOST
Run the command that sets theRHOST:
Run the Icecast exploit.
Run the command that runs the Icecast exploit.
Run the command that performs a search for thesecretfile.txton the target.
secretfile.txt
You should now have a Meterpreter session open.
Run the command to performs a search for therecipe.txton the target:
recipe.txt
Bonus: Run the command that exfiltrates therecipe*.txtfile:
recipe*.txt
You can also use Meterpreter's local exploit suggester to find possible exploits.
A. Run a Meterpreter post script that enumerates all logged on users.
B. Open a Meterpreter shell and gather system information for the target.
C. Run the command that displays the target's computer system information:
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here