CSE 466 Project 4
(Group project of 2)
Due Date: October 26, 2009, Start of Class
Method of Submission: Print out, Font: Times new roman 12 (or comparable)
Metasploit Experiment
(You must do both experiments)

Warning: These instructions are meant to provide you training with security issues.  You are advised to implement this project on your personal virtual machines.  Exploiting remote machines is not a good idea – it is a criminal offense.  These instructions are intended to train computer security professionals, not to help criminals.

Note: It is best you do not share the information you learnt in this project with people who have not taken this class.  You can easily figure out why such information may be damaging.

 

We are going to use a Windows XP machine to cause a remote exploit on a Windows 2000 machine using the “Metasploit framework”.

  1. Start the Windows XP virtual machine, and make sure it connects to the web via IE.
  2. Download Metasploit Framework 2.7 (not the latest version). Go to http://metasploit.com/tools/framework-2.7.exe
  3.  The download must be done on the Virtual Machine and not on the host.
  4. Install the framework. After some time a command window will come up and wait for line commands.
  5. Close the Metsploit Framework command window.
  6. Go to Start -> Programs -> Metasploit -> MSFWeb. A command window will open up, and it will show a IP address of the form 127.0.0.1:55555. Note the actual address displayed. DO NOT CLOSE the window, this is a web sever that will be used from IE to launch exploits.
  7. Open IE and type in the type in http://127.0.0.1:55555 (or whatever is displayed in #5)
  8. A long list of exploits will be displayed.

 

Part 1: Taking control of a Windows 2000 (works with XP too, but let us stick to 2000) Machine using Reverse Shell

Open a second virtual machine and run Windows 2000. Log into administrator with the password “dasgupta” and find out the IP address of this machine. Lets assume the IP address is a.b.c.d. Now we will exploit this machine from the XP machine.

  1. From the list of exploits, find Microsoft LSASS MSO4-011 Overflow.  Then select Windows 2000.
  2. On the next page, select Windows Reverse Shell exploit.
  3. On the next page enter the IP address of the victim MSWin 2000 machine (in the address field) and leave everything else alone and scroll down and click the “exploit” button.
  4. Click on the session link
  5. You can now figure out what happened.  Document what you think what happened as part of the report.
  6. Using the shell create a file on the 2000 machine’s desktop and place some text message in it.  Call the name of the file <your_name>_owns_this_machine.txt, please do not put any disturbing or offensive messages. Take a snapshot of the command you issue on the XP machine and the file created on the desktop of the 2000 machine and turn it in as part of the report.

Part 2: Taking control of a Windows 2000 (works with XP too, but let us stick to 2000) Machine using Reverse VNC Server Inject

Go back to the main web page for the metasploit framework to try another exploit. This time select the Microsoft PnP MS05-039 exploit.

  1. Next page you are asked for the target, select “Windows 2000 SP0-SP4, English”
  2. Now from the long list of exploits, select the “Windows Reverse VNC Server Inject” and then click “exploit”
  3. Well something will happen and a session link is provided – click on the link.  Figure out what happened and put it in your report.
  4. A window will open, and you will have to type in that window to refresh it and then you will see two blue colored screens (make sure both the XP Machine and the 2000 machine windows are visible to you).  The behavior at this point is amusing and worth playing around with.  Try doing some ‘interesting” things and take adequate screenshots. What kind of attack springs to your mind that may use this exploit, justify.