Chat with us, powered by LiveChat Please follow the project Action Item and Provide  Take a screenshot of the terminal window showing the content of the passwd file. Weekly Learning and Reflection In two to three paragraphs (i | paledu.org
  

Please follow the project Action Item and Provide 

 Take a screenshot of the terminal window showing the content of the passwd file. 

Weekly Learning and Reflection 

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed,
summarize, and interact with the content covered in this project. Summarize what you did as an
attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention
the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if
you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should
think and write critically, not just about what was presented but also what you have learned through the
session. You can ask questions for the things you’re confused about. Questions asked here will be
summarized and answered anonymously in the next class. 

Project-1: Getting a Reverse Shell

In this project, you are assigned the task of stealing /etc/passwd file of OWASP BWA computer in a CTF (Capture-the-Flag) event. You discovered that OWASP BWA has a vulnerable web application. First, you crack the password of the web application, and then you log in to the web application and try to exploit it in a way that allows you to steal the passwd file of the server on which this web app is running.

Reminder

Please skim the specified chapters of the book (Metasploit 5.0 for beginners 2nd ed.) before starting the project.

Computers

Notes:

1) You will perform all of your actions from Kali Linux.

2) You cannot copy and paste between your computer and the computers on Netlab environment; however, it will be both quicker and more reliable if you use your keyboard’s tab key after writing the first 2-3 letters of each command/command parameters in Metasploit

3) Use CTRL – to shrink the fonts on Kali Linux terminal windows; alternatively you can click on the View menu and then the Shrink Font menu item.

Steps of Hacking

1. Optional: Crack the password of the
admin user of the web application
http://192.168.2.15/dvwa/login.php application. (This is the same lab you performed in Lab-7, Section-3)

2. Create a PHP backdoor (reverse PHP shell) by using msfvenom (A tool from Metasploit Framework)

3. Upload the PHP backdoor to the web application (Being able to upload a PHP is yet another vulnerability, easy to exploit, though. You will practice this local file upload vulnerability in detail in Lab-8, Section-2)

4. Prepare a handler on Kali Linux that will wait for the connection requests from the exploited web application and later on send commands to the same web application.

5. Call the reverse shell you uploaded (Open the PHP file on the browser on Kali)

6. Send a command to the vulnerable web application and fetch the /etc/passwd file of the OWASP BWA computer by sending a command (192.168.2.15)

The List of Actions/Commands per Step

1. Crack the password of the admin user of the web application

This part is optional. If you want to practice is once more, see Lab-7, Section-3. This part has been included in the project for the sake of logical completeness.

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 1/51

Chapter 3: Metasploit
Components and
Environment
Configuration
For any tool that we use to perform a

particular task, it’s always helpful to

know that tool inside out. A detailed un-

derstanding of the tool enables us to use

it appropriately, making it perform to the

fullest of its capability. Now that you

have learned some of the absolute basics

of the Metasploit Framework and how to

install it, in this chapter you will learn

how the Metasploit Framework is struc-

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 2/51

tured and the various components of the

Metasploit ecosystem.

The following topics will be covered in

this chapter:

Anatomy and structure of Metasploit

Metasploit components: auxiliaries, ex-

ploits, encoders, payloads, and post

Getting started with msfconsole and

common commands

Variables in Metasploit

Updating the Metasploit Framework

Technical
requirements
The following software is required:

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 3/51

Kali Linux

Metasploit Framework

Anatomy and structure
of Metasploit
The simplest method to learn the struc-

ture of Metasploit Framework is to

browse and explore through its applica-

tion directory. In Kali Linux, the

Metasploit Framework can be located at

/usr/share/metasploit-framework, as

shown in the following screenshot:

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition

https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 4/51

Figure 3.1 – Metasploit Framework

directory

At a broad level, the Metasploit

Framework structure is as shown in the

following screenshot:

Figure 3.2 – Metasploit Framework

Structure

11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | M