NIT5081: Fundamental of Cyber Security Assignment (50 Marks, 30% to Final Grade) Title: Use of MSF to Create a Remote Session and Transfer File Preamble: Metasploit (MSF) is world’s one of the most used penetration testing framework. Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game. The learning curve of Metasploit is much more intense than Session 9 and Session 10 cover as part of this unit. The aim of the labs and instruction designed in Session 9 and Session 10 was mainly to give you a glimpse of the enormous potentiality that a penetration tester can do. If you are passionate and want to learn more, then you can explore yourself and join the community @ https://www.metasploit.com/ In this assignment, the goal is to enhance your learning a little bit toward practical implication. Objectives: a) Gain a remote access to another machine using Metasploit by exploiting one of the open ports b) Copy a file from the target remote machine to the machine where MSF is installed. Environment Needed: a) b) c) d) Virtual Box (VBox) Kali Linux installed in VBox MSF installed in Kali Linux Metasploitable installed in VBox Visual Topology inside VBox: Virtual Box Transfer a file Remote Access MSF@Kali Linux Metasploitable Figure 1 Virtual Box Environment Tasks: 1. Environment Setup: [10 Marks] a. Kali Linux and Metasploitable Linux Machine should be installed in VBox (you can choose VMWare too) b. Demonstrate the connectivity between Kali Linux and Metasploitable Linux Machine (Hint: screenshot of pinging result) 2. Creating the target file: [10 Marks] NIT5081 Assignment ©Khandakar Ahmed a. Encrypt the following information using asymmetric cryptography and store the cyphertext in a file namely personalData.txt i. Your Name + Student ID b. Hide the private key inside an image using the necessary steganography tool. Name the image as secret.jpg c. Save personalData.txt and secret.jpg in the home directory of ‘Kali Linux’ 3. Remote session setup: [30 Marks] a. Using the MSF framework from Kali Linux find all the open ports of Metasploitable. b. Use one of the open ports to create a session from Kali Linux to Metasploitable c. Copy personalData.txt and secret.jpg to Metasploitable. Submission Guideline: 1. Write a report demonstrating your work. Length of the report should be no more than 6 pages including a cover page. 2. The report should be professionally formatted with the cover page. Cover page should include your name, student ID, unit code and unit title. 3. The report should consists of the screenshot of your work with brief annotation of each screenshot. 4. Screenshots should be placed in a sequential manner so that your work can be followed clearly and distinctively. 5. Please note that at any circumstances you are not allowed to copy others work and one of the main tasks of examiner to ensure that it is your work. Make sure your report clearly demonstrates that. 6. Submit your DOCX/PDF file using submission dropbox. NIT5081 Assignment ©Khandakar Ahmed Assignment Marking RUBRIC Criteria HD Environment [8-10 points] Setup (10) Kali Linux and Metasploitable Broadly 5 are running marks for successfully in each task VBox and both machines can ping each other using terminal. Well documented with adequate screenshot as evidence Creating the [8-10 points] Target File (10) personalData.txt file contains the First Task - 4 cyphertext of appropriate Marks Second Task data as per instruction. The - 4 Marks private key is Third Task correctly 2 Marks embedded into secret.jpg and they are stored in the home directory of Kali Linux. Well documented with adequate screenshot as evidence D [7 points] C [6 points] P [ 5 points] N [0-4 points] Kali Linux and Metasploitable are running successfully in VBox and both machines can ping each other using terminal. Not Well documented and inadequate screenshot as evidence [7 points] Kali Linux and Metasploitable are running successfully in VBox but they can’t ping each other. Well documented with adequate screenshots. Kali Linux and Metasploitable are running successfully in VBox but they can’t ping each other. Poor documentation. One or both of the machines are not fired up appropriately in VBox. [6 points] [5 points] [0-4 points] personalData.txt file contains the cyphertext of appropriate data as per instruction. The private key is correctly embedded into secret.jpg and they are stored in the home directory of Kali Linux. Not Well documented and inadequate screenshot as evidence Any one out of the three tasks are not done as per instructions and documentation is also not clear. Any two or all of the tasks are not completed or failed to follow the instruction. Remote Session Setup (30) [24-30 points] [21-23 points] The plain text was not formed as per instruction or embedding of private key and is not done appropriately or the files are not stored as per instruction. [Any one task is not done appropriately] Documentation is clear with adequate screenshots and annotations [18-20 points] [15-17 points] [0-14 points] All three tasks completed + Well Formatted Documentation + Adequate Screenshots with clear annotations All three tasks completed + Poor Documentation + Inadequate Screenshots Any one task is incomplete + Well Formatted Documentation + Adequate Screenshots with clear annotations Any one task is incomplete + Poorly Formatted Documentation + Inadequate Screenshots with clear Two or all of the tasks are incomplete + Poor Documentation + Inadequate screenshots or annotations. 10 Marks for each Task NIT5081 Assignment ©Khandakar Ahmed