Uploaded by luanaribeiro_fono

NIT5081 Assignment (MSF Remote Access File Transfer)

advertisement
NIT5081: Fundamental of Cyber Security
Assignment (50 Marks, 30% to Final Grade)
Title: Use of MSF to Create a Remote Session and Transfer File
Preamble: Metasploit (MSF) is world’s one of the most used penetration testing framework.
Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments,
and improve security awareness; it empowers and arms defenders to always stay one step (or two)
ahead of the game. The learning curve of Metasploit is much more intense than Session 9 and Session
10 cover as part of this unit. The aim of the labs and instruction designed in Session 9 and Session 10
was mainly to give you a glimpse of the enormous potentiality that a penetration tester can do. If you
are passionate and want to learn more, then you can explore yourself and join the community @
https://www.metasploit.com/
In this assignment, the goal is to enhance your learning a little bit toward practical implication.
Objectives:
a) Gain a remote access to another machine using Metasploit by exploiting one of the open ports
b) Copy a file from the target remote machine to the machine where MSF is installed.
Environment Needed:
a)
b)
c)
d)
Virtual Box (VBox)
Kali Linux installed in VBox
MSF installed in Kali Linux
Metasploitable installed in VBox
Visual Topology inside VBox:
Virtual Box
Transfer a file
Remote Access
MSF@Kali Linux
Metasploitable
Figure 1 Virtual Box Environment
Tasks:
1. Environment Setup: [10 Marks]
a. Kali Linux and Metasploitable Linux Machine should be installed in VBox (you can
choose VMWare too)
b. Demonstrate the connectivity between Kali Linux and Metasploitable Linux Machine
(Hint: screenshot of pinging result)
2. Creating the target file: [10 Marks]
NIT5081 Assignment
©Khandakar Ahmed
a. Encrypt the following information using asymmetric cryptography and store the
cyphertext in a file namely personalData.txt
i. Your Name + Student ID
b. Hide the private key inside an image using the necessary steganography tool. Name
the image as secret.jpg
c. Save personalData.txt and secret.jpg in the home directory of ‘Kali Linux’
3. Remote session setup: [30 Marks]
a. Using the MSF framework from Kali Linux find all the open ports of Metasploitable.
b. Use one of the open ports to create a session from Kali Linux to Metasploitable
c. Copy personalData.txt and secret.jpg to Metasploitable.
Submission Guideline:
1. Write a report demonstrating your work. Length of the report should be no more than 6
pages including a cover page.
2. The report should be professionally formatted with the cover page. Cover page should
include your name, student ID, unit code and unit title.
3. The report should consists of the screenshot of your work with brief annotation of each
screenshot.
4. Screenshots should be placed in a sequential manner so that your work can be followed
clearly and distinctively.
5. Please note that at any circumstances you are not allowed to copy others work and one of
the main tasks of examiner to ensure that it is your work. Make sure your report clearly
demonstrates that.
6. Submit your DOCX/PDF file using submission dropbox.
NIT5081 Assignment
©Khandakar Ahmed
Assignment Marking RUBRIC
Criteria
HD
Environment [8-10 points]
Setup (10)
Kali Linux and
Metasploitable
Broadly 5
are running
marks for
successfully in
each task
VBox and both
machines can
ping each other
using terminal.
Well
documented
with adequate
screenshot as
evidence
Creating the [8-10 points]
Target File
(10)
personalData.txt
file contains the
First Task - 4 cyphertext of
appropriate
Marks
Second Task data as per
instruction. The
- 4 Marks
private key is
Third Task correctly
2 Marks
embedded into
secret.jpg and
they are stored
in the home
directory of Kali
Linux. Well
documented
with adequate
screenshot as
evidence
D
[7 points]
C
[6 points]
P
[ 5 points]
N
[0-4 points]
Kali Linux and
Metasploitable
are running
successfully in
VBox and both
machines can
ping each other
using terminal.
Not Well
documented
and inadequate
screenshot as
evidence
[7 points]
Kali Linux and
Metasploitable
are running
successfully in
VBox but they
can’t ping each
other. Well
documented
with adequate
screenshots.
Kali Linux and
Metasploitable
are running
successfully in
VBox but they
can’t ping each
other. Poor
documentation.
One or both of
the machines
are not fired
up
appropriately
in VBox.
[6 points]
[5 points]
[0-4 points]
personalData.txt
file contains the
cyphertext of
appropriate
data as per
instruction. The
private key is
correctly
embedded into
secret.jpg and
they are stored
in the home
directory of Kali
Linux. Not Well
documented
and inadequate
screenshot as
evidence
Any one out of
the three tasks
are not done as
per instructions
and
documentation
is also not
clear.
Any two or all
of the tasks are
not completed
or failed to
follow the
instruction.
Remote
Session
Setup (30)
[24-30 points]
[21-23 points]
The plain text
was not
formed as per
instruction or
embedding of
private key and
is not done
appropriately
or the files are
not stored as
per instruction.
[Any one task
is not done
appropriately]
Documentation
is clear with
adequate
screenshots
and
annotations
[18-20 points]
[15-17 points]
[0-14 points]
All three tasks
completed +
Well Formatted
Documentation
+ Adequate
Screenshots
with clear
annotations
All three tasks
completed +
Poor
Documentation
+ Inadequate
Screenshots
Any one task is
incomplete +
Well
Formatted
Documentation
+ Adequate
Screenshots
with clear
annotations
Any one task is
incomplete +
Poorly
Formatted
Documentation
+ Inadequate
Screenshots
with clear
Two or all of
the tasks are
incomplete +
Poor
Documentation
+ Inadequate
screenshots or
annotations.
10 Marks for
each Task
NIT5081 Assignment
©Khandakar Ahmed
Download