Scribd
Upload
431 views

CSCI369 Lab 1

The document provides instructions for setting up a Kali Linux virtual machine and Metasploitable virtual machine using VirtualBox. It then outlines exercises for students to run basic information gathering tools like whois, nslookup and traceroute to discover network information, and tools like theharvester and CenSys to find servers and email addresses.

Uploaded by

Joe Ong Zuokai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
431 views

CSCI369 Lab 1

The document provides instructions for setting up a Kali Linux virtual machine and Metasploitable virtual machine using VirtualBox. It then outlines exercises for students to run basic information gathering tools like whois, nslookup and traceroute to discover network information, and tools like theharvester and CenSys to find servers and email addresses.

Uploaded by

Joe Ong Zuokai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

CSCI369 Ethical Hacking

This material is copyrighted. It must not be


C distributed without permission from
Joonsang Baek and Jongkil Kim

Lab 1
VMs Setup, Running Basic Information Gathering Tools

1. Install Virtual Box (VB) in your personal PC


• Download and install VirtualBox
https://www.virtualbox.org/wiki/Downloads

• Download and install VirtualBox Extension Pack


https://www.virtualbox.org/wiki/Downloads

2. Install Kali Linux in your personal PC


• As the most current one is not stable usually, we need 2019.2 version
from http://old.kali.org/kali-images/
• Download “kali-linux-2019.2-amd64.iso”
• Install Kali Linux
https://phoenixnap.com/kb/how-to-install-kali-linux-on-virtualbox
You may want to give a bigger hard disk size (e.g. 25 GB)

3. Running VMs on Virtual Box/Configuring your VirtualBox setting

• Turn off the Kali VM now.

• [Important] The trickiest part of setting up VB is configuring network.


There are a few options to manage network on VB but in this subject, we
will use two settings: “Bridged Adapter” and “NatNetwork”. The following
setting MUST be set while Kali is not operating.

- Click “File” (on the left corner of the VB Manager window) →


Select “Preferences” → Click “Network” on the left panel → Click +
icon on the right side of the window; “NatNetwork” will be created
→ Click OK (Basically NatNetwork is going to use our host
machine (a PC running Windows OS) as a router and all the VMs
are going to be clients connected to this network.)
- Now select <Your Kali Machine> (On the list in you main VB
window)→ Right click → Select “Settings” → On the pop-up
window → select “Network”.
- Now, in the “Adapter 1” tab, check “Enable Adapter Network” if
this is not selected. → Select “NAT Network” from the drop-down

1
CSCI369 Ethical Hacking
This material is copyrighted. It must not be
C distributed without permission from
Joonsang Baek and Jongkil Kim

list for “Attached to”; NatNetwork will be selected as “Name” →


Click OK. This will enable your Internet connection in the Kali.
- In the “Adapter 2”, Check “Enable Adapter Network”. → Select
“Bridged Adaptor” in the drop-down list for “Attached to” → Select
<Your PC network adaptor> →Expand “Advanced” option →
[Important] Randomize MAC address by click in the MAC
Address section as follows:

Then, Enable “Cable Connected”. This will connect your Kali to the
other computer through the private network in your home
network.

- The last important step is to boot Kali to make the network setting
change take effect; Check the network setting by run ifconfig.
Your System must have 3 network interfaces which are “eth0”,
“eth1” and “lo”.
- Now type leafpad /etc/network/interfaces from the
terminal. Once the file is open, insert iface eth1 inet dhcp
at the end of the line. Then save your file and exit. Then reboot
your Kali VM.
- Finally, type ifconfig in the terminal to check whether IPv4
addresses (inet addr)are assigned to all network interfaces
and check both “eth0” and “eth1” are assigned with IP addresses.
- * If your eth0 and eth1 do not get IP addresses, try to change
leafpad /etc/network/interfaces to
auto lo eth0 eth1
iface lo inet loopback
iface eth0 inet dhcp
iface eth1 inet dhcp

4. Installing (loading) Metasploitable VM

• Metasploitable will be used as a target machine, which is purposely set up


as vulnerable.

• Download Metasploitable from


https://sourceforge.net/projects/metasploitable/

• Unzip “metasploitable-linux-2.0.0”
• Open VB, go to Machine → New
• Give a name “Metasploitable2”, select “Linux” in Type, and “Ubuntu (32-
bit)” in Version
• Choose the memory size (512MB or 1GB)

2
CSCI369 Ethical Hacking
This material is copyrighted. It must not be
C distributed without permission from
Joonsang Baek and Jongkil Kim

• Select “Use an existing hard disk file”, browse to the folder where you
have extracted the zip files and select the ‘vmdk’ file available (click “Add”
to browse the file if necessary)

• Click “Create”

• Configure the network of Metasploitable2 in the same way as you do for


the Kali linux.

• Login to Metasploitable2 with login ID, msfadmin and password


msfadmin.
• Now type sudo nano /etc/network/interfaces from the
terminal. Once the file is open, insert two lines auto eth1 then iface
eth1 inet dhcp at the end of the line. Then save your file and exit.
Then reboot your Metasploitable VM (you can use the command sudo
reboot)
• After login again, run ifconfig to find the IP. Now, go back to your Kali
machine and ping <IP of Metasploitable> to check if it’s live.
Your Metasploit will have two IP addresses for the private network and
NatNetwork. Please check both connections using ping command.

5. Run the following intelligence gathering tools we learnt in the lecture.


• Try to reveal the following information. You may can use whois,
nslookup, traceroute that you learned in the lecture.

- Draw the network topology from your home network to amazon.


- How many hops are needed to reach at the amazon website?
- Could you determine the boundary of your home network?
- Which network provider does your home network use?
- Is there any router in front of the amazon website within the same
domain?
- Where is the website server located?

6. Try to get 20 email addresses of UoW students. You may need to use
theharvester.
(Try to use theharvester –d uowmail.edu.au -b all)

7. Try to search your IDs (e.g. your name, your student’s ID, etc.) that are
registered in various websites.

8. Find severs providing HTTP/S service in uow.edu.au and sim.edu.sg domains


using CenSys.

9. Check the technologies of famous websites such as facebook or amazon using


Builtwith.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy