Scribd
Upload
24 views

Lab5 VAPT

Uploaded by

atalrani8
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views

Lab5 VAPT

Uploaded by

atalrani8
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

School of Computer Science Engineering and Technology

Course- BCA Type- Elective


Course Code- BCA297L Course Name-Penetration Testing and
Ethical Hacking
Year- 2022 Semester- Even
Date- 23-02-24 Batch- 2021-2024

5. Lab Assignment
Lab Assignment 1

Objectives of the lab is to understand and practicing the following

1. Discovering potential vulnerabilities


Installing and running the OpenVAS vulnerability scanner (5 min)

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools
offering a comprehensive and powerful vulnerability scanning and vulnerability management
solution. The actual security scanner is accompanied with a regular update feed of Network
Vulnerability Tests(NVTs), over 47,000 in total. All OpenVAS products are Free Software, most
components are licensed under the GNU General Public License (GNU GPL)

apt-get install Openvas

Run: openvas-setup (note down password generated by system) (10 min)


School of Computer Science Engineering and Technology

Run: Openvas-start (5 min)


Open web browser and type https://127.0.0.1:9392

Click on Advance button and add exception.


School of Computer Science Engineering and Technology

Enter id (admin) and previously saved password.

Now, find the vulnerability of metasploit machine. (20 min)


It will time consuming process

Click on IP note the observation and analyses (20 min)


School of Computer Science Engineering and Technology

Once it complete see the bottom left for result. Click on that

Now you have a list of vulnerability. Now, you can take action against vulnerability.Analyse
some of the vulnerability and make a summary sheet for assignment.
School of Computer Science Engineering and Technology

2. Vulnerability Scanning with Nessus

1. Installing and running Nessus vulnerability scanner

Install Nessus from google and activate it.

Get Activation key from website

Install it on machine

dpkg -i ./Nessus-6.10.3-debian6_amd64.deb
School of Computer Science Engineering and Technology

/etc/init.d/nessusd start

3. Copy and paste above address and open web browser. Add security exception

4. Complete account setup and activate Nessus.


5. Go for new scan
School of Computer Science Engineering and Technology

Provide the detail of machine that you want to scan

This process will take some time


School of Computer Science Engineering and Technology

Analyze the result and make a report on vulnerability

6. Exploiting the vulnerabilities that were found

Exploiting the target system using Metasploit Framework.

We use the vulnerability that we found in previous step.

Now we target VNC server vulnerability.


School of Computer Science Engineering and Technology

In the last lab we determine the vulnerability through NMAP.

Search that service vsftpd 2.3.4 in google.


School of Computer Science Engineering and Technology

Run msfconsole command it will Take some time.

Run Help command and noted own important functionalities.

Then execute.

search VFSTPD

It shows the vulnerability in the command


School of Computer Science Engineering and Technology

Same path we also seen in google search result as a module name. Now run following command to
exploit

use exploit/unix/ftp/vsftpd_234_backdoor

You will get access to target machine.

Again, run help and see other useful commands.


School of Computer Science Engineering and Technology

Run: show options

Set the IP to RHOST


School of Computer Science Engineering and Technology

Again, check it by show option command. The execute run command. If exploit is success ful that
command will execute with success.

Run other commands like whoami, ifconfig to verify user and target machine.

Submission Guidelines:

• The assignment must be verified by the instructor during the lab


• Submit the assignment in pdf format on LMS within 7 days.
School of Computer Science Engineering and Technology

• Late submission will lead to penalty. e) Plagiarism will lead to negative grading.

You might also like