How do I practise this step?
Practising exploitation is one of the most challenging, frustrating, time-consuming and rewarding experiences that can be offered to new hackers and penetration testers. It’s probably a fair assumption that if you are reading this course you are interested in hacking. As mentioned earlier, the process of exploitation is the single step most often associated with hacking (although you know it’s much more). If you have never successfully “owned” or exploited a target, you are in for quite a treat. The experience of gaining administrative access on another machine is a thrill that is both electrifying and unique.
There are several ways to practise this step; the easiest way is to set up a vulnerable target in your penetration-testing lab. Once again, using virtual machines is helpful because exploitation can be a very destructive process and resetting a virtual machine is often easier and faster than reimaging a physical machine.
If you are new to exploitation, it’s important that you have a few immediate success. This will keep you from getting discouraged as you progress and move onto more difficult targets where the exploitation process becomes more tedious and difficult. As a result, it’s suggested that you start learning exploitation by attacking old, unpatched versions of operating systems and software. Successfully exploiting these systems should give you more motivation to learn more. There are many examples of students becoming quickly and permanently disillusionated with exploitation and hacking because they attempted to attack the latest-greatest-fully-patched operating system and fell flat on their face. Remember this course focuses on the basics. Once you master the tools and technologies discussed here, you’ll be able to move onto more advanced topics. If you are new to this process, let yourself win a little and enjoy the experience.
If possible, you should try to obtain a copy of Microsoft’s XP to add to your pentesting lab. It’s always suggested that newcomers begin with XP because there are still abundant copies available and there are standing exploits in the Metasploit Framework that will allow you to practise your Metasploit abilities.
When building your pentesting lab, it’s recommended that you find the lowest Service Pack edition of XP as each service pack patches a number of holes and vulnerabilities. With this advice in mind, with no service pack installed is best. XP SP 1 would be next best; XP SP 2 and XP SP 3 are the least desirable. This is because Microsoft introduced some significant security changes to XP beginning with Service Pack 2. However, even XP SP 3 has at least 1 standing exploit and can still make an excellent vulnerable target.
Metasploit has released a vulnerable target that can be used to practise exploitation. The target system is a Linux virtual machine called “Metasploitable”. Metasploitable is based on Ubuntu 8.04 and is available at no charge. You can download your copy by grabbing the torrent on the Metasploit Express Community site. The virtual machine is configured to run as a live distribution, so if you destroy the system beyond repair, you simply have to reboot it to start over from scratch. This is a great way to practise.
Finally, Thomas Wilhelm has graciously created and offered for free a series of entertaining, challending and highly customizable live Linux CDs called De-ICE. The De-ICE CDs allow you to practise a series of penetration testing challends following a realistic scenario. You can get your hands on these great CDs by downloading them at here. The CDs are great because they present you with a realistic simulation of an actual penetration test.
Another great feature of the De-ICE CDs is that you wouldn’t be able to simple Autopwn your way through the challenges. Each De-ICE CD includes several different levels of challenges you must complete. As you work your way through the challenges, you’ll need to learn to think critially and use many of the tools and techniques which have been discussed before.
Setting up and working your way through all the vulnerable targets described above should be an enjoyable process. Below you will find some specific tips for setting up targets to practise each of the tools that were discussed in this chapter.
The easiest way to practise medusa is to start a remote process on a target machine. try starting Telnet on a windows machine and SSH or FTP on a linux machine. You will need to create a few additional users and passwords with access to the remote services. once you have the remote service running, you can practise using medusa to gain access to the remote system.
The easiest way to practise metasploit and fast-track is by setting up an older version of windows xP as the target; remember the lower the service pack, the better. You can also download a copy of Ubuntu 7.04 and install SAMBA on it or find metasploit’s own “metasploitable” virtual machine.
To practise with John the ripper and chntpw, you can set up a victim machine with several user accounts and different passwords. It is highly suggested that you vary the strength of the passwords for each account. make a few user accounts with weak three- and four-letter passwords and make others with longer passwords that include upper and lowercase letters along with special characters.