Project 9: Nmap Scripts, Metasploit Scanner Modules, and Nikto (15 points)

What You Need

These virtual machines, which you set up in a previous project:
  1. Kali Linux 2.0 with Nessus and additional software
  2. Windows Server 2008 with several vulnerable software packages

Launching Server 2008

Start your Server 2008 virtual machine.

Launching Kali

Start your Kali virtual machine.

Testing Networking

Check your virtual machine settings and make sure both virtual machines are set to the same sort of networking, either NAT or Bridged.

Find your Windows machine's IP address and ping it from the Kali machine. Make sure you can see replies, as shown below.

If you don't see replies, make sure the firewall is off on the Windows machine.

Task 1: Scanning with Nmap Scripts

On Kali, in a Terminal window, execute this command:
ls /usr/share/nmap/scripts | more
You see a long list of Nmap scripts, as shown below. Press the Spacebar to see another screen of them.

On Kali, in a Terminal window, execute this command:

nmap --script-help default
The default scripts are considered safe and effective.

Scroll back many pages to see the smtp-commands script description, as shown below.

Scanning the Windows 2008 Machine with Nmap Scripts

On Kali, in a Terminal window, execute this command, replacing the IP address with the IP address of your Windows 2008 machine.
nmap -sC 192.168.119.129
Scroll back to see the results for SMTP. You should see that the VRFY method is allowed, as shown below. This is not recommended, because spammers can use that method to verify email addresses.

Capturing a Screen Image

Make sure the Nmap results are visible, showing these two required items: Capture a whole-desktop image and save it as "Proj 9a".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Task 2: Scanning with Metasploit Scanner Modules

Metasploit can also scan for some vulnerabilities.

On Kali, in a Terminal window, execute these commands to see the scanner modules available:

msfconsole

search auxiliary ^scanner

A long list scrolls by, with scanners for many products. Unfortunately, the results include exploits and other items instead of just scanners--the Metasploit search engine doesn't seem to work very well.

Execute these commands to enumerate the user accounts on the system via SMB (Microsoft's File and Printer Sharing).

use auxiliary/scanner/smtp/smtp_enum

show options

set RHOSTS 192.168.119.129

exploit

You should see several user accounts found, as shown below.

Capturing a Screen Image

Make sure at least one user account is visible, as shown above.

Capture a whole-desktop image and save it as "Proj 9b".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Checking for MS08-067 Exploitability

On Kali, in a Terminal window, execute these commands, replacing the IP address with the IP address of your Windows 2008 machine.
use windows/smb/ms08_067_netapi

set RHOSTS 192.168.119.129

check

exit

If you are using Windows 2008, Metasploit determines that "the target is not exploitable", as shown below.

Task 3: Scanning with Nikto

On your Kali machine, open Firefox and enter the IP address of your Windows 2008 machine.

You see a page titled "XAMPP 1.7.2", as shown below.

Nikto is a web application vulnerability scanner. Execute this command, replacing the IP address with the IP address of your Windows 2008 machine.

nikto -h 192.168.119.129
You should see several vulnerabilities in the "phpmyadmin" Web administration module, with OSVDB numbers, as shown below.

These are serious vulnerabilities--that module should be hidden from unauthorized users of the website.

Capturing a Screen Image

Make sure at least one phpmyadmin vulnerability report is visible, as shown above.

Capture a whole-desktop image and save it as "Proj 9c".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Turning in Your Project

Email the images to cnit.124@gmail.com with a subject line of "Proj 9 From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.

Last Modified: 9-28-17