Probing a Machine
Running Metasploitable through UTM
I got a metasploitable machine. It is an ubuntu station that is vulnerable by design. With UTM as the hypervisor for the metasploitable machine and the Kali machine from where I should be probing the metasploitable station. Starting it, I code ifconfig and retrieve the IP address of the machine. The IP address is a private IP address, 192.168.7.157 on my LAN.
Finding the active station and listing available ports
Through obtaining the IP address of the metasploitable machine. I start my Kali Linux machine and start the shell. I write the code nmap -F -T4 192.168.7.157 and quickly get a list of the most important available ports on the metasploitable machine. There are thousands of ports but I want to save time and I code the -F flag through nmap to probe only the 100 most important ports.
Running initial probes
Through the nmap’s code categories feature to program a series of codes, I find the available logins, login codes, system capabilities, and program details. You should find a lot of ports with active programs that have details that are available. I find that the msql port 3306 got a thread ID of 167 and more than 43,564 capabilities.
Running Auth Probes
I program another set of codes under the category of authentication and one of these is a program code that goes against the mysql port 3306. This is the mysql-empty-password program code which throws an error. As this code neither tells me the login code or if there is a login code, I decide to dig deeper by starting other nmap mysql probe programs.
Probing Vulnerable Databases
I run four different programs. The first, mysql-enum, tells me that there are no logins installed in the mysql station. The second, mysql-brute, tells me that the mysql station defaults to the root login setting and this login has no login codes set. The third, mysql-databases, tells me that there are seven databases installed in the mysql station. The fourth program code, mysql-query, allows me to utilize some simple queries like SELECT version() and find databases through the root.
Building Monitoring System
Programming a directory
I want to program nmap to provide a inventory of all of the stations on my LAN. With the built-in nmap functionality I code —send-ip to send probe ARP packets to all of the IP addresses in the 192.168.0.0/16 network. Finding that this works, I decide to program code to run on a regular basis without manually starting. I build a directory in the /usr/local/share/ which goes by /usr/local/share/nmap-mon to store a bash program code that will start the nmap code.
Writing the bash program code to automatically start the program
Through bash, I program code that runs the code nmap -oX base.xml -pn -sV -n -T3 —send-ip 192.168.0.0/16. First, instead of probing ports and stations, it tells nmap that to only check for a station response and cut from probing individual ports inside the stations. It tells nmap to only send a ARP packets to the stations in the LAN instead of TCP SYN and TCP ACK packets. The -oX base.xml flag tells nmap to save the results of the probe to a path named base.xml. Running a second probe with the same code, the bash program code tells nmap to run an ndiff code to generate a list of differences between the first and second probes run and save the results in a path within the same parent directory. Saving the results, the program sends an email to the email address specified in the ADMIN variable of the bash program code.
Starting the program
I program the bash program code to run through the crontab utility in GNU. Finally, I manually program the code itself as a simple gut-check. I found that there are 13 available stations on my network. I should be receiving updates about the stations available on my network on a weekly basis.
