IL Exercise 23: Pen Testing With Metasploit

This exercise introduces the Metasploit framework and demonstrates how it can be used to streamline the investigation of vulnerabilities during penetration testing. The Immersive Labs platform is used, so make sure you have set up access before you begin.

Getting Started

  1. Login to Immersive Labs and start the lab named Msfconsole: Exploit. While you wait for the Linux VMs to spin up, click on the Info button at the top-right of the screen to view some background information on Metasploit. This information includes a short screencast, which is a useful guide to the commands you’ll need to use – but note the IP address, username and password needed here will be different.

  2. When the Kali Linux VM desktop is visible, click on the Network button to open the network information panel and make a note of the target’s IP address.

  3. Now click on the Tasks button to view the questions for the lab. You should be able to answer the first four questions using what you’ve learned from the information panel (watch the screencast for Q4!) Use the Submit button to check your answers.

Using an Exploit

  1. Start a terminal window in the Kali Linux VM and maximise it to fill the desktop. Run the Metasploit console by entering msfconsole. Notice how many exploits are available to use from the console.

  2. Try a couple of exploit searches, using the following commands:

    search type:exploit cve:2019
search type:exploit target:wordpress

    The first of these finds all exploits with CVE identifiers assigned in 2019. The second search finds all exploits that target the WordPress blogging platform. You’ll be using one of the exploits listed by this second search.

  3. Load the required exploit with Metasploit’s use command. (See the screencast on the information panel if you are not sure of command syntax or which exploit to use.)

    Enter the command show info to display detailed information on this exploit. Note the requirements to specify the target IP address and the credentials of the WordPress admin account.

  4. Set RHOSTS to the target IP address noted earlier. Set both username and password to the value admin. Enter show options to check that the settings have all been made correctly.

  5. Enter check. Metasploit should report that the target machine is vulnerable to this exploit.

  6. Run the exploit and wait for the meterpreter> prompt.

    You’ll need to be patient here. Metasploit has to build a custom WordPress plugin containing the malicious payload, install this plugin on the remote machine and then execute it, all of which will take a while!

  7. When you see the meterpreter> prompt, you will have shell access to the remote machine running the WordPress server. Use the cd command to move to the /var/www/html directory. List the files in that directory using ls. Use the cat command to examine contents of the file mentioned in Question 5. When you’ve found the answer and entered it, click Submit on the tasks panel to complete the lab.