Group:
Simon Arndal, David Herreborg and Georgi Petrov
Status 2/11-2010
Today we have been looking into metasploit and the different possibilities to do some exploits against the Apache web server. Apache Tomcat server 5.5 have been downloaded and installed together with java virtual environment that was required for the web server to run.
Testing the metasploit.
A couple of tests was preformed with the metasploit we found to be interesting. We were able to open a shell on the web server machine and excute commands directly on the PC. During the demonstration we made the webserver shutdown. To put it breifly, we now own the machine.
Below a screenshot of the metasploit used.
Timeline (PROGRESS)
Done so far:
--> 27/10-2010 <--
- Hardware requirements fullfilled (except one missing NIC)
- Software required installed (open source programs used)
- pfSense installed (Router/firewall software)
- Apache and MySQL are up and running (Webserver and Database)
- phpMyAdmin installed and works (Graphical User Interface for the MySQL database)
- HSLAB HTTP Monitor Lite installed (Apache monitoring software)
- Set up HSLAB HTTP Monitor Lite.
- Done research about snort + snort together with pfSense.
- Presentation of work so far and basic idea. --> kl. 09:56
--> 28/10-2010 <--
- Network interface card has been inserted to the pfSense PC.
- Presentation of the progress and the setup of "Caps WebDesign" --> kl. 12:23
--> 01/11-2010 <--
- Add rules to the snort IPS system (Common task)
- Find another solution for monitoring the Apache server traffic internally (Simon)
- Make the Apache and MySQL more reliable (Simon)
- Add a Network Interface Card to the pfSense machine (David)
- Install snort package for pfSense (Georgi)
- Install snort package for pfSense (Georgi)
- Setup Weblog Expert Lite (Software that replaces the HSLAB) and it is working.
--> 01/11-2010 <--
- Add rules to the snort IPS system (Common task)
- Decide on whether pfSense is the right system for us to use (Common task)
- We have chosen to move on with pfSense and Snort together.
- Get snort to work probberaly-->02/11-2010--<
- Tested where the snort was placed in the setup. (before the firewall)
- Figured out how the blocked function operates (update time)
- Proved that the setup is now reliable
-->03/11-2010--<
- Demonstration of the progress 09:05
- Search for metasploits
-->05/11-2010--<
- Installed the Apache Tomcat web server version 5.5
- Found a metasploit and tested with succes
- Demonstration was performed using the metasploit
What to do: (new tasks: output in green) for the 5th of November 2010
- Become more familiar with the exploits and cary out more tests.
- Setup/Make a social engnieering concept for the "CapDesign".
- Test and detect with snort.
- Find out what rules should be added to snort for alerting and blocking apache-webserver intrusion. (Gerogi)
- Search for common server vulnerbilities (Georgi,Simon)
- Find out what is metasploit (Common task)
- Find interesting metaspoilts (Common task)
What to do (future events):
- Demonstration 9/11-2010
- Do penetration testing with metasploit. (Common task)
As always, good demonstration. Stuff went a bit wrong, and that is one of the reasons we do demonstrations.
SvarSletAfter running the exploit, yes you own the machine. In the hacker lingo is called _pwning_ it.
I feel the need of mocking you just a bit.
You have a "metasploit unleached, mastering the framework" image, but you don't succeed in maintain a proper apect ratio. "Mastering", well...
As mentioned in an earlier comment, it is about time to start working on the report.
_pwining_it , okay. The Report IS under construction and have been since your last comment.
SvarSlet