Skip to content

Week 6 TOTW: Metasploit

Week 6’s TOTW is the Metasploit Framework. We will be using Metasploit for this week’s lab as well. The lab material is adapted from this tutorial maintained by Offensive Security, the makers of Backtrack. For this TOTW, pick a tutorial not covered in lab from Metasploit Unleashed and run through it to the extent possible. You are free to follow through any of these tutorials that are of interest to you. Try to get as far as you can but don’t feel the need to successfully launch the exploit/tool/technique/etc. Get as far as you can and report in 5-6 sentences on the tutorial you chose and the outcome of your work going through it.

Lab 5 Available

Lab 5: Metasploit Primer is now available. There is a fair amount of setup involved so you may want to get a jump on downloading and setting up the VMs needed for the lab. You will be working independently on this lab but are encouraged to interact with your teammates to test exploits and validate results.

Week 4 Lectures 1 and 2: Network Defenses

In Monday’s lecture we finished content from last Thursday and then moved on to a discussion of CSIRT roles and skills. In lecture 2 I presented an overview of Network Defenses. See the notes below along with the assigned reading on CSIRTs.

Week 3 Lectures 1 and 2: TCP/IP Networking, Security in a Networked World

For lecture 1 we discussed the TCP/IP network stack and at each level discussed how the various aspects of the sslstrip attack work. In the second lecture we sniffed some wireless traffic during class and looked at the results briefly at the end. We discussed the CIA security principals and discussed assets, adversaries and threats, among other topics.

See the notes below for topic details.

Lab 4 Available

Lab 4 is available on this page. This is a partner lab. Note that the submission deadline is later than in the past as the lab has two coding elements. Tools used in this lab:

  • Scanning: nmap, Nessus, etc
  • Spoofing: arpspoof, cain, ettercap
  • Defenses and detection: iptables, scanlogd, arpwatch
  • Netcat (nc)
  • Programming languages and scripting

Week 4 TOTW: iptables

We will be using iptables in lab this week and it is also the TOTW. The requirement of this TOTW is to follow the tutorial linked here on your BackTrack machine (or any Ubuntu distribution). Follow the tutorial up to the point where it says “Save your firewall rules to a file” followed by the command below:

sudo sh -c "iptables-save > /etc/iptables.rules"

Attach that file to or include its contents in your submission in Blackboard to complete the TOTW. All you have to do is follow the tutorial and submit the file.

Due: Sunday, 10/2


SE-4940 Lab 3 Available

Lab 3 instructions can be found on this page. Network location assignments will be assigned at the beginning of class. Make sure you have one team member ready to go with a booted BackTrack 5 machine (not a VM) and another team member ready to go with an operational Nessus server. You will only have one hour to complete the technical side of this lab so be prepared!