Metasploit Assignment Questions

1. What is the difference between an exploit and a payload? Give an example of a payload.

2. What are the LHOST and RHOST attributes? Why do some exploits require you to set LHOST in the options?

3. What is the auxiliary module in Metasploit? 

4. In this question, you are going to be exploiting the Metasploitable2 VM using Metasploit.

	Just like the tutorial, you will need to set up your Kali Linux VM in DH2020, which you will be using to run Metasploit.

	 - Guide on how to do it is on the tutorial file in the class repo:

	http://www.cs.toronto.edu/~arnold/427/20s/427_20S/metasploit/tutorial.pdf

	Additionally, you will need the metasploitable2 vm which can be found at ...

	https://sourceforge.net/projects/metasploitable/

	or in the lab from 

	scp UTORID@dh2026pc02.utm.utoronto.ca:/virtual/csc427arnold/a1/metasploitable_vm.zip .

	 - See note at bottom if you wish to run the assignment from home

	You don't need bridged mode to get this working, just make sure both VMs (Kali and metasploitable2)
	are on the same network.

	To get the IP of the metasploitable2 VM, you must access it and run ifconfig. Credentials:
	username: msfadmin
	password: msfadmin

	The goal of this assignment is to exploit a service called Samba hosted on the vulnerable server, using Metasploit. 
	Samba is software that is run on the Server Message Block (SMB) Networking protocol. 

	a. Identify the correct port(s) on which the service is running using db_nmap (built-in nmap into Metasploit, works very similarly to the regular nmap). 
	Note that you may need to run more aggressive service detection with db_nmap to see the correct service name (Samba). 
	Submit the db_nmap command(s) you ran, and the port(s) the samba service is hosted on.

	b. Now that you have the port(s) the service is running on, use a Metasploit auxiliary scan to check the exact SMB version that the servers are running (hint: smb_version). 
	Submit your search command, the subsequent commands you ran to use the scanner, and the output version.

	c. Using Metasploit search, find an exploit that will attack the CVE-2007-2447 vulnerability, and will give you root privileges. 
	Submit your search command, the exploit's path, and all the subsequent commands you used to run the exploit.

	d. Congratulations! You have shell access to the vulnerable VM by exploiting a vulnerability! Run whoami, and submit the answer.


SUBMISSION FORMAT:

1. Answer

2. Answer

3. Answer

4. a.
> db_nmap ???
> db_nmap ???
PORT(s): xxx, xxx

b.
> search ???
> use ???
> set ???
> run
Samba version : x.x.xx

c.
> search ???
> use ???
> set ???
> exploit

d.
whoami : ???

Notes: 	- Your submission for 4 does not have to be one-to-one, you may have intermediate step such as show.
	- If you wish to work on this assignment from home you must download metasploit to your computer (no need for kali linux as you have root) and download the metasploitable2 virtual machine:
				https://sourceforge.net/projects/metasploitable/

And remember to run it on the same network as Kali.