Penetration testing is the pinnacle for most of us, and successfully bypassing an organization’s defenses during a penetration test is one of our most rewarding experiences. In this chapter, we’ll pull together what you’ve learned in previous chapters as we simulate a complete penetration test. You will be re-creating steps that you’ve seen in previous chapters, so most of what is shown here should be familiar.
Before you begin, download and install Metasploit’s vulnerable Linux virtual machine called Metasploitable. (You can find it at http://www.thepiratebay.org/torrent/5573179/Metasploitable/.) Metasploitable was created to train individuals to use Metasploit for successful exploitation. Follow the directions on the site to install Metasploitable, and then power it on. We’ll be running the Metasploitable virtual machine alongside the Windows XP system to simulate a small networked environment, with one virtual machine acting as an Internet-facing system and another acting as an internal network host.
The simulated penetration test in this chapter is a small one. You would do something more in-depth if your target were a large corporation. We’ve kept this simple to make it easy for you to replicate.
Planning is the first step in pre-engagement. During a true planning phase, we would identify our target(s) and our primary method of planned attack, which might include social engineering, wireless, Internet, or internal attack vectors. Unlike an actual penetration test, here we will not be targeting a specific organization or a group of systems; we will perform a simulation using our known virtual machine.
For the purposes of this simulation, our target will be the protected Metasploitable virtual machine at IP address 172.16.32.162 (to configure Metasploitable, use the username and password of msfadmin). The Metasploitable target is a machine attached to an internal network, protected by a firewall, and not directly connected to the Internet. Our Windows XP machine is behind the firewall (turn on Windows Firewall) with only port 80 open at IP address 172.16.32.131.