In: Computer Science
SETUP
Before you begin, we'll need to start the Icecast server to emulate the CEO's computer.
Reminders
Scope
For this week's homework, please use the following VM setup:
Attacking machine: Kali Linux root:toor
Target machine: DVW10 IEUser:Passw0rd!
NOTE: You will need to login to the DVW10 VM and start the icecast service prior to beginning this activity using the following procedure:
After logging into DVW10, type "icecast" in the Cortana search box and hit Enter.
The icecast application will launch.
Click on Start Server.
You are now ready to being the activity.
Once you complete this assignment, submit your findings in the following document:
Report.docx
You've been provided full access to the network and are getting ping responses from the CEO’s
workstation.
1. Perform a service and version scan using Nmap to determine which services are up and
running:
Run the Nmap command that performs a service and version scan against the target.
Answer:
2. From the previous step, we see that the Icecast service is running. Let's start by attacking
that service. Search for any Icecast exploits:
Lab Environment
Deliverable
Instructions
Run the SearchSploit commands to show available Icecast exploits.
Answer:
3. Now that we know which exploits are available to us, let's start Metasploit:
Run the command that starts Metasploit:
Answer:
4. Search for the Icecast module and load it for use.
Run the command to search for the Icecast module:
Answer:
Run the command to use the Icecast module:
Note: Instead of copying the entire path to the module, you can use the number in
front of it.
Answer:
5. Set the RHOST to the target machine.
Run the command that sets the RHOST :
Answer:
6. Run the Icecast exploit.
Run the command that runs the Icecast exploit.
Answer:
Run the command that performs a search for the secretfile.txt on the target.
Answer:
1. You should now have a Meterpreter session open.
Run the command to performs a search for the recipe.txt on the target:
Answer:
Bonus: Run the command that exfiltrates the recipe*.txt file:
Answer:
7. You can also use Meterpreter's local exploit suggester to find possible exploits.
Note: The exploit suggester is just that: a suggestion. Keep in mind that the listed
suggestions may not include all available exploits.
A. Run a Meterpreter post script that enumerates all logged on users.
Answer:
B. Open a Meterpreter shell and gather system information for the target.
Answer:
C. Run the command that displays the target's computer system information:
Answer:
Answer 6
***************
Exploit not run because it may have been fixed in the latest version of Icecast as this exploit was found in 2014.
Other answers are not able to give because the exploit is not working in the Icecast 2.4.4 latest version.
Thanks