Penetration Test Assessment A penetration test assessment was a requirement of a short cource on Penetration Testing from the Charles Sturt University. As part of the assessment, students were provided an ova image of a virtual machine. The virtual machine was to be the target of a penetration test, and students were expected to obtain flags for submission. A walkthrough of the assessment is presented here.
For the benefit of other students, the names and values of the flags have been redacted, and replaced with the string REDACTED
Read More →
For this walk-though I use the Metasploit framework to attempt to perform a penetration testing exercise on Metasploitable 2. I employ the following penetration testing phases: reconnaisance, threat modelling and vulnerability identification, and exploitation. Since this is a mock exercise, I leave out the pre-engagement, post-exploitation and risk analysis, and reporting phases.
Set-up This metasploitable walk-through is performed in a virtual lab environment. Two virtual machines (VMs) are used. The first is a Kali VM and the second is the Metasploitable2 VM.
Read More →
Open visualisation format (OVF) is an open standard for packaging anddistributing virtual appliances. Essentially this is meant to ensureportability of software and virtual machines across differenthypervisors, such as vmware, virtualbox, etc. However, I got an errorwhen importing an OVF file into virtualbox Version 5.0.12 r104815
“Host resource of type “Other Storage Device (20)” is supported withSATA AHCI controllers only, line 47.”
Error reading "XXXXXX.ovf": Host resource of type "Other Storage Device (20)" is supported with SATA AHCI controllers only, line 47.
Read More →
(This is an interim post and will be updated progressively. This notewill be removed once done.)
This post extends the walk-though on the initial version ofMetasploitable athttp://nkush.blogspot.com.au/2011/09/metasploitable-walkthrough.html. Itshould be noted that some commands and output may have been truncatedfor the purposes of brevity.
Set-upThe set-up included two machines in a virtual test environment usingVirtualBox. The first was a Metasploitable virtual machine (VM) and thesecond a Kali 1.
Read More →
Often times, I employ a CentOS VirtualBox virtual machine (VM) as adevelopment, testing and staging environment, I love the flexibility ofvirtual environments for testing and development work before moving mywork to production environments.
Recently I ran a yum update and yum upgrade on a CentOS 6.4 VM andsubsequently rebooted it, only to be greeted by a blank screen followingbootup. A quick search of virtual TTY terminals yielded a loginprompt.
Read More →