Overview
In this lab, you will attack a firewall and steal data over an encrypted channel. Figure 1 shows the network topology for this lab. You are using the external Kali Attack Machine on the wide area network, or WAN, to attack a web application on the network. You will use Metasploit and a Meterpreter payload to exploit a machine using an XAMPP WebDAV PHP Upload exploit. This exploit uses default WebDAV credentials on XAMPP servers. It uses supplied credentials to launch a Hypertext Preprocessor (PHP) Meterpreter payload.
outcomes:
In this lab, you will learn to:
- Use nmap/Zenmap to scan a network.
- Use metasploit/meterpreter to exploit a vulnerability on a target.
Key terms and descriptions
Kali Linux
An Advanced Penetration Testing Linux distribution designed for digital forensics and penetration testing, ethical hacking, and network security assessments.
Privilege escalation
Gaining a higher level of access (possible administrative access) from account with less permissions and rights.
Zenmap
A GUI front end for nmap; will allow you to scan for open ports and services.
Metasploit
A framework that contains exploits for various information systems.
nmap
A port scanner which will indicate whether ports are open or closed on a remote system.