More Metasploit….
A little assignment I did in college. Enjoy.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Part 1: Identify the Version and Build of the Windows System
![](https://cdn-images-1.medium.com/max/800/1*uxWsGvB9P7YiCApNn8ZkDw.png)
Part 2: Research and Identify Vulnerabilities and Exploits
![](https://cdn-images-1.medium.com/max/800/1*ZVYO1AKk0BV9V2o-BstFAg.png)
Part 3: Use Metasploit Framework to Exploit a Vulnerability
![](https://cdn-images-1.medium.com/max/800/1*EW4PyYsY5Cj_vCcqEEpkOA.png)
![](https://cdn-images-1.medium.com/max/800/1*5xISLoubwbo4v9wIYGJL2Q.png)
Part 4: Retrieve Sensitive Files
![](https://cdn-images-1.medium.com/max/800/1*jEwGw7MwZEtX9Lici7JzLA.png)
![](https://cdn-images-1.medium.com/max/800/1*2qMj1KotrY_48wQbpGf21Q.png)
Part 5: Use FTP to Extract Sensitive Information
![](https://cdn-images-1.medium.com/max/800/1*NrvxQmIGnMA587c90PahZw.png)
Part 6: Identify the Root Causes
What are some root causes of storing information in cleartext files?
- Average computer users do not know how to encrypt plaintext. Your average computer user does not know how to encrypt plaintext by using SHA-1 or MD5 hashes. They do not even know what hashes are.
What are some root causes of using an FTP service on the internal network?
- Maybe the business that is using FTP does not know any better and they think it is the most secure option. FTP lacks encryption, and automation, and is just very outdated. I would tell the business to consider SFTP instead.
What are some root causes of having anonymous login enabled on the FTP service?
- Maybe someone wants to send a person file’s anonymously, but an attacker could use this to their advantage. They could utilize the anonymous logon vulnerability to directly log on to the FTP service and upload malicious files to take system privileges, which causes data leaks.