Additional Services
In order to provide a larger attack surface for the various components of Metasploit, we will enable and install some additional services within our Windows virtual machine.
Internet Information Services (IIS) and Simple Network Management Protocol (SNMP)
To begin, navigate to the Control Panel and open 'Add or Remove Programs'. Select 'Add/Remove Windows Components' on the left-hand side.
Select the
'Internet Information Services (IIS)' checkbox and click 'Details'. Select the 'File Transfer Protocol (FTP) Service' checkbox and click 'OK'. By default, the installed IIS FTP service allows for anonymous connections.
Lastly, select the 'Management and Monitoring Tools' checkbox and click 'Details'. Ensure that both options are selected and click 'OK'. When all is ready, click 'Next' to proceed with the installation of IIS and SNMP.
There is an issue with the .NET Framework installed in the NIST virtual machine but it is easily fixed. In the Control Panel, select 'Add or Remove Programs' again, select 'Microsoft .NET Framework 2.0 Service Pack 1', and click 'Change'.
A progress window will pop up and a progress bar will be displayed and then it will close. This is normal behaviour and you can now exit the Control Panel and proceed.
SQL Server 2005 Express
We will also perform an installation of Microsoft's free SQL Server 2005 Express. This will allow us to use some of the different SQL modules in Metasploit. First, download the non-service pack version of SQL Server Express here: http://www.microsoft.com/downloads/details.aspx?familyid=220549B5-0B07-4448-8848-DCC397514B41&displaylang=en
Note that if you are using your own custom-built VM for this course, you will need to install the Windows Installer 3.1 and the .Net Framework 2.0 in order to install SQL Express.
Windows Installer 3.1: http://www.microsoft.com/downloads/details.aspx?familyid=889482FC-5F56-4A38-B838-DE776FD4138C&displaylang=en
.NET Framework 2.0 http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en
Once the installer has finished downloading, we can run it and select all of the defaults except for 'Authentication Mode'. Select 'Mixed Mode', set an 'sa' password of 'password1', and then continue on with the rest of the installation.
Once the installation is complete, we will need to make it accessible on our network. Click 'Start' -> 'All Programs' -> 'Microsoft SQL Server 2005' -> 'Configuration Tools' -> 'SQL Server Configuration Manager'. When the Configuration Manager starts up, select 'SQL Server 2005 Services', right-click 'SQL Server (SQL EXPRESS)' and select 'Stop'. Next, expand 'SQL Server 2005 Network Configuration' and select 'Protocols for SQLEXPRESS'.
Double-click 'TCP/IP', change 'Enabled' to 'Yes', and change 'Listen All' to 'No' on the 'Protocol' tab.
Next, select the 'IP Addresses' tab, and remove any entries under 'IPAll'. Under 'IP1' and 'IP2', remove any values for 'Dynamic Ports'. Both IP1 and IP2 should have 'Active' and 'Enabled' set to 'Yes'. Lastly, set the IP1 'IP Address' to your local address and set the IP2 address to 127.0.0.1. Your settings should look similar to the screenshot below. Click 'OK' when everything is set correctly.
Next, we'll enable the SQL Server Browser service. Select 'SQL Server 2005 Services' and double-click 'SQL Server Browser'. On the 'Service' tab, set the 'Start Mode' to 'Automatic' and click 'OK'.
By default, the SQL server runs under a limited-privilege account which breaks a lot of custom web applications. We will change this by double-clicking 'SQL Server (SQLEXPRESS)' and setting it to Log On as the Built-in Account 'Local System'. This can also be set by running 'services.msc'. Click 'OK' when you've finished.
With everything finally configured, right-click 'SQL Server (SQL EXPRESS) and select 'Start'. Do the same for the 'SQL Server Browser' service. You can now exit the Configuration Manager and verify that the services are listening properly by running 'netstat -ano' from a command prompt. You should see UDP port 1434 listening as well as your network IP address listening on port 1433.
© Offensive Security 2009
