Any port in a scan
Network ports are the points of entry between a computer and the internet. Even systems that use firewalls will leave various ports open so services can run. For instance, a computer designed to run as a server for Minecraft needs to leave port 25565 open.
One of the first things hackers do when connected to a network is to scan for open ports so they can try to crack the password for that service or run malicious code. As a budding pen tester, you’ll also need to scan ports of your own devices to make sure they’re not vulnerable. You’ll be using Sparta, a graphical front-end for several scanning tools. Chief amongst these is Nmap, which sends data packets to ports on the target machine. If a port is detected as open, you can also try to crack the password with Hydra, which can also be launched from within Sparta. Your target device will be the Metasploitable2 virtual machine, which is intentionally riddled with vulnerable ports so you can hone your hacking skills.
To get started, use VirtualBox to start both Kali and the MetaSploitable2 virtual machine. Log in to MetaSploitable2 with the username msfadmin, password msfadmin. Next run the command ifconfig to obtain the IP address of the Metasploitable2 virtual machine and note this down.
Return to the Kali virtual machine and open Sparta from Applications> Vulnerability Analysis. When the Sparta window opens click Add Hosts to Scope, enter the IP address of the Metasploitable2 virtual machine, then click Add to Scope. Sparta will now being to scan the Metasploitable2 virtual machine’s ports for vulnerabilities.
The Services tab of the main window will list any open ports, as well as services which run on them – for instance ssh runs on port 22. Click the Information tab for details of the operating system running on the target computer, too. This will come in handy if you want to launch any exploits, which is covered in the next section.
Take some time to look through the other tabs which detail other programs launched by Sparta. For instance, ftpdefault is a tool that automatically tries to connect to the target computer and try out a few default usernames in passwords. Here, the default passwords have worked and you can now access the machine via port 21 via the intentionally obvious password “password”.
The Nikto tab displays the results for this tool, which is designed to scan web servers for common vulnerabilities. We will explore this in more depth later but for now, read through the catalogue of security issues. Sparta also has a handy Notes tab if you want to record any of your findings.
As Metasploitable2 has so many weaknesses, accessing it shouldn’t prove a problem, but if you’re testing Sparta against one of your own machines, you may not be able to break in so easily. Return to the Services tab to list open ports and right click a service called Send to Brute. This enables you to begin the automated process of trying to crack the password for these services based on a password list.